[ slavisac @ 10.04.2006. 23:42 ] @
| Interesuje me kako u linux boxu da odradim iptables i nat da prosledjuje sve sa jednog na drugi interfejs bez ikakvog ogranicavanja i bez zabrane bilo kog porta imam skript koji koristim ali nesto mi ne funkcionise najbolje #acivate ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward # Delete current iptable rules iptables -P INPUT ACCEPT iptables -F INPUT iptables -P OUTPUT ACCEPT iptables -F OUTPUT iptables -P FORWARD DROP iptables -F FORWARD iptables -t nat -F # Apply new rules # wlan0 na eth0 iptables -A FORWARD -i wlan0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT #obrnuto iptables -A FORWARD -i eth0 -o wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT #dsl1 iptables -A FORWARD -i dsl1 -o ppp+ -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i ppp+ -o dsl1 -j ACCEPT #wlan0 na ppp+ iptables -A FORWARD -i wlan0 -o ppp+ -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i ppp+ -o wlan0 -j ACCEPT #wlan0 na wlan2 #iptables -A FORWARD -i wlan0 -o wlan2 -m state --state ESTABLISHED,RELATED -j ACCEPT #iptables -A FORWARD -i wlan2 -o wlan0 -j ACCEPT #wlan2 na eth0 iptables -A FORWARD -i wlan2 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth0 -o wlan2 -j ACCEPT #pppoe gorward iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1534 -j TCPMSS --clamp-mss-to-pmtu iptables -A FORWARD -j LOG iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE ptables -t nat -A POSTROUTING -o dsl1 -j MASQUERADE iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE iptables -t nat -A POSTROUTING -o wlan2 -j MASQUERADE hocu da se sa interfejsa wlan2 vidi cela mrez na interfejsu eth0 i obrnuto takodje u segmentu mreze koji je nakacen na eth0 imam vpn server hocu i da omogucim da se sa wlan2 konektuju na njega. |