konfigurece IPTABLES

[Peter Surda]

On Fri, Apr 18, 2003 at 07:29:12AM +0200, Jaroslav Linhart wrote:
> Vážení můžete mi poradit,
cau

> potřebuji nad IPTABLES měření funguje mi pokud dám do skriptu  firewallu
> takto
[cut]

> $IPTABLES -A FORWARD -i eth1 -j ACCEPT
> $IPTABLES -A FORWARD -i eth2 -j ACCEPT
> 
> $IPTABLES -A FORWARD -d 192.168.1.0/24 -j ACCEPT
> $IPTABLES -A FORWARD -d 192.168.3.0/24 -j ACCEPT
> $IPTABLES -A FORWARD -d 192.168.X.0/24 -j ACCEPT
> 
> $IPTABLES -A FORWARD -p TCP -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A FORWARD -p UDP -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
> 
> $IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[cut]

Vysvetlenie: akykolvek target ukonci traverzovanie chainu (okrem jumpov na ine
chainy, v tom pripade po vrateni sa pokracuje dalej). Ked chces nieco merat,
pouzi pravidlo bez targetu.

----------- man ipchains --------------------------
-j, --jump target
	This  specifies  the  target  of  the  rule; i.e., what to do if the
	packet matches it. The target can be a user- defined chain (other than
	the one this rule is in), one of the special builtin targets which
	decide  the fate of the  packet immediately, or an extension (see
	EXTENSIONS below).  If this option is omitted in a rule, then match­
	ing the rule will have no effect on the packet's fate, but the
	counters on the rule will be incremented.
----------- man ipchains --------------------------

Bye,

Peter Surda (Shurdeek) <shurdeek na panorama.sth.ac.at>, ICQ 10236103, +436505122023

--
                            rm -f /bin/laden
------------- další část ---------------
A non-text attachment was scrubbed...
Name: [žádný popis není k dispozici]
Type: application/pgp-signature
Size: 240 bytes
Desc: [žádný popis není k dispozici]
URL: <http://www.linux.cz/pipermail/linux/attachments/20030418/3d5eb3f2/attachment.sig>