公司iptables配置(eMule, nat, forward, input, output, state)(1)
公司iptables配置(eMule, nat, forward, input, output, state)(1)
公司iptables配置如下:
这里是公司目前iptables的配置(eth0是内网,eth1接ADSL):
- # Generated by iptables-save v1.2.8 on Sun Nov 25 16:13:01 2007
- *filter
- :INPUT DROP [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j DROP
- -A INPUT -i lo -j ACCEPT
- -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
- -A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT
- -A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
- -A INPUT -i eth0 -p tcp -m tcp --dport 139 -j ACCEPT
- -A INPUT -i eth0 -p tcp -m tcp --dport 445 -j ACCEPT
- -A INPUT -i eth0 -p tcp -m tcp --dport 123 -j ACCEPT
- -A INPUT -i eth0 -p udp -m udp --dport 123 -j ACCEPT
- -A INPUT -m state --state ESTABLISHED -j ACCEPT
- -A OUTPUT -o lo -j ACCEPT
- -A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT
- -A OUTPUT -p udp -m udp --sport 53 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --sport 139 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --sport 445 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --sport 123 -j ACCEPT
- -A OUTPUT -p udp -m udp --sport 123 -j ACCEPT
- COMMIT
- # Completed on Sun Nov 25 16:13:01 2007
- # Generated by iptables-save v1.2.8 on Sun Nov 25 16:13:01 2007
- *nat
- :PREROUTING ACCEPT [3:162]
- :POSTROUTING ACCEPT [1:108]
- :OUTPUT ACCEPT [1:108]
- -A PREROUTING -i ppp0 -p tcp -m tcp --dport 7559 -j DNAT --to-destination 192.168.0.10:7559
- -A PREROUTING -i ppp0 -p udp -m udp --dport 7569 -j DNAT --to-destination 192.168.0.10:7569
- -A PREROUTING -i ppp0 -p tcp -m tcp --dport 28145 -j DNAT --to-destination 192.168.0.10:28145
- -A PREROUTING -i ppp0 -p udp -m udp --dport 28145 -j DNAT --to-destination 192.168.0.10:28145
- -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o ppp0 -j MASQUERADE
- COMMIT
- # Completed on Sun Nov 25 16:13:01 2007
评论暂时关闭