From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Wed, 18 Aug 2004 11:38:07 +0300 From: Michael Shigorin To: community@altlinux.ru Message-ID: <20040818083806.GT20614@osdn.org.ua> Mail-Followup-To: community@altlinux.ru References: <14511264671.20040818144349@inbox.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/Rh48Y0bnrojh5Wm" Content-Disposition: inline In-Reply-To: <14511264671.20040818144349@inbox.ru> User-Agent: Mutt/1.4.2.1i Subject: [Comm] Re: =?koi8-r?b?28zA2iDXIMvP0tDP0s/UydfOz8og08XUyQ==?= X-BeenThere: community@altlinux.ru X-Mailman-Version: 2.1.5 Precedence: list Reply-To: community@altlinux.ru List-Id: Mailing list for ALT Linux users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Aug 2004 08:38:11 -0000 Archived-At: List-Archive: List-Post: --/Rh48Y0bnrojh5Wm Content-Type: multipart/mixed; boundary="wiiWofWi8Et/oezL" Content-Disposition: inline --wiiWofWi8Et/oezL Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Aug 18, 2004 at 02:43:49PM +0900, =E9=C7=CF=D2=D8 wrote: > =ED=CE=C5 =CE=C1=C4=CF =D3=D2=CF=DE=CE=CF =CE=C1=D3=D4=D2=CF=C9=D4=D8 =DB= =CC=C0=DA, =CB=CC=C9=C5=CE=D4=D9 windows 2000/XP. > =D3=CF=C5=C4=C9=CE=C5=CE=C9=C5 =D3 =D0=D2=CF=D7=C1=CA=C4=C5=D2=CF=D2 =DE= =C5=D2=C5=DA VPN. =F0=CF=D3=D4=C1=D2=C1=CA=D4=C5=D3=D8 =CB=C1=CB =CD=CF=D6=CE=CF =CF=D0=C5=D2= =C1=D4=C9=D7=CE=C5=C5 =CE=C1=CB=C1=D4=C9=D4=D8 security updates =C4=CC=D1 =CE=C1=DE=C1=CC=C1, =DE=D4=CF =C2=D9 =CE=C9 =D5=D3=D4=C1=CE=C1=D7=CC=C9=D7= =C1=CC=C9. =F0=CF =D3=CF=C5=C4=C9=CE=C5=CE=C9=C0 =D3 ISP -- =CF=D3=CD=D9=D3=CC=C5=CE= =CE=CF =D0=D9=D4=C1=D4=D8 =D3=C1=CD=CF=C7=CF ISP, =C5=D3=CC=C9 =CB=CF=CE=D4=C9=CE=C7=C5=CE=D4 =CE=C1 =D3=D5=D0=D0=CF=D2=D4=C5 =CE=C5 =D7 = =CB=D5=D2=D3=C5 -- =D4=D2=C5=C2=CF=D7=C1=D4=D8 =C4=C5=D6=D5=D2=CE=CF=C7=CF =C1=C4=CD=C9=CE=C9=D3=D4=D2=C1=D4=CF=D2=C1, =C5=D3=CC=C9 =CE=C5=D4 -- =D4= =C5=C8=C4=C9=D2=C5=CB=D4=CF=D2=C1. =F0=CF =D2=C1=DA=C4=C1=DE=C5 =CB=CC=C9=C5=CE=D4=C1=CD -- =D0=CF=D3=CC=C5 = =D0=CF=C4=DF=C5=CD=C1 =D3=CF=C5=C4=C9=CE=C5=CE=C9=D1 =D3 =D0=D2=CF=D7=C1=CA= =C4=C5=D2=CF=CD =D3=C4=C5=CC=C1=CA=D4=C5 =D3=C5=C2=C5 NAT (=C4=CF=CB=D5=CD=C5=CE=D4=C1=C3= =C9=D1 =C7=D5=C7=CC=C9=D4=D3=D1 =D0=CF "rusty three line masquerading guide"), =D0=CF =D7=CB=D5=D3=D5 -- proxy (=D0=C1=CB=C5=D4 squi= d); =C5=C7=CF =CE=C1=C4=CF =CE=C5 =DA=C1=C2=D9=D4=D8 =EE=E5 =D7=D9=D0=D5=D3=CB=C1=D4=D8 =CE=C1=D2=D5= =D6=D5 (=D3=CD. acl =D7 /etc/squid/squid.conf =C9/=C9=CC=C9 =C6=C1=CA=D2=D7=CF=CC, =CC=D5=DE=DB=C5 =D7=CD=C5=D3=D4=C5). =ED=CF=D1 =C4=C5=D6=D5=D2=CE=C1=D1 =C2=CF=CC=D7=C1=CE=CB=C1 =D0=D2=C1=D7=C9= =CC firewall/NAT (/etc/sysconfig/iptables, =D3=CF=CF=D4=D7=C5=D4=D3=D4=D7=C5=CE=CE=CF servic= e iptables) -- attached. =F3=CD. =D4=D6. man iptables. --=20 ---- WBR, Michael Shigorin ------ Linux.Kiev http://www.linux.kiev.ua/ --wiiWofWi8Et/oezL Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=iptables # Generated by iptables-save v1.2.6a on Thu Nov 21 21:15:39 2002 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -d _REAL_IP -i eth0 -p tcp -m tcp --dport _EXT_PORT -j DNAT --to-destination _INT_HOST:_INT_PORT -A POSTROUTING -s 10.0.1.0/24 -d ! 10.0.1.0/24 -j SNAT --to-source _REAL_IP COMMIT # Completed on Thu Nov 21 21:15:39 2002 # Generated by iptables-save v1.2.6a on Thu Nov 21 21:15:39 2002 *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed on Thu Nov 21 21:15:39 2002 # Generated by iptables-save v1.2.6a on Thu Nov 21 21:15:39 2002 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :eth1-in - [0:0] :eth1-out - [0:0] :tcprules - [0:0] -A INPUT -i eth1 -j eth1-in -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT -A INPUT -s 10.0.1.0/24 -d 10.0.1.1 -i eth0 -j ACCEPT -A INPUT -s 10.0.1.0/24 -d _REAL_IP -i eth0 -j ACCEPT -A INPUT -d _REAL_IP -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -d _REAL_IP -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -d _REAL_IP -i eth0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -d _REAL_IP -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -d _REAL_IP -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -d _REAL_IP -i eth0 -p tcp -m tcp --dport 110 -j ACCEPT -A INPUT -d _REAL_IP -i eth0 -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset -A INPUT -j tcprules # block :25 to world (only through 10.0.1.1:25) -A FORWARD -s 10.0.1.0/24 -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -j tcprules -A OUTPUT -o eth1 -j eth1-out -A eth1-in -j RETURN -A eth1-out -j RETURN -A tcprules -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A tcprules -i ! eth1 -m state --state NEW -j ACCEPT -A tcprules -i eth1 -m state --state INVALID,NEW -j DROP -A tcprules -i eth1 -j REJECT --reject-with icmp-host-unreachable COMMIT # Completed on Thu Nov 21 21:15:39 2002 --wiiWofWi8Et/oezL-- --/Rh48Y0bnrojh5Wm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBIxVubsPDprYMm3IRAh5OAKCgRF3WeYvi/Nxdb1Vy7PXFYAKeXwCfRtfC VzYy0n30OcS869/qu7iH5p0= =62Bw -----END PGP SIGNATURE----- --/Rh48Y0bnrojh5Wm--