Vorlage Diskussion:Projekt71

Aus Freifunk Leipzig
Wechseln zu: Navigation, Suche

FIrewall/NAT 71-1

         iptables -t nat -A POSTROUTING -o tap0 -s 192.168.1.0/255.255.255.0 -j MASQUERADE
             iptables -t nat -A POSTROUTING -o tap1 -s 192.168.1.0/255.255.255.0 -j MASQUERADE
                   iptables -t nat -A POSTROUTING -o tun0 -s 192.168.1.0/255.255.255.0 -j MASQUERADE
                           iptables -t nat -A POSTROUTING -o tun1 -s 192.168.1.0/255.255.255.0 -j MASQUERADE


                           iptables -I INPUT -i tap0 -j ACCEPT
                           iptables -I OUTPUT -o tap0 -j ACCEPT
                           iptables -I FORWARD -i tap0 -o eth1 -j ACCEPT
                           iptables -t nat -A POSTROUTING -o tap0 -s 192.168.1.0/255.255.255.0 -j MASQUERADE
                           iptables -t nat -A POSTROUTING -o vlan1 -s 192.168.1.0/255.255.255.0 -j MASQUERADE
                           iptables -I FORWARD -i eth1 -o tap0 -j ACCEPT

                            iptables -t nat -A POSTROUTING -o br0 -s 104.0.0.0/8 -j MASQUERADE
                             iptables -t nat -A PREROUTING -d 104.61.71.1 -p tcp --dport 443 -j DNAT --to 192.168.1.2:443
                              iptables -t nat -A PREROUTING -d 104.61.71.1 -p tcp --dport 8080 -j DNAT --to 192.168.1.2:8080
                               iptables -t nat -A PREROUTING -d 104.61.71.1 -p tcp --dport 8000 -j DNAT --to 192.168.1.2:8000
                                iptables -t nat -A PREROUTING -d 104.61.71.1 -p udp --dport 5071 -j DNAT --to 192.168.1.2:5071
                                 iptables -t nat -A PREROUTING -d 104.61.71.1 -p tcp --dport 137 -j DNAT --to 192.168.1.2:137
                                  iptables -t nat -A PREROUTING -d 104.61.71.1 -p tcp --dport 139 -j DNAT --to 192.168.1.2:139
                                   iptables -t nat -A PREROUTING -d 104.61.71.1 -p tcp --dport 222 -j DNAT --to 192.168.1.2:22
                                   iptables -t nat -A PREROUTING -d 104.61.71.1 -p tcp --dport 119 -j DNAT --to 192.168.1.2:119

                                    iptables -t nat -A PREROUTING -d 104.61.71.1 -p tcp --dport 88 -j DNAT --to 192.168.1.15:80
                                     iptables -t nat -A PREROUTING -d 104.61.71.1 -p tcp --dport 8888 -j DNAT --to 192.168.1.15:8000
                                      iptables -t nat -A PREROUTING -d 104.61.71.1 -p tcp --dport 8880 -j DNAT --to 192.168.1.15:8001
                                       #iptables -t nat -A POSTROUTING -o tun0  -j MASQUERADE
                                        iptables -t nat -I POSTROUTING -d ! 104.0.0.0/8 -o tun0 -j MASQUERADE

                                         #iptables -t nat -A POSTROUTING -o tap0  -j MASQUERADE
                                          iptables -t nat -A POSTROUTING -s 10.203.0.0/16 -o eth1  -j MASQUERADE
                                          iptables -t nat -A POSTROUTING -s 10.203.0.0/16 -o vlan1  -j MASQUERADE
                                           iptables -t nat -A POSTROUTING -s 10.203.0.0/16 -o tap0  -j MASQUERADE
                                            iptables -t nat -A POSTROUTING -s 10.203.0.0/16 -o tap1  -j MASQUERADE
        iptables -t nat -I POSTROUTING -s 192.168.1.254 -d 192.168.1.2 -j MASQUERADE

                                             iptables -F