Re: iptables 2

To: "Debian.User-Spanish" <debian-user-spanish@lists.debian.org>
Subject: Re: iptables 2
From: "Wcom" <christian@debian-potato.com.ar>
Date: Sat, 10 May 2003 14:12:31 -0300
Message-id: <[🔎] 010901c31717$58404700$0401a8c0@velconet.com.ar>
References: <[🔎] 135d01c3163d$2cada720$0401a8c0@velconet.com.ar> <[🔎] 20030509155439.GB751@escomposlinux.org> <[🔎] 138b01c3165d$2244a700$0401a8c0@velconet.com.ar> <[🔎] 20030509220027.GA12382@viac3>

ok

#!/bin/bash
IP='iptables'

$IP -F
$IP -t nat -F

# arranco IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

$IP -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$IP -t nat -A POSTROUTING -d ! 10.129.16.0/24 -j MASQUERADE
$IP -A FORWARD -s 10.129.16.0/24 -j ACCEPT
$IP -A FORWARD -d 10.129.16.0/24 -j ACCEPT
$IP -A FORWARD -s ! 10.129.16.0/24 -j DROP

$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 20 -j DNAT --to
10.129.16.201:20
$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 21 -j DNAT --to
10.129.16.201:21
$IP -A PREROUTING -t nat -p udp -d 200.68.69.163 --dport 21 -j DNAT --to
10.129.16.201:21
$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 23 -j DNAT --to
10.129.16.201:23
$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 25 -j DNAT --to
10.129.16.201:25
$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 53 -j DNAT --to
10.129.16.201:53
$IP -A PREROUTING -t nat -p udp -d 200.68.69.163 --dport 53 -j DNAT --to
10.129.16.201:53
$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 80 -j DNAT --to
10.129.16.201:80
$IP -A PREROUTING -t nat -p udp -d 200.68.69.163 --dport 80 -j DNAT --to
10.129.16.201:80
$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 110 -j DNAT --to
10.129.16.201:110
$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 143 -j DNAT --to
10.129.16.201:143
$IP -A PREROUTING -t nat -p tcp -d 200.68.69.163 --dport 5631 -j DNAT --to
10.129.16.201:5631

$IP -A INPUT -i eth0 --protocol udp --source-port 9 -j DROP
$IP -A INPUT -i eth0 --protocol udp --destination-port 9 -j DROP
$IP -A INPUT -i eth0 --protocol tcp --source-port 9 -j DROP
$IP -A INPUT -i eth0 --protocol tcp --destination-port 9 -j DROP
$IP -A INPUT -i eth0 --protocol udp --source-port 13 -j DROP
$IP -A INPUT -i eth0 --protocol udp --destination-port 13 -j DROP
$IP -A INPUT -i eth0 --protocol tcp --source-port 13 -j DROP
$IP -A INPUT -i eth0 --protocol tcp --destination-port 13 -j DROP
$IP -A INPUT -i eth0 --protocol udp --source-port 37 -j DROP
$IP -A INPUT -i eth0 --protocol udp --destination-port 37 -j DROP
$IP -A INPUT -i eth0 --protocol tcp --source-port 37 -j DROP
$IP -A INPUT -i eth0 --protocol tcp --destination-port 37 -j DROP

Esto es lo que agrgue para que no se pueda usar el kazaa y overnet y otras
yerbas y no me funciona
#ULTIMO
$IP -I FORWARD -p tcp --dport 1200:1299 -j REJECT
$IP -I FORWARD -p udp --dport 1200:1299 -j REJECT
$IP -I FORWARD -p tcp --dport 4600:4700 -j REJECT
$IP -I FORWARD -p udp --dport 4600:4700 -j REJECT
$IP -A FORWARD -d 213.248.112.0/24 -j DROP
$IP -A FORWARD -d 206.142.53.0/24 -j DROP
$IP -A INPUT -i eth1 --protocol udp --source-port 1200:1299 -j DROP
$IP -A INPUT -i eth1 --protocol udp --destination-port 1200:1299 -j DROP
$IP -A INPUT -i eth1 --protocol tcp --source-port 1200:1299 -j DROP
$IP -A INPUT -i eth1 --protocol tcp --destination-port 1200:1299 -j DROP
$IP -A INPUT -i eth1 --protocol udp --source-port 4600:4700 -j DROP
$IP -A INPUT -i eth1 --protocol udp --destination-port 4600:4700 -j DROP
$IP -A INPUT -i eth1 --protocol tcp --source-port 4600:4700 -j DROP
$IP -A INPUT -i eth1 --protocol tcp --destination-port 4600:4700 -j DROP
$IP -I FORWARD -p tcp --dport 1200:1299 -j REJECT
$IP -I FORWARD -p udp --dport 1200:1299 -j REJECT
$IP -I FORWARD -p tcp --dport 4600:4700 -j REJECT
$IP -I FORWARD -p udp --dport 4600:4700 -j REJECT
$IP -A FORWARD -d 213.248.112.0/24 -j DROP
$IP -A FORWARD -d 206.142.53.0/24 -j DROP
$IP -A FORWARD -d 209.25.178.0/24 -j DROP
$IP -A FORWARD -d 64.124.41.0/24 -j DROP
$IP -A FORWARD -d 209.61.186.0/24 -j DROP
$IP -A FORWARD -d 64.49.201.0/24 -j DROP
$IP -A FORWARD -d 216.35.208.0/24 -j DROP



"Sólo el conocimiento nos hace libres"

----- Original Message ----- 
From: "Celso González" <mitago@ono.com>
To: "Wcom" <christian@debian-potato.com.ar>
Cc: <debian-user-spanish@lists.debian.org>
Sent: Friday, May 09, 2003 7:00 PM
Subject: Re: iptables 2


> On Fri, May 09, 2003 at 03:59:34PM -0300, Wcom wrote:
> > me podrias dar una mano que no puedo hacerlo funcar y me tiene loco de
que
> > me morfen el caño.
>
> Pastea todo el script de iptables
> No sabemos si estas haciendo nat, que otras reglas tienes definidas,
> etc..
>
> Un saludo
>
> -- 
> Celso
>
>
> -- 
> To UNSUBSCRIBE, email to debian-user-spanish-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>

Reply to:

Follow-Ups:
- Re: iptables 2
  - From: Celso González <celso@mitago.net>

References:
- iptables 2
  - From: "Wcom" <christian@debian-potato.com.ar>
- Re: iptables 2
  - From: Emilio Santos <unikoke@appleseed.escomposlinux.org>
- Re: iptables 2
  - From: "Wcom" <christian@debian-potato.com.ar>
- Re: iptables 2
  - From: Celso González <mitago@ono.com>

Prev by Date: Re: Navegación
Next by Date: Pregunta sobre sid
Previous by thread: Re: iptables 2
Next by thread: Re: iptables 2
Index(es):
- Date
- Thread