Comment activer routage firewall

doudou50000 Messages postés 1 Date d'inscription   Statut Membre Dernière intervention   -  
 bobiwan45 -
Bonjour,

comment activer routage firewall?? merci

1 réponse

  1. bobiwan45
     
    #!bin/bash
    if_wan='eth0'
    if_lan='eth1'
    if_lo='lo'
    local='10.10.10.0/24'
    client='10.10.10.10'
    internet='192.168.1.10'
    prof='192.168.1.100'
    ftp='21'
    ftp2='20'
    http='80'
    proxy='8080'
    ssh='22'
    dns='53'
    https='443'
    print='192.168.1.150'
    #######VIDER TABLE ET CHAINE
    for i in raw mangle nat filter
    do
    iptables -t $i -F
    done

    for j in INPUT OUTPUT FORWARD
    do
    iptables -F $j
    iptables -P $j DROP
    iptables -A $j -m state --state ESTABLISHED,RELATED -j ACCEPT
    done

    echo "0" >>/proc/sys/net/ipv4/ip_forward

    ##########AUTORISER LA BOUCLE LOCALE
    iptables -t filter -A OUTPUT -o $if_lo -j ACCEPT
    iptables -t filter -A INPUT -i $if_lo -j ACCEPT

    ##########Autoriser le PING
    iptables -A INPUT -i $if_lan -s $local -m icmp -p icmp --icmp-type echo-request -j ACCEPT
    iptables -A OUTPUT -m icmp -p icmp --icmp-type echo-request -j ACCEPT
    ##########SSH
    iptables -A INPUT -i $if_wan -s $prof -m tcp -p tcp --dport $ssh -j ACCEPT

    ###PING VERS INTERNET
    iptables -A FORWARD -i $if_lan -s $local -m icmp -p icmp --icmp-type echo-request -j ACCEPT

    ##### AUTORISER INTERNET for the client

    iptables -A FORWARD -i $if_lan -s $local -m tcp -p tcp --dport $http -j ACCEPT
    iptables -A FORWARD -i $if_lan -s $local -m tcp -p tcp --dport $https -j ACCEPT
    iptables -A FORWARD -i $if_lan -s $local -m tcp -p tcp --dport $dns -j ACCEPT
    iptables -A FORWARD -i $if_lan -s $local -m udp -p udp --dport $dns -j ACCEPT
    #### FTP
    modprobe ip_conntrack_ftp
    iptables -A INPUT -m tcp -p tcp --dport $ftp -j ACCEPT
    iptables -A INPUT -m tcp -p tcp --dport $ftp2 -j ACCEPT
    iptables -A OUTPUT -m tcp -p tcp --dport $ftp -j ACCEPT
    iptables -A OUTPUT -m tcp -p tcp --dport $ftp2 -j ACCEPT
    #### APT-GET
    iptables -A OUTPUT -o $if_wan -p tcp -m tcp --dport $http -j ACCEPT
    iptables -A OUTPUT -o $if_wan -p tcp -m tcp --dport $dns -j ACCEPT
    iptables -A OUTPUT -o $if_wan -p udp -m udp --dport $dns -j ACCEPT
    ####

    ## Activation du routage
    echo "1">>/proc/sys/net/ipv4/ip_forward

    #### AUTORISE LE NAT
    iptables -t nat -A POSTROUTING -o $if_wan -j MASQUERADE
    0