* [mdk-re] Mandrake 7.2 routing question
@ 2001-01-21 16:35 Albert R. Valiev
0 siblings, 0 replies; only message in thread
From: Albert R. Valiev @ 2001-01-21 16:35 UTC (permalink / raw)
To: mandrake-russian; +Cc: root
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 6607 bytes --]
ñ ÕÖÅ ÐÉÓÁÌ ÓÅÇÏÄÎÑ ÐÉÓØÍÏ, ÎÏ ÐÏÈÏÖÅ, ÞÔÏ ÏÎÏ ÎÅ ÐÒÏÛÌÏ...
× ÏÂÝÅÍ ÔÁËÁÑ ÓÉÔÕÁÃÉÑ: ÍÁÛÉÎÁ (LNX MNDRK 7.2 -kernel 2.2.17) ,
ÎÁ ÎÅÊ ÔÒÉ ÉÎÔÅÒÆÅÊÓÁ (ppp0, eth0, eth1).
ppp0 - ËÁÎÁÌ × ÉÎÅÔ. eth1 - ÏÆÉÓÎÁÑ ÓÅÔËÁ, eth0 - ÓÅÔØ Ó ÓÅÒ×ÅÒÁÍÉ.
ÓÁÍÁ ÍÁÛÉÎÁ, ËÁË ÕÖÅ ×ÓÅ ÐÏÎÑÌÉ, ÍÁÒÛÒÕÔÉÚÁÔÏÒ.
ÐÒÏÂÌÅÍÕ Ó ÒÁÕÔÉÎÇÏÍ Ñ ÒÅÛÉÌ, ÏÓÔÁÌÁÓØ ÏÄÎÁ ÐÒÏÂÌÅÍÁ - Á ÉÍÅÎÎÏ:
ÓÅÒ×ÅÒÁ ×Ï ×ÔÏÒÏÊ ÓÅÔËÅ ÎÅ ÉÍÅÀÔ ÒÅÁÌØÎÙÈ ÁÄÒÅÓÏ×, ÔÏÌØËÏ fake (10.10.10.xxx). ÍÁÒÛÒÕÔÉÚÁÔÏÒ ÖÅ ÉÍÅÅÔ ÎÅÓËÏÌØËÏ ÒÅÁÌØÎÙÈ ÁÄÒÅÓÏ× É ÐÏ ÉÄÅÅ ÄÏÌÖÅÎ ÐÅÒÅÂÒÁÓÙ×ÁÔØ ÐÒÉÈÏÄÑÝÉÅ ÎÁ ÏÐÒÅÄÅÌÅÎÎÙÊ ÁÄÒÅÓ:ÐÏÒÔ ÐÁËÅÔÙ × ÓÅÔËÕ ÒÁÍÉ. × ÐÒÉÎÃÉÐÅ ÏÓÎÏ×ÎÏ ÓÅÒ×ÅÒ ÉÍÅÅÔ ÎÅËÏÌØËÏ ÒÅÁÌØÎÙÈ ÁÄÒÅÓÏ×, ÎÏ ÜÔÏ É ÎÅ×ÁÖÎÏ - ÍÎÅ ÂÙ ÏÓÔÁÌÏÓØ ÎÁÓÔÒÏÉÔØ ÔÏÌØËÏ ÒÅÄÉÒÅËÔ... ×ÏÔ ÍÏÊ rc.firewall, ÐÏÓÍÏÔÒÉÔÅ, ÅÓÌÉ ÞÔÏ-ÔÏ, ÐÏ ×ÁÛÅÍÕ, ËÒÉ×Ï, ÐÏÓÏ×ÅÔÕÊÔÅ, ÞÔÏ ÔÕÔ ÍÏÖÎÏ ÓÄÅÌÁÔØ. ÄÁ, ÑÄÒÏ ÓËÏÍÐÉÌÉÒÏ×ÁÎÏ Ó ÐÏÄÄÅÒÖËÏÊ IP-masq, ip-portfw, ip-firewalling, etc. (ÓÏ ×ÓÅÍÉ ÏÐÃÉÑÍÉ, ÞÔÏ ÂÙÌÉ × ip-msquared^[[D^[[ howto . ÐÏÔÏÍÕ ËÁË Ñ ÓÄÅÌÁÌ ×ÓÅ ×ÒÏÄÅ ÂÙ ÔÁË, ËÁË ÎÕÖÎÏ, ÔÏÞÎÅÅ ÔÁË, ËÁË ÂÙÌÏ ÏÐÉÓÁÎÏ × howto, ÎÏ ÎÉÞÅÇÏ ÎÅ ×ÙÛÌÏ... ÌÁÄÎÏ ÐÒÏËÓÉ ÔÒÁÎÓÐÁÒÅÎÔÎÙÊ ÚÁÒÁÂÏÔÁÌ :))).
