1 |
óÏÂÒÁÌ ÄÏÍÁ ×ÔÏÒÏÊ ËÏÍÐ É ×ÏÔ ÔÅÐÅÒØ ÂÁÌÕÀÓØ Ó ÎÁÓÔÒÏÊËÁÍÉ ÓÅÔÉ × Linux. ôÁË É
|
2 |
ÎÅ ÓÍÏÇ ÎÁÓÔÒÏÉÔØ NAT. é ÔÁË ÞÔÏ ÍÙ ÉÍÅÅÍ:
|
3 |
|
4 |
ëÏÍÐØÀÔÅÒ Ó Gentoo É ×ÙÈÏÄÏÍ × ÉÎÅÔ:
|
5 |
eth0 = 192.168.0.2/24
|
6 |
eth1 = adsl
|
7 |
ppp0 = 10.1.12.5
|
8 |
|
9 |
÷ÔÏÒÏÊ ËÏÍÐ:
|
10 |
IP = 192.168.0.1/24
|
11 |
GATEWAY = 192.168.0.2
|
12 |
DNS = IP ÁÄÒÅÓÁ DNS ÐÒÏ×ÁÊÄÅÒÁ
|
13 |
|
14 |
ÓËÒÉÐÔ ÆÁÅÒ×ÏÌÁ:
|
15 |
# Interface to Internet
|
16 |
EXTIF=ppp+
|
17 |
|
18 |
ANY=0.0.0.0/0
|
19 |
|
20 |
iptables -P INPUT ACCEPT
|
21 |
iptables -P OUTPUT ACCEPT
|
22 |
iptables -P FORWARD DROP
|
23 |
|
24 |
iptables -F FORWARD
|
25 |
iptables -F INPUT
|
26 |
iptables -F OUTPUT
|
27 |
iptables -t nat -F POSTROUTING
|
28 |
|
29 |
# Deny TCP and UDP packets to privileged ports
|
30 |
iptables -A INPUT -i $EXTIF -d $ANY -p udp --dport 0:1023 -j LOG
|
31 |
iptables -A INPUT -i $EXTIF -d $ANY -p udp --dport 0:1023 -j DROP
|
32 |
iptables -A INPUT -i $EXTIF -d $ANY -p tcp --dport 0:1023 -j LOG
|
33 |
iptables -A INPUT -i $EXTIF -d $ANY -p tcp --dport 0:1023 -j DROP
|
34 |
|
35 |
# Deny TCP connection attempts
|
36 |
iptables -A INPUT -i $EXTIF -p tcp --dccp-types SYNC -j LOG
|
37 |
iptables -A INPUT -i $EXTIF -p tcp --dccp-types SYNC -j DROP
|
38 |
|
39 |
# Deny ICMP echo-requests
|
40 |
|
41 |
# Do masquerading
|
42 |
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o $EXTIF -j MASQUERADE
|
43 |
echo 1 > /proc/sys/net/ipv4/ip_forward
|
44 |
|
45 |
÷ ÉÔÏÇÅ ÓÏ ×ÔÏÒÏÇÏ ËÏÍÐÁ ÐÉÎÇÕÅÔ ppp0, ÎÏ ×ÓÅ ÞÔÏ ÄÁÌØÛÅ (ÎÁÐÒÉÍÅÒ DNS
|
46 |
ÐÒÏ×ÁÊÄÅÒÁ) - ÎÅÔ.
|
47 |
--
|
48 |
Maxim Ivanov <redbaron@××××.ru>
|
49 |
|
50 |
|
51 |
--
|
52 |
gentoo-user-ru@g.o mailing list |