presmerovani komunikace do interni site

[Vymazal Milan]

Zdravim

diky moc za vsechny namety ale jsem z toho nejak zmatenej..

otestoval jsem vsechno co jste mi radili ale stejnak to nechodi...

Mohl by jste mi tedy negdo pomoci predelat tenhle muj script na
nastaveni routovani tak aby to bylo

1. bezpecne
2. abych pozil SNAT ( jak mi to radili)
3. Abych vyresil problem s tim forwardovani Terminal services 3389 do
interni site.

iptables -F
iptables -t nat -F

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -p ICMP -i eth0 --icmp-type 0 -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 --icmp-type 3 -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 --icmp-type 11 -j ACCEPT 

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -i eth1 -j ACCEPT
iptables -A OUTPUT -o eth1 -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp -j ACCEPT
iptables -A OUTPUT -o eth0 -p icmp -j ACCEPT

iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s 192.168.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s 62.23.23.23 -j ACCEPT

iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A INPUT -i eth0 -p udp --sport 53 -j ACCEPT
iptables -A FORWARD -i eth0 -p udp --sport 53 -j ACCEPT

Diky moc


S pozdravem
  
 Milan Vymazal