/etc/rc.d/rc.firewall script:
---------------------------Cut HERE------------------------------------------
# Mandrake-Security : if you remove this comment, remove the next line too.
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_masq_debug
echo 1 > /proc/sys/net/ipv4/ip_forward
ipmasqadm portfw -f
ipmasqadm portfw -a -P tcp -L 213.165.222.1 25 -R 10.10.10.11 25 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.3 25 -R 10.10.10.12 25 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.1 110 -R 10.10.10.11 110 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.3 110 -R 10.10.10.12 110 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.1 143 -R 10.10.10.11 143 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.3 143 -R 10.10.10.12 143 -p 1
ipmasqadm portfw -a -P tcp -L 10.1.2.1 25 -R 10.10.10.11 25 -p 1
ipmasqadm portfw -a -P tcp -L 10.1.2.1 110 -R 10.10.10.11 110 -p 1
ipmasqadm portfw -a -P tcp -L 10.1.2.1 143 -R 10.10.10.11 143 -p 1
ipmasqadm portfw -a -P tcp -L 10.10.10.10 25 -R 10.10.10.11 25 -p 1
ipmasqadm portfw -a -P tcp -L 10.10.10.10 110 -R 10.10.10.11 110 -p 1
ipmasqadm portfw -a -P tcp -L 10.10.10.10 143 -R 10.10.10.11 143 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.1 21 -R 10.10.10.11 21 -p 1
ipmasqadm portfw -a -P tcp -L 195.239.134.209 80 -R 10.10.10.11 80 -p 1
ipmasqadm portfw -a -P tcp -L 195.239.134.210 80 -R 10.10.10.12 80 -p 1
ipchains -M -S 7200 10 60
ipchains -F input
ipchains -F output
ipchains -F forward
ipchains -A input -i eth0 -s 195.239.134.0/255.255.255.240 -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -i eth0 -s 10.10.10.0/24 -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -i eth0 -s 213.165.222.0/255.255.255.224 -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -i eth1 -s 10.1.2.0/24 -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -i ppp0 -s 0.0.0.0/0 -j ACCEPT
ipchains -A input -i ppp1 -s 0.0.0.0/0 -j ACCEPT
ipchains -A input -i ppp0 -s 10.10.10.0/24 -j REJECT
ipchains -A input -i ppp0 -s 10.1.2.0/24 -j REJECT
ipchains -A input -i ppp1 -s 10.10.10.0/24 -j REJECT
ipchains -A input -i ppp1 -s 10.1.2.0/24 -j REJECT
ipchains -A input -i eth0 -p tcp -d 0.0.0.0/0 80 -j REDIRECT 3128
#ipchains -A input -i eth0 -p tcp -d 0.0.0.0/0 21 -j REDIRECT 3128
ipchains -A input -i eth1 -p tcp -d 0.0.0.0/0 80 -j REDIRECT 3128
#ipchains -A input -i eth1 -p tcp -d 0.0.0.0/0 21 -j REDIRECT 3128
ipchains -A output -i eth1 -s 213.165.222.3/255.255.255.255 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -s 213.165.222.1/255.255.255.255 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -p tcp -s 213.165.222.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -p udp -s 213.165.222.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -p tcp -s 10.10.10.11/255.255.255.255 25 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A output -i eth1 -p tcp -s 10.10.10.11/255.255.255.255 110 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A output -i eth1 -p tcp -s 10.10.10.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -p udp -s 10.10.10.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -s 10.10.10.5/255.255.255.255 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A output -i eth1 -s 213.165.222.5/255.255.255.255 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A output -s 0.0.0.0/0 -j ACCEPT
ipchains -A forward -s 10.10.10.0/24 -d 10.1.2.0/24 -j ACCEPT
ipchains -A forward -s 213.165.222.0/255.255.255.224 -d 10.1.2.0/24 -j ACCEPT
ipchains -A forward -s 195.239.134.0/255.255.255.240 -d 10.1.2.0/24 -j ACCEPT
ipchains -A forward -s 10.1.2.0/24 -d 213.165.222.0/255.255.255.224 -j ACCEPT
ipchains -A forward -s 195.239.134.0/255.255.255.240 -d 0.0.0.0/0 -j ACCEPT
ipchains -A forward -s 213.165.222.0/255.255.255.224 -d 0.0.0.0/0 -j ACCEPT
ipchains -A forward -s 213.165.222.3/255.255.255.255 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -s 213.165.222.1/255.255.255.255 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -s 0.0.0.0/0 -d 195.239.134.0/28 -j ACCEPT
ipchains -A forward -s 0.0.0.0/0 -d 213.165.222.0/27 -j ACCEPT
ipchains -A forward -p tcp -s 213.165.222.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -p udp -s 213.165.222.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -p tcp -s 10.10.10.11/255.255.255.255 25 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A forward -p tcp -s 10.10.10.11/255.255.255.255 110 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A forward -p tcp -s 10.10.10.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -p udp -s 10.10.10.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -s 10.10.10.5/255.255.255.255 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A forward -s 213.165.222.5/255.255.255.255 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A forward -s 10.10.10.0/24 -d 0.0.0.0/0 -j MASQ
ipchains -A forward -s 10.1.2.0/24 -d 0.0.0.0/0 -j MASQ
---------------------------Cut HERE------------------------------------------
ÄÁ, ÐÏ ÈÏÄÕ ÄÅÌÁ, ÔÁË ÓËÁÚÁÔØ, ÅÝÅ ×ÏÐÒÏÓÉË - transparent proxy - ÏÎ ÔÏÌØËÏ ÄÌÑ http, É ×ÓÅ? Á ×ÏÚÍÏÖÎÏ ÌÉ ftp ÔÁËÖÅ ÐÕÓÔÉÔØ?
ó ÎÁÉÌÕÞÛÉÍÉ ÐÏÖÅÌÁÎÉÑÍÉ, áÌØÂÅÒÔ ÷ÁÌÉÅ×
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2001-01-21 16:35 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-01-21 16:35 [mdk-re] Mandrake 7.2 routing question Albert R. Valiev
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git