abilitare NFS con iptables
Ciao, sto utilizzando il firewall pubblicato sullo speciale di linux&C
34 ma con questo attivo non riesco a montare un filesystem remoto
tramite NFS. Quancuno puo' spiegarmi cosa dovrei abilitare a con
IPTABLES per questo protocollo? Riporto il firewall
Grazie
#!/bin/bash
LOCALIF="eth0"
INTERNALNET="192.168.0.0/24"
EXTERNALIF="ppp0"
REMOTENET="0/0"
IPTABLES="/sbin/iptables"
# -- Flush everything, start from scratch -
echo -n "Flushing rulesets.."
# Rules from the filter chains
$IPTABLES -F
echo -n "."
#Rules from the mangle chains
$IPTABLES -t mangle -F
echo "Done!"
#Set up the Filter chains
echo -n "Filter chains.."
#Set filter chains default policy ti DROP
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
echo -n "..."
#First of all, drop unclean packages
$IPTABLES -A INPUT -m unclean -j DROP
echo -n "."
#Then drop spoofed packets
$IPTABLES -A INPUT -s $INTERNALNET -i $EXTERNALIF -j DROP
echo -n "."
#Allow the firewall con connect to 0/0, and to accept ssh connections
from LAN
$IPTABLES -A INPUT -s $INTERNALNET -i $LOCALIF -p tcp -m tcp --dport 22
-j ACCEPT$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j
ACCEPT$IPTABLES -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j
ACCEPT echo -n "..."
#Protect the firewall from icmp DoS
#$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 8 -m length --length
128:65535 -j DROP$IPTABLES -A INPUT -p icmp -s $INTERNALNET -j ACCEPT
echo -n "."
#This is mandatory to route an ethernet LAN to a PPOE connection
$IPTABLES -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu echo -n "."
#Set up forward chain, to allow connection from LAN to 0/0
$IPTABLES -A FORWARD -i $EXTERNALIF -m state --state RELATED,ESTABLISHED
-j ACCEPT$IPTABLES -A FORWARD -i $LOCALIF -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT echo -n ".."
#Protect LAN from icmp DoS
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 8 -m length --length
128:65535 -j DROP echo -n "."
echo "Done!"
#Set up nat chains
echo -n "Nat chains.."
#Set up Masquerading
$IPTABLES -t nat -I POSTROUTING -s $INTERNALNET -o $EXTERNALIF -j
MASQUERADE
echo -n "."
#This section manipulate the type of service (TOS) bits of the packet.
#Minimize Delay
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp -m multiport --dports
21,22,23,80 -j TOS --set-tos 0x10 echo -n "."
#Maximize-Throughput
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp -m multiport --dports
20,8080 -j TOS --set-tos 0x08 echo -n "."
#Maximize-Realibility
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --dport 53 -j TOS
--set-tos 0x04 echo -n "."
echo "Done!"
--
Francesco Piano
----> Remove X from address to answer me <-----
Reply to: