abilitare NFS con iptables

To: debian-italian@lists.debian.org
Subject: abilitare NFS con iptables
From: Francesco Piano <fr.pianoX@virgilio.it>
Date: Tue, 7 Oct 2003 18:19:17 +0200
Message-id: <[🔎] 20031007181917.2fb5131b.fr.pianoX@virgilio.it>

Ciao, sto utilizzando il firewall pubblicato sullo speciale di linux&C
34 ma con questo attivo non riesco a montare un filesystem remoto
tramite NFS. Quancuno puo' spiegarmi cosa dovrei abilitare a con
IPTABLES per questo protocollo? Riporto il firewall

Grazie

#!/bin/bash

LOCALIF="eth0"
INTERNALNET="192.168.0.0/24"
EXTERNALIF="ppp0"
REMOTENET="0/0"
IPTABLES="/sbin/iptables"

# -- Flush everything, start from scratch -

echo -n "Flushing rulesets.."

# Rules from the filter chains

$IPTABLES -F
echo -n "."

#Rules from the mangle chains
$IPTABLES -t mangle -F

echo "Done!"

#Set up the Filter chains
echo -n "Filter chains.."

#Set filter chains default policy ti DROP
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

echo -n "..."
#First of all, drop unclean packages
$IPTABLES -A INPUT -m unclean -j DROP
echo -n "."
#Then drop spoofed packets
$IPTABLES -A INPUT -s $INTERNALNET -i $EXTERNALIF -j DROP
echo -n "."

#Allow the firewall con connect to 0/0, and to accept ssh connections
from LAN

$IPTABLES -A INPUT -s $INTERNALNET -i $LOCALIF -p tcp -m tcp --dport 22
-j ACCEPT$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j
ACCEPT$IPTABLES -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j
ACCEPT echo -n "..."

#Protect the firewall from icmp DoS

#$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 8 -m length --length
128:65535 -j DROP$IPTABLES -A INPUT -p icmp -s $INTERNALNET -j ACCEPT 
echo -n "."

#This is  mandatory to route an ethernet LAN to a PPOE connection
$IPTABLES -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu echo -n "."

#Set up forward chain, to allow connection from  LAN to 0/0
$IPTABLES -A FORWARD -i $EXTERNALIF -m state --state RELATED,ESTABLISHED
-j ACCEPT$IPTABLES -A FORWARD -i $LOCALIF -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT echo -n ".."

#Protect LAN from icmp DoS
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 8 -m length --length
128:65535 -j DROP echo -n "."

echo "Done!"

#Set up nat chains
echo -n "Nat chains.."

#Set up Masquerading
$IPTABLES -t nat -I POSTROUTING -s $INTERNALNET -o $EXTERNALIF -j
MASQUERADE

echo -n "."

#This section manipulate the type of service (TOS) bits of the packet.
#Minimize Delay
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp -m multiport --dports
21,22,23,80 -j TOS --set-tos 0x10 echo -n "."

#Maximize-Throughput

$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp -m multiport --dports
20,8080 -j TOS --set-tos 0x08 echo -n "."

#Maximize-Realibility
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --dport 53 -j TOS
--set-tos 0x04 echo -n "."
echo "Done!"
 

-- 
Francesco Piano
----> Remove X from address to answer me <-----

Reply to:

Follow-Ups:
- Re: abilitare NFS con iptables
  - From: getting_out <getting_out@libero.it>
- Re: abilitare NFS con iptables
  - From: Mattia Dongili <dongili@supereva.it>

Prev by Date: Re: Problemi galeon e mozilla (e Java)
Next by Date: Re: StartX
Previous by thread: Re: Problemi galeon e mozilla (e Java)
Next by thread: Re: abilitare NFS con iptables
Index(es):
- Date
- Thread