From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: From: =?koi8-r?b?+8XOw8XXIOHMxcvTxcog98zBxMnNydLP18ne?= Organization: =?koi8-r?b?7vPy+g==?= To: ALT Linux Community Date: Wed, 5 Oct 2005 08:47:51 +0400 User-Agent: KMail/1.8.1 X-Face: 'QRI*AI~am"KKk`p4bg0l4ch1, =?koi8-r?q?=5BP=7EF=5Ew-u!q=5Bv=2EWl=24=7Bjo=7D68Zshm=25-QSKu=7C5=7D8pnQwrD?= =?koi8-r?q?=27J=0A=09=5Ex0BM=3FY=7CT?=)32~xr1='^e[i}1&jf_o/X Subject: [Comm] etcnet&masquerading&fierwall X-BeenThere: community@altlinux.ru X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ALT Linux Community List-Id: ALT Linux Community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Oct 2005 04:48:34 -0000 Archived-At: List-Archive: List-Post: --Boundary-00=_3r1QD/lHvuKiWuj Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: base64 Content-Disposition: inline MSkg7sEgz9POz9fFINPUwdTYyQpodHRwOi8vd3d3Lm9wZW5uZXQucnUvYmFzZS9uZXQvcHBwb2Vf ZmlyZXdhbGwudHh0Lmh0bWwK0M/Q0s/C2dfBzCDVINPFwtEgzsHT1NLPydTYIM3B0tvS1dTJ2sHD ycAuIPPP2sTBzCDTy9LJ0NQgKNfPINfMz9bFzsnJKS4K+sHQ1dPUycwgxcfPIMkg0M/M1d7JzDoK W3Jvb3RAZ3cgYXNoZW5dIyAuL3N0YXJ0X2luZXRfcm91dGluZwpiYXNoOiAuL3N0YXJ0X2luZXRf cm91dGluZzogUGVybWlzc2lvbiBkZW5pZWQK/tTPINUgzcXO0SDOxSDQ0sHXyczYzs8/CjIpIOEg y8HLIGFwdC1nZXQvc3luYXB0aWMg08vB2sHU2Cwg3tTPIMLZINXT1MHOz9fJzMkgzsUg1M/M2MvP IMLJzsHSztnKCiDQwcvF1Cwgzs8gySDFx88gydPIz8TOycs/Ci0tCvMg1dfB1sXOycXNLCD7xc7D xdcg4czFy9PFyiAoQVNoZW4pCgo= --Boundary-00=_3r1QD/lHvuKiWuj Content-Type: application/x-shellscript; name="start_inet_routing" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="start_inet_routing" #!/bin/sh=20 function get_addr()=20 {=20 IFCONFIG=3D'/sbin/ifconfig';=20 HEAD=3D'head -2';=20 TAIL=3D'tail -1';=20 CUT=3D'cut -d: -f2';=20 IP=3D`$IFCONFIG $1 | $HEAD | $TAIL | awk '{print $2}' | $CUT`;=20 echo $IP; }=20 ### =F5=CB=C1=D6=C9=D4=C5 =CE=C9=D6=C5 =C9=CE=D4=C5=D2=C6=C5=CA=D3, =DE=C5= =D2=C5=DA =CB=CF=D4=CF=D2=D9=CA =F7=D9 =D3=D7=D1=DA=D9=D7=C1=C5=D4=C5=D3=D8= =D3 =D0=D2=CF=D7=C1=CA=C4=C5=D2=CF=CD InetDev=3D"eth1"=20 ### =F5=CB=C1=D6=C9=D4=C5 =CE=C9=D6=C5 =C9=CE=D4=C5=D2=C6=C5=CA=D3, =DE=C5= =D2=C5=DA =CB=CF=D4=CF=D2=D9=CA Linux-=CD=C1=DB=C9=CE=C1 =D0=CF=C4=CB=CC=C0= =DE=C5=CE=C1 =CB =CC=CF=CB=C1=CC=D8=CE=CF=CA =D3=C5=D4=C9.=20 LanDev=3D"eth0"=20 ### =F5=CB=C1=D6=C9=D4=C5 =CE=C9=D6=C5 =D3=C5=D4=D8 =C4=CC=D1 LAN =CB=CC=C9= =C5=CE=D4=CF=D7.=20 LanWork=3D"192.168.2.0/24"=20 InternetIP=3D`get_addr $InetDev` InternetNet=3D$ExternalIP+"/30"=20 LanIP=3D`get_addr $LanDev`=20 LoopBack=3D"127.0.0.1"=20 Anywhere=3D"0.0.0.0/0"=20 Ports=3D"1024:65535"=20 /sbin/depmod -a /sbin/modprobe ip_conntrack /sbin/modprobe ip_tables /sbin/modprobe iptable_filter=20 /sbin/modprobe iptable_mangle=20 /sbin/modprobe iptable_nat=20 /sbin/modprobe ipt_LOG=20 /sbin/modprobe ipt_limit=20 /sbin/modprobe ipt_MASQUERADE=20 /sbin/modprobe ipt_owner=20 /sbin/modprobe ipt_REJECT=20 /sbin/modprobe ip_conntrack_ftp=20 /sbin/modprobe ip_conntrack_irc=20 /sbin/modprobe