Re: iptables 2

Sat, 10 May 2003 12:31:05 -0500 

ok

#!/bin/bash
IP='iptables'

$IP -F
$IP -t nat -F

# arranco IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

$IP -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$IP -t nat -A POSTROUTING -d ! 10.129.16.0/24 -j MASQUERADE
$IP -A FORWARD -s 10.129.16.0/24 -j ACCEPT
$IP -A FORWARD -d 10.129.16.0/24 -j ACCEPT
$IP -A FORWARD -s ! 10.129.16.0/24 -j DROP

$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 20 -j DNAT --to
10.129.16.201:20
$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 21 -j DNAT --to
10.129.16.201:21
$IP -A PREROUTING -t nat -p udp -d 200.68.69.163 --dport 21 -j DNAT --to
10.129.16.201:21
$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 23 -j DNAT --to
10.129.16.201:23
$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 25 -j DNAT --to
10.129.16.201:25
$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 53 -j DNAT --to
10.129.16.201:53
$IP -A PREROUTING -t nat -p udp -d 200.68.69.163 --dport 53 -j DNAT --to
10.129.16.201:53
$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 80 -j DNAT --to
10.129.16.201:80
$IP -A PREROUTING -t nat -p udp -d 200.68.69.163 --dport 80 -j DNAT --to
10.129.16.201:80
$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 110 -j DNAT --to
10.129.16.201:110
$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 143 -j DNAT --to
10.129.16.201:143
$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 5631 -j DNAT --to
10.129.16.201:5631

$IP -A INPUT -i eth0 --protocol udp --source-port 9 -j DROP
$IP -A INPUT -i eth0 --protocol udp --destination-port 9 -j DROP
$IP -A INPUT -i eth0 --protocol tcp --source-port 9 -j DROP
$IP -A INPUT -i eth0 --protocol tcp --destination-port 9 -j DROP
$IP -A INPUT -i eth0 --protocol udp --source-port 13 -j DROP
$IP -A INPUT -i eth0 --protocol udp --destination-port 13 -j DROP
$IP -A INPUT -i eth0 --protocol tcp --source-port 13 -j DROP
$IP -A INPUT -i eth0 --protocol tcp --destination-port 13 -j DROP
$IP -A INPUT -i eth0 --protocol udp --source-port 37 -j DROP
$IP -A INPUT -i eth0 --protocol udp --destination-port 37 -j DROP
$IP -A INPUT -i eth0 --protocol tcp --source-port 37 -j DROP
$IP -A INPUT -i eth0 --protocol tcp --destination-port 37 -j DROP

Esto es lo que agrgue para que no se pueda usar el kazaa y overnet y otras
yerbas y no me funciona
#ULTIMO
$IP -I FORWARD -p tcp --dport 1200:1299 -j REJECT
$IP -I FORWARD -p udp --dport 1200:1299 -j REJECT
$IP -I FORWARD -p tcp --dport 4600:4700 -j REJECT
$IP -I FORWARD -p udp --dport 4600:4700 -j REJECT
$IP -A FORWARD -d 213.248.112.0/24 -j DROP
$IP -A FORWARD -d 206.142.53.0/24 -j DROP
$IP -A INPUT -i eth1 --protocol udp --source-port 1200:1299 -j DROP
$IP -A INPUT -i eth1 --protocol udp --destination-port 1200:1299 -j DROP
$IP -A INPUT -i eth1 --protocol tcp --source-port 1200:1299 -j DROP
$IP -A INPUT -i eth1 --protocol tcp --destination-port 1200:1299 -j DROP
$IP -A INPUT -i eth1 --protocol udp --source-port 4600:4700 -j DROP
$IP -A INPUT -i eth1 --protocol udp --destination-port 4600:4700 -j DROP
$IP -A INPUT -i eth1 --protocol tcp --source-port 4600:4700 -j DROP
$IP -A INPUT -i eth1 --protocol tcp --destination-port 4600:4700 -j DROP
$IP -I FORWARD -p tcp --dport 1200:1299 -j REJECT
$IP -I FORWARD -p udp --dport 1200:1299 -j REJECT
$IP -I FORWARD -p tcp --dport 4600:4700 -j REJECT
$IP -I FORWARD -p udp --dport 4600:4700 -j REJECT
$IP -A FORWARD -d 213.248.112.0/24 -j DROP
$IP -A FORWARD -d 206.142.53.0/24 -j DROP
$IP -A FORWARD -d 209.25.178.0/24 -j DROP
$IP -A FORWARD -d 64.124.41.0/24 -j DROP
$IP -A FORWARD -d 209.61.186.0/24 -j DROP
$IP -A FORWARD -d 64.49.201.0/24 -j DROP
$IP -A FORWARD -d 216.35.208.0/24 -j DROP



"Sólo el conocimiento nos hace libres"

----- Original Message ----- 
From: "Celso González" <[EMAIL PROTECTED]>
To: "Wcom" <[EMAIL PROTECTED]>
Cc: <debian-user-spanish@lists.debian.org>
Sent: Friday, May 09, 2003 7:00 PM
Subject: Re: iptables 2


> On Fri, May 09, 2003 at 03:59:34PM -0300, Wcom wrote:
> > me podrias dar una mano que no puedo hacerlo funcar y me tiene loco de
que
> > me morfen el caño.
>
> Pastea todo el script de iptables
> No sabemos si estas haciendo nat, que otras reglas tienes definidas,
> etc..
>
> Un saludo
>
> -- 
> Celso
>
>
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>

Responder a