faq Ierakstīts Septembris 10, 2005 Share Ierakstīts Septembris 10, 2005 Tikko tiku galaa ar ruuteri, tagad gribu dazhus portus aizsuutiit uz lokaalo. Izpeetiiju iptablju manuaaljus e.t.c. meegjinaajumi notika shaadaa veidaa 1. iptables -t nat -A PREROUTING -p tcp -i eth1 -d 85.115.100.xxx --dport 4012 -j DNAT --to 192.168.0.2:4012 (uc porti) negrib stradaat. 2. iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 1000:10000 -j DNAT --to-destination 192.168.2 iptables -A FORWARD -s 192.168.0.2 -p tcp --dport 1000:10000 -j ACCEPT Ne viens ne otrs variants negrib straadaat. Kas varetu buut par auzaam? Varbuut ir kaads cits portfw variants? (Gribu active DC ))) Added eth1 EXT Link to comment Share on other sites More sharing options...
kiwi Septembris 10, 2005 Share Septembris 10, 2005 $IPTABLES -t nat -A PREROUTING -i eth0 -p udp --dport 1234 -j DNAT --to $MYIP:1234 Kurš tev iekšējais un ārējāis interface? Augstākminētais ir, kad eth0 ir Internet IP un eth1 utt. lokālais. Link to comment Share on other sites More sharing options...
faq Septembris 13, 2005 Author Share Septembris 13, 2005 Vells vinju zin kas par auzaam. Ieksheejais eth0, aareejais eth1. Novaacu vispaar firewall, izmeegjinaaju visaadus variantus. Negrib neparko stradaat. Kaadas veel ir idejas? firewalls man ir taads Link to comment Share on other sites More sharing options...
faq Septembris 21, 2005 Author Share Septembris 21, 2005 Jaa, to jau es peec instalaacijas nochmodoju. Pie velna neiet. Un nav citas kastes uz kaa pameegjinaat. Link to comment Share on other sites More sharing options...
Guest inx Septembris 23, 2005 Share Septembris 23, 2005 # Generated by iptables-save v1.3.0 on Fri Aug 26 12:36:25 2005 *nat :OUTPUT ACCEPT [79:7460] :POSTROUTING ACCEPT [79:7460] :PREROUTING ACCEPT [577:60431] -A POSTROUTING -m mark --mark 0x9 -j MASQUERADE COMMIT # Completed on Fri Aug 26 12:36:25 2005 # Generated by iptables-save v1.3.0 on Fri Aug 26 12:36:25 2005 *mangle :FORWARD ACCEPT [13926:7574493] :INPUT ACCEPT [8267:1046821] :OUTPUT ACCEPT [7144:999751] :POSTROUTING ACCEPT [21078:8576124] :PREROUTING ACCEPT [22193:8621314] -A PREROUTING -i eth1 -j MARK --set-mark 0x9 -A PREROUTING -i eth2 -j MARK --set-mark 0x9 COMMIT # Completed on Fri Aug 26 12:36:25 2005 # Generated by iptables-save v1.3.0 on Fri Aug 26 12:36:25 2005 *filter :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [7145:1000327] :RH-Firewall-1-INPUT - [0:0] -A FORWARD -j RH-Firewall-1-INPUT -A INPUT -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -i eth1 -j ACCEPT -A RH-Firewall-1-INPUT -i eth2 -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT -A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Fri Aug 26 12:36:25 2005 man ir triis NIC un viss griezhas ar shaadu konfu. apsti, vai tev GW ir pareizi salikti (#netstat -nr). kaa tev tiek daliitas IP adreses? vai ifcfg-eth(x) tev ir pareizi. proxy rules apsti. squidaa vispaar siikumus tikai vaig - neko daudz. utt. (juuzoju FC4)[/code] Link to comment Share on other sites More sharing options...
Recommended Posts
Izveido kontu, vai pieraksties esošajā, lai komentētu
Jums ir jābūt šī foruma biedram, lai varētu komentēt tēmas
Izveidot jaunu kontu
Piereģistrējies un izveido jaunu kontu, tas būs viegli!
Reģistrēt jaunu kontuPierakstīties
Jums jau ir konts? Pierakstieties tajā šeit!
Pierakstīties tagad!