Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user-ru

From: Mad Deer <mad-deer@××××.ru>
To: gentoo-user-ru@l.g.o
Subject: Re: [gentoo-user-ru] Настройка NAT
Date: Sun, 20 Nov 2005 00:15:01
Message-Id: 437FBFCE.7090206@mail.ru
In Reply to: [gentoo-user-ru] Настройка NAT by Maxim Ivanov
1 Maxim Ivanov ÐÉÛÅÔ:
2 > óÏÂÒÁÌ ÄÏÍÁ ×ÔÏÒÏÊ ËÏÍÐ É ×ÏÔ ÔÅÐÅÒØ ÂÁÌÕÀÓØ Ó ÎÁÓÔÒÏÊËÁÍÉ ÓÅÔÉ × Linux. ôÁË É
3 > ÎÅ ÓÍÏÇ ÎÁÓÔÒÏÉÔØ NAT. é ÔÁË ÞÔÏ ÍÙ ÉÍÅÅÍ:
4 >
5 > ëÏÍÐØÀÔÅÒ Ó Gentoo É ×ÙÈÏÄÏÍ × ÉÎÅÔ:
6 > eth0 = 192.168.0.2/24
7 > eth1 = adsl
8 > ppp0 = 10.1.12.5
9 >
10 > ÷ÔÏÒÏÊ ËÏÍÐ:
11 > IP = 192.168.0.1/24
12 > GATEWAY = 192.168.0.2
13 > DNS = IP ÁÄÒÅÓÁ DNS ÐÒÏ×ÁÊÄÅÒÁ
14 >
15 > ÓËÒÉÐÔ ÆÁÅÒ×ÏÌÁ:
16 > # Interface to Internet
17 > EXTIF=ppp+
18 >
19 > ANY=0.0.0.0/0
20 >
21 > iptables -P INPUT ACCEPT
22 > iptables -P OUTPUT ACCEPT
23 > iptables -P FORWARD DROP
24 >
25 > iptables -F FORWARD
26 > iptables -F INPUT
27 > iptables -F OUTPUT
28 > iptables -t nat -F POSTROUTING
29 >
30 > # Deny TCP and UDP packets to privileged ports
31 > iptables -A INPUT -i $EXTIF -d $ANY -p udp --dport 0:1023 -j LOG
32 > iptables -A INPUT -i $EXTIF -d $ANY -p udp --dport 0:1023 -j DROP
33 > iptables -A INPUT -i $EXTIF -d $ANY -p tcp --dport 0:1023 -j LOG
34 > iptables -A INPUT -i $EXTIF -d $ANY -p tcp --dport 0:1023 -j DROP
35 >
36 > # Deny TCP connection attempts
37 > iptables -A INPUT -i $EXTIF -p tcp --dccp-types SYNC -j LOG
38 > iptables -A INPUT -i $EXTIF -p tcp --dccp-types SYNC -j DROP
39 >
40 > # Deny ICMP echo-requests
41 >
42 > # Do masquerading
43 > iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o $EXTIF -j MASQUERADE
44 > echo 1 > /proc/sys/net/ipv4/ip_forward
45 >
46 > ÷ ÉÔÏÇÅ ÓÏ ×ÔÏÒÏÇÏ ËÏÍÐÁ ÐÉÎÇÕÅÔ ppp0, ÎÏ ×ÓÅ ÞÔÏ ÄÁÌØÛÅ (ÎÁÐÒÉÍÅÒ DNS
47 > ÐÒÏ×ÁÊÄÅÒÁ) - ÎÅÔ.
48 Õ ÔÅÂÑ ×ÅÄØ ÐÏ ÕÍÏÌÞÁÎÉÀ iptables -P FORWARD DROP
49 Á ACCEPT ÄÌÑ ÎÅÇÏ ÎÅÔ. ÎÁÄÏ ÅÝ£
50
51 $IPTABLES -A FORWARD -i eth0 -j ACCEPT
52 $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
53
54 Á ×ÏÔ ÜÔÏ
55 > iptables -P INPUT ACCEPT
56 ÌÕÞÛÅ ÎÁ DROP ÓÄÅÌÁÊ. ÔÙ ÖÅ ÅÇÏ ÚÁËÒÙ×ÁÔØ ÆÁÊÅÒ×ÏÌÏÍ ÄÏÌÖÅÎ, Á ÔÙ ÎÁÏÂÏÒÏÔ ÏÔËÒÙ×ÁÅÛØ.
57 --
58 äÁ ÚÄÒÁ×ÓÔ×ÕÅÔ ÔÏ, ÂÌÁÇÏÄÁÒÑ ÞÅÍÕ ÍÙ, ÎÅÓÍÏÔÒÑ ÎÉ ÎÁ ÞÔÏ.(c) úÁÄÏÒÎÏ×
59 Registered Linux User #317544
60 Linux 2.6.14.2 i686 AMD Athlon(tm) XP 2200+
61 --
62 gentoo-user-ru@g.o mailing list

Replies

Subject Author
Re: [gentoo-user-ru] Настройка NAT Maxim Ivanov <redbaron@××××.ru>
Report Message
Find on MARC Find on Google Groups