ip_nat_ftp=20 /sbin/modprobe ip_nat_irc=20 echo 1 > /proc/sys/net/ipv4/ip_forward=20 echo 1 > /proc/sys/net/ipv4/tcp_syncookies=20 for file in /proc/sys/net/ipv4/conf/*/rp_filter; do=20 echo 1 > $file=20 done=20 =20 for file in /proc/sys/net/ipv4/conf/*/accept_redirects; do=20 echo 0 > $file=20 done=20 =20 for file in /proc/sys/net/ipv4/conf/*/accept_source_route; do=20 echo 0 > $file=20 done=20 /sbin/iptables -F=20 /sbin/iptables -F -t nat=20 /sbin/iptables - N ALLOW_ICMP=20 /sbin/iptables - N ALLOW_PORTS=20 /sbin/iptables - N CHECK_FLAGS=20 /sbin/iptables - N DENY_PORTS=20 /sbin/iptables - N DST_EGRESS=20 /sbin/iptables - N KEEP_STATE=20 /sbin/iptables - N SRC_EGRESS # =F0=CF =D5=CD=CF=CC=DE=C1=CE=C9=C0 =D7=D3=C5 =D7=C8=CF=C4=D1=DD=C9=C5 =D0= =C1=CB=C5=D4=D9 =D3=C2=D2=C1=D3=D9=D7=C1=C5=CD=20 /sbin/iptables -P INPUT DROP /sbin/iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP=20 /sbin/iptables -A INPUT -j ACCEPT -s $InternetIP -d $Anywhere=20 /sbin/iptables -A INPUT -j ACCEPT -s $Anywhere -d $Anywhere -I $LanDev=20 /sbin/iptables -A INPUT -j ACCEPT -s $Anywhere -d $Anywhere -i lo=20 /sbin/iptables -A INPUT -j ACCEPT -s $Anywhere -d $Anywhere -i $InetDev -m = state --state RELATED,ESTABLISHED=20 /sbin/iptables -A INPUT -j ACCEPT -p icmp -s $Anywhere -d $Anywhere=20 /sbin/iptables -A INPUT -j ACCEPT -p udp -s $LanNet --sport 53 -d $Anywhere # =F0=CF =D5=CD=CF=CC=DE=C1=CE=C9=C0 =D7=D3=C5 =C9=D3=C8=CF=C4=D1=DD=C9=C5 = =D0=C1=CB=C5=D4=D9 =D3=C2=D2=C1=D3=D9=D7=C1=C5=CD=20 /sbin/iptables -P OUTPUT DROP=20 /sbin/iptables -A OUTPUT -j ACCEPT -s $Anywhere -d $Anywhere -o $LanDev=20 /sbin/iptables -A OUTPUT -j ACCEPT -s $Anywhere -d $InternetIP=20 /sbin/iptables -A OUTPUT -j ACCEPT -s $Anywhere -d $Anywhere -o lo=20 /sbin/iptables -A OUTPUT -j ACCEPT -s $Anywhere -d $Anywhere -o $InetDev -m= state --state RELATED,ESTABLISHED=20 /sbin/iptables -A OUTPUT -j ACCEPT -p udp -s $InternetIP -d $Anywhere --dpo= rt 53=20 /sbin/iptables -A OUTPUT -j ACCEPT -p icmp -s $Anywhere -d $Anywhere=20 /sbin/iptables -A OUTPUT -j ACCEPT -s $Anywhere -d $Anywhere -o $InetDev -m= state --state RELATED,ESTABLISHED=20 /sbin/iptables -P FORWARD ACCEPT /sbin/iptables -A FORWARD -j ACCEPT -s $Anywhere -d $Anywhere -i $LanDev=20 /sbin/iptables -A FORWARD -j ACCEPT -p icmp -s $Anywhere -d $Anywhere -i $L= anDev=20 ### =FA=C4=C5=D3=D8 =F7=D9 =CD=CF=D6=C5=D4=C5 =D7 =C2=D5=C4=D5=DD=C5=CD =D2= =C1=DA=CD=C5=D3=D4=C9=D4=D8 =CE=D5=D6=CE=D9=C5 =F7=C1=CD =D3=D4=D2=CF=CB=C9= iptables,=20 ### =CE=C1=D0=D2=C9=CD=C5=D2 =D2=C5=C4=C9=D2=C5=CB=D4 HTTP =DA=C1=D0=D2=CF= =D3=CF=D7 =CE=C1 =D0=D2=CF=CB=D3=C9 =D3=C5=D2=D7=C5=D2 Squid.=20 ## =ED=C1=D3=CB=C1=D2=C1=C4=C9=CE=C7 =CB=CC=C9=C5=CE=D4=CF=D7=20 /sbin/iptables -t nat -A POSTROUTING -j SNAT -s $LanNet -d $Anywhere -o $In= etDev --to $InternetIP=20 /sbin/iptables -t nat -A POSTROUTING -j MASQUERADE -s $LanNet -d $Anywhere = =2Do $InetDev=20 --Boundary-00=_3r1QD/lHvuKiWuj--