Comment activer routage firewall
Fermé
doudou50000
Messages postés
1
Date d'inscription
dimanche 13 janvier 2013
Statut
Membre
Dernière intervention
13 janvier 2013
-
13 janv. 2013 à 22:45
bobiwan45 - 13 janv. 2013 à 22:47
bobiwan45 - 13 janv. 2013 à 22:47
A voir également:
- Comment activer routage firewall
- Comment activer windows 10 - Guide
- Comment activer chromecast sur tv - Guide
- Comment activer le pavé tactile sans souris - Guide
- Activer office gratuitement - Guide
- Cle pour activer windows 10 gratuitement - Guide
1 réponse
#!bin/bash
if_wan='eth0'
if_lan='eth1'
if_lo='lo'
local='10.10.10.0/24'
client='10.10.10.10'
internet='192.168.1.10'
prof='192.168.1.100'
ftp='21'
ftp2='20'
http='80'
proxy='8080'
ssh='22'
dns='53'
https='443'
print='192.168.1.150'
#######VIDER TABLE ET CHAINE
for i in raw mangle nat filter
do
iptables -t $i -F
done
for j in INPUT OUTPUT FORWARD
do
iptables -F $j
iptables -P $j DROP
iptables -A $j -m state --state ESTABLISHED,RELATED -j ACCEPT
done
echo "0" >>/proc/sys/net/ipv4/ip_forward
##########AUTORISER LA BOUCLE LOCALE
iptables -t filter -A OUTPUT -o $if_lo -j ACCEPT
iptables -t filter -A INPUT -i $if_lo -j ACCEPT
##########Autoriser le PING
iptables -A INPUT -i $if_lan -s $local -m icmp -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -m icmp -p icmp --icmp-type echo-request -j ACCEPT
##########SSH
iptables -A INPUT -i $if_wan -s $prof -m tcp -p tcp --dport $ssh -j ACCEPT
###PING VERS INTERNET
iptables -A FORWARD -i $if_lan -s $local -m icmp -p icmp --icmp-type echo-request -j ACCEPT
##### AUTORISER INTERNET for the client
iptables -A FORWARD -i $if_lan -s $local -m tcp -p tcp --dport $http -j ACCEPT
iptables -A FORWARD -i $if_lan -s $local -m tcp -p tcp --dport $https -j ACCEPT
iptables -A FORWARD -i $if_lan -s $local -m tcp -p tcp --dport $dns -j ACCEPT
iptables -A FORWARD -i $if_lan -s $local -m udp -p udp --dport $dns -j ACCEPT
#### FTP
modprobe ip_conntrack_ftp
iptables -A INPUT -m tcp -p tcp --dport $ftp -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport $ftp2 -j ACCEPT
iptables -A OUTPUT -m tcp -p tcp --dport $ftp -j ACCEPT
iptables -A OUTPUT -m tcp -p tcp --dport $ftp2 -j ACCEPT
#### APT-GET
iptables -A OUTPUT -o $if_wan -p tcp -m tcp --dport $http -j ACCEPT
iptables -A OUTPUT -o $if_wan -p tcp -m tcp --dport $dns -j ACCEPT
iptables -A OUTPUT -o $if_wan -p udp -m udp --dport $dns -j ACCEPT
####
## Activation du routage
echo "1">>/proc/sys/net/ipv4/ip_forward
#### AUTORISE LE NAT
iptables -t nat -A POSTROUTING -o $if_wan -j MASQUERADE
if_wan='eth0'
if_lan='eth1'
if_lo='lo'
local='10.10.10.0/24'
client='10.10.10.10'
internet='192.168.1.10'
prof='192.168.1.100'
ftp='21'
ftp2='20'
http='80'
proxy='8080'
ssh='22'
dns='53'
https='443'
print='192.168.1.150'
#######VIDER TABLE ET CHAINE
for i in raw mangle nat filter
do
iptables -t $i -F
done
for j in INPUT OUTPUT FORWARD
do
iptables -F $j
iptables -P $j DROP
iptables -A $j -m state --state ESTABLISHED,RELATED -j ACCEPT
done
echo "0" >>/proc/sys/net/ipv4/ip_forward
##########AUTORISER LA BOUCLE LOCALE
iptables -t filter -A OUTPUT -o $if_lo -j ACCEPT
iptables -t filter -A INPUT -i $if_lo -j ACCEPT
##########Autoriser le PING
iptables -A INPUT -i $if_lan -s $local -m icmp -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -m icmp -p icmp --icmp-type echo-request -j ACCEPT
##########SSH
iptables -A INPUT -i $if_wan -s $prof -m tcp -p tcp --dport $ssh -j ACCEPT
###PING VERS INTERNET
iptables -A FORWARD -i $if_lan -s $local -m icmp -p icmp --icmp-type echo-request -j ACCEPT
##### AUTORISER INTERNET for the client
iptables -A FORWARD -i $if_lan -s $local -m tcp -p tcp --dport $http -j ACCEPT
iptables -A FORWARD -i $if_lan -s $local -m tcp -p tcp --dport $https -j ACCEPT
iptables -A FORWARD -i $if_lan -s $local -m tcp -p tcp --dport $dns -j ACCEPT
iptables -A FORWARD -i $if_lan -s $local -m udp -p udp --dport $dns -j ACCEPT
#### FTP
modprobe ip_conntrack_ftp
iptables -A INPUT -m tcp -p tcp --dport $ftp -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport $ftp2 -j ACCEPT
iptables -A OUTPUT -m tcp -p tcp --dport $ftp -j ACCEPT
iptables -A OUTPUT -m tcp -p tcp --dport $ftp2 -j ACCEPT
#### APT-GET
iptables -A OUTPUT -o $if_wan -p tcp -m tcp --dport $http -j ACCEPT
iptables -A OUTPUT -o $if_wan -p tcp -m tcp --dport $dns -j ACCEPT
iptables -A OUTPUT -o $if_wan -p udp -m udp --dport $dns -j ACCEPT
####
## Activation du routage
echo "1">>/proc/sys/net/ipv4/ip_forward
#### AUTORISE LE NAT
iptables -t nat -A POSTROUTING -o $if_wan -j MASQUERADE