Witam wszystkich , postawilem router na ipcop .
sa dwa interfejsy eth0 (lan) , eth1 wan.
Kwestia jest taka ze chcialbym otworzyc porty 1723, 6666 i gre dla polaczen przychodzacych i wychodzacych .
W lanie mam dwa komputery ktore lacza sie po vpn ze serwerem ktory znajduje sie gdzies tam sobie w necie .
W zwiazku z tym nie moge forwardowac portow na konkretne ip , musze polaczenia z tych portow kierowac do calego lanu .
napisalem takie regulki ( napewno lipnie to bedzie wygladac, jesli ktos widzi cos do poprawienia prosze o sugestie bo dopiero zaczalem z iptables)
/sbin/iptables -A CUSTOMINPUT -i eth0 -s 10.10.0.0/16 -j ACCEPT
/sbin/iptables -A CUSTOMFORWARD -i eth0 -s 10.10.0.0/16 -j ACCEPT
#INPUT
/sbin/iptables -A CUSTOMINPUT -p gre -m state --state NEW -j ACCEPT
/sbin/iptables -A CUSTOMINPUT -p gre -m state --state ESTABLISHED -j ACCEPT
/sbin/iptables -A CUSTOMINPUT -p gre -m state --state RELATED -j ACCEPT
/sbin/iptables -A CUSTOMINPUT -p tcp -j ACCEPT -m state --state NEW
/sbin/iptables -A CUSTOMINPUT -p tcp -j ACCEPT -m state --state ESTABLISHED
/sbin/iptables -A CUSTOMINPUT -p tcp -j ACCEPT -m state --state RELATED
/sbin/iptables -A CUSTOMINPUT -p udp -j ACCEPT -m state --state ESTABLISHED
/sbin/iptables -A CUSTOMINPUT -p icmp -j ACCEPT -m state --state ESTABLISHED
/sbin/iptables -A CUSTOMINPUT -p icmp -j ACCEPT -m state --state RELATED
#FORWARD
/sbin/iptables -A CUSTOMFORWARD -p gre -j ACCEPT -m state --state NEW
/sbin/iptables -A CUSTOMFORWARD -p gre -j ACCEPT -m state --state ESTABLISHED
/sbin/iptables -A CUSTOMFORWARD -p gre -j ACCEPT -m state --state RELATED
/sbin/iptables -A CUSTOMFORWARD -p tcp -j ACCEPT -m state --state NEW
/sbin/iptables -A CUSTOMFORWARD -p tcp -j ACCEPT -m state --state ESTABLISHED
/sbin/iptables -A CUSTOMFORWARD -p tcp -j ACCEPT -m state --state RELATED
/sbin/iptables -A CUSTOMFORWARD -p udp -j ACCEPT -m state --state ESTABLISHED
/sbin/iptables -A CUSTOMFORWARD -p icmp -j ACCEPT -m state --state NEW
/sbin/iptables -A CUSTOMFORWARD -p icmp -j ACCEPT -m state --state ESTABLISHED
/sbin/iptables -A CUSTOMFORWARD -p icmp -j ACCEPT -m state --state RELATED
#OUTPUT
/sbin/iptables -A CUSTOMOUTPUT -p gre -j ACCEPT -m state --state NEW
/sbin/iptables -A CUSTOMOUTPUT -p gre -j ACCEPT -m state --state ESTABLISHED
/sbin/iptables -A CUSTOMOUTPUT -p gre -j ACCEPT -m state --state RELATED
/sbin/iptables -A CUSTOMOUTPUT -p tcp -j ACCEPT -m state --state NEW
/sbin/iptables -A CUSTOMOUTPUT -p tcp -j ACCEPT -m state --state ESTABLISHED
/sbin/iptables -A CUSTOMOUTPUT -p tcp -j ACCEPT -m state --state RELATED
/sbin/iptables -A CUSTOMOUTPUT -p udp -j ACCEPT -m state --state ESTABLISHED
/sbin/iptables -A CUSTOMOUTPUT -p icmp -j ACCEPT -m state --state NEW
/sbin/iptables -A CUSTOMOUTPUT -p icmp -j ACCEPT -m state --state ESTABLISHED
/sbin/iptables -A CUSTOMOUTPUT -p icmp -j ACCEPT -m state --state RELATED
# PORTY
/sbin/iptables -A CUSTOMINPUT -s 0.0.0.0/0 -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A CUSTOMINPUT -s 0.0.0.0/0 -p tcp --dport 6666 -j ACCEPT
/sbin/iptables -A CUSTOMINPUT -s 0.0.0.0/0 -p gre -j ACCEPT
/sbin/iptables -A CUSTOMOUTPUT -s 0.0.0.0/0 -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A CUSTOMOUTPUT -s 0.0.0.0/0 -p tcp --dport 6666 -j ACCEPT
/sbin/iptables -A CUSTOMOUTPUT -s 0.0.0.0/0 -p gre -j ACCEPT
Dystrybucja - środowisko graficzna dla amigowca (MUI) (3)
ePBF & Observability meetup in Warsaw (0)