Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
Za pomoc=B1 portfwd zrobi=B3em przekierowanie =
port=F3w z zewnatrz na =
lokaln=B1 maszynke w sieci LAN na port 3389..teraz =
uniemozliwi=E6 innym niz okreslony adres ip =
powinienem dopisa=E6 do skryptu firewalla w =
ustawic bo prubowa=B3em ju=BF kilku sposob=F3w =
ale niestety jak do t=B1d =
bez rezultatu.
Pozdr=F3wka=20
HOM
-- Attached file included as plaintext by Listar =
--
-- File: firewall.txt
# Skrypt konfiguracyjny Firewall'a
# eth 0 = Publick IP
# eth 1 = Local IP range
echo 1 > /proc/sys/net/ipv4/ip_forward
ipchains -F input
ipchains -F output
ipchains -F forward
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward DENY
# IP
ip=moje publiczne ip
ip1=adres ip admina /telnet/
# FLUSH
ipchains -A input -p tcp -s 0/0 1024:65535 -d ${ip} =
1:65535 -j DENY -i eth0
ipchains -A output -p tcp -s 0/0 1024:65535 -d ${ip} =
1:65535 -j DENY -i eth0
# PERMINT
ipchains -I input -p tcp -s 0/0 1024:65535 -d ${ip} =
20 -j ACCEPT -i eth0 # FTP-DATA
ipchains -I output -p tcp -s 0/0 1024:65535 -d ${ip} =
20 -j ACCEPT -i eth0 # FTP-DATA
ipchains -I input -p tcp -s 0/0 1024:65535 -d ${ip} =
21 -j ACCEPT -i eth0 # FTP
ipchains -I output -p tcp -s 0/0 1024:65535 -d ${ip} =
21 -j ACCEPT -i eth0 # FTP
ipchains -I input -p tcp -s 0/0 1024:65535 -d ${ip} =
22 -j ACCEPT -i eth0 # SSH
ipchains -I output -p tcp -s 0/0 1024:65535 -d ${ip} =
22 -j ACCEPT -i eth0 # SSH
ipchains -I input -p tcp -s 0/0 1024:65535 -d ${ip} =
25 -j ACCEPT -i eth0 # SMTP - MAIL
ipchains -I output -p tcp -s 0/0 1024:65535 -d ${ip} =
25 -j ACCEPT -i eth0 # SMTP - MAIL
ipchains -I input -p tcp -s 0/0 1024:65535 -d ${ip} =
53 -j ACCEPT -i eth0 # NAMESERVER
ipchains -I output -p tcp -s 0/0 1024:65535 -d ${ip} =
53 -j ACCEPT -i eth0 # NAMESERVER
ipchains -I input -p tcp -s 0/0 1024:65535 -d ${ip} =
80 -j ACCEPT -i eth0 # HTTP
ipchains -I output -p tcp -s 0/0 1024:65535 -d ${ip} =
80 -j ACCEPT -i eth0 # HTTP
ipchains -I input -p tcp -s 0/0 1024:65535 -d ${ip} =
110 -j ACCEPT -i eth0 # POP3 - MAIL
ipchains -I output -p tcp -s 0/0 1024:65535 -d ${ip} =
110 -j ACCEPT -i eth0 # POP3 - MAIL
ipchains -I input -p tcp -s 0/0 1024:65535 -d ${ip} =
1024:6000 -j ACCEPT -i eth0 # FTP
ipchains -I output -p tcp -s 0/0 1024:65535 -d ${ip} =
1024:6000 -j ACCEPT -i eth0 # FTP
# 3389 dozwolone
ipchains -A input -p tcp -s 195.117.30.196 1024:66565 =
-d ${ip} 3389 -j ACCEPT
ipchains -A input -p tcp -s 0/0 -d ${ip} 3389 -j =
DENY
# IRC
# ipchains -I input -p tcp -s 0/0 1024:65535 -d ${ip} =
4000 -j ACCEPT -i eth0 # ICQ
# ipchains -I output -p tcp -s 0/0 1024:65535 -d =
${ip} 4000 -j ACCEPT -i eth0 # ICQ
# ipchains -I input -p tcp -s 0/0 1024:65535 -d ${ip} =
6667 -j ACCEPT -i eth0 # IRC
# ipchains -I output -p tcp -s 0/0 1024:65535 -d =
${ip} 6667 -j ACCEPT -i eth0 # IRC
# Aby działał poprawnie FTP powinny być jeszcze =
odblokowane następujšce porty:
# WEBMIN/TELNET
#ipchains -I input -p tcp -s ${ip1} -d ${ip} 23 -j =
ACCEPT -i eth0 # TELNET
#ipchains -I output -p tcp -s ${ip1} -d ${ip} 23 -j =
ACCEPT -i eth0 # TELNET
#ipchains -I input -p tcp -s ${ip1} -d ${ip} 10000 -j =
ACCEPT -i eth0 # WEBMIN
#ipchains -I output -p tcp -s ${ip1} -d ${ip} 10000 =
-j ACCEPT -i eth0 # WEBMIN
# BANY
# ipchains -I input -p tcp -s 192.168.0.0 1024:65535 =
-d 0/0 6667 -j REJECT
# ipchains -I output -p tcp -s 192.168.0.0 1024:65535 =
-d 0/0 6667 -j REJECT
# ipchains -I input -p tcp -s 192.168.0.0 1024:65535 =
-d 0/0 25 -j REJECT
# ipchains -I output -p tcp -s 192.168.0.0 1024:65535 =
-d 0/0 25 -j REJECT
# ipchains -I input -p tcp -s 192.168.0.0 1024:65535 =
-d 0/0 110 -j REJECT
# ipchains -I output -p tcp -s 192.168.0.0 1024:65535 =
-d 0/0 110 -j REJECT
# MASQ
ipchains -A forward -s 192.168.0.0/24 -j MASQ
# Pinga
echo 1 > =
/proc/sys/net/ipv4/icmp_echo_ignore_all
# REDIRECT
# IPCHAINS -A input -p tcp -s 192.168.0.0/24 -d =
0.0.0.0/0 80 -j REDIRECT 8080