-
April 4th, 2002, 05:48 AM
#21
Senior Member
i'll try to copy and paste some iptables firewall rules for this later on.
regards,
mark.
\'hi, welcome to *****. if you would like to speak to an operator, please hang up now.\'
* click *
-
April 10th, 2002, 11:16 AM
#22
Senior Member
ok, this is very messy, and brief, incomplete, as it is just bits from my own firewall rules which i cannot post in total, etc.. but here are some important parts of the firewall rule. i would still recommend for you to read the manuals on this one. btw... is your IP address static?
regards,
mark.
# location of iptables binary
IPT=/sbin/iptables
INT_IFACE="eth0" # internal interface
EXT_IFACE="eth1" # external interface
LOOPBACK_IFACE="lo" # loopback interface
PRIV_PORTS="0:1023"
UNPRIV_PORTS="1024:65535"
# allow packets from internal network (unprivileged ports)
$IPT -A INPUT -i eth0 -d 192.168.0.0/24 -p tcp --dport $UNPRIV_PORTS -j ACCEPT
# allow packets to internal network (privileged ports)
$IPT -A OUTPUT -o eth0 -d 192.168.0.0/24 -p tcp --dport $PRIV_PORTS -j ACCEPT
# change source IP of packets
$IPT -t nat -A POSTROUTING -o $EXT_IFACE -j SNAT --to <your static IP address>
# output using unprivileged ports
$IPT -A OUTPUT -o $EXT_IFACE -p tcp --dport $UNPRIV_PORTS -j ACCEPT
# enabled ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
\'hi, welcome to *****. if you would like to speak to an operator, please hang up now.\'
* click *
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|