| 1 |
óÏÂÒÁÌ ÄÏÍÁ ×ÔÏÒÏÊ ËÏÍÐ É ×ÏÔ ÔÅÐÅÒØ ÂÁÌÕÀÓØ Ó ÎÁÓÔÒÏÊËÁÍÉ ÓÅÔÉ × Linux. ôÁË É
|
| 2 |
ÎÅ ÓÍÏÇ ÎÁÓÔÒÏÉÔØ NAT. é ÔÁË ÞÔÏ ÍÙ ÉÍÅÅÍ:
|
| 3 |
|
| 4 |
ëÏÍÐØÀÔÅÒ Ó Gentoo É ×ÙÈÏÄÏÍ × ÉÎÅÔ:
|
| 5 |
eth0 = 192.168.0.2/24
|
| 6 |
eth1 = adsl
|
| 7 |
ppp0 = 10.1.12.5
|
| 8 |
|
| 9 |
÷ÔÏÒÏÊ ËÏÍÐ:
|
| 10 |
IP = 192.168.0.1/24
|
| 11 |
GATEWAY = 192.168.0.2
|
| 12 |
DNS = IP ÁÄÒÅÓÁ DNS ÐÒÏ×ÁÊÄÅÒÁ
|
| 13 |
|
| 14 |
ÓËÒÉÐÔ ÆÁÅÒ×ÏÌÁ:
|
| 15 |
# Interface to Internet
|
| 16 |
EXTIF=ppp+
|
| 17 |
|
| 18 |
ANY=0.0.0.0/0
|
| 19 |
|
| 20 |
iptables -P INPUT ACCEPT
|
| 21 |
iptables -P OUTPUT ACCEPT
|
| 22 |
iptables -P FORWARD DROP
|
| 23 |
|
| 24 |
iptables -F FORWARD
|
| 25 |
iptables -F INPUT
|
| 26 |
iptables -F OUTPUT
|
| 27 |
iptables -t nat -F POSTROUTING
|
| 28 |
|
| 29 |
# Deny TCP and UDP packets to privileged ports
|
| 30 |
iptables -A INPUT -i $EXTIF -d $ANY -p udp --dport 0:1023 -j LOG
|
| 31 |
iptables -A INPUT -i $EXTIF -d $ANY -p udp --dport 0:1023 -j DROP
|
| 32 |
iptables -A INPUT -i $EXTIF -d $ANY -p tcp --dport 0:1023 -j LOG
|
| 33 |
iptables -A INPUT -i $EXTIF -d $ANY -p tcp --dport 0:1023 -j DROP
|
| 34 |
|
| 35 |
# Deny TCP connection attempts
|
| 36 |
iptables -A INPUT -i $EXTIF -p tcp --dccp-types SYNC -j LOG
|
| 37 |
iptables -A INPUT -i $EXTIF -p tcp --dccp-types SYNC -j DROP
|
| 38 |
|
| 39 |
# Deny ICMP echo-requests
|
| 40 |
|
| 41 |
# Do masquerading
|
| 42 |
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o $EXTIF -j MASQUERADE
|
| 43 |
echo 1 > /proc/sys/net/ipv4/ip_forward
|
| 44 |
|
| 45 |
÷ ÉÔÏÇÅ ÓÏ ×ÔÏÒÏÇÏ ËÏÍÐÁ ÐÉÎÇÕÅÔ ppp0, ÎÏ ×ÓÅ ÞÔÏ ÄÁÌØÛÅ (ÎÁÐÒÉÍÅÒ DNS
|
| 46 |
ÐÒÏ×ÁÊÄÅÒÁ) - ÎÅÔ.
|
| 47 |
--
|
| 48 |
Maxim Ivanov <redbaron@××××.ru>
|
| 49 |
|
| 50 |
|
| 51 |
--
|
| 52 |
gentoo-user-ru@g.o mailing list |
Archives