[vodic] ena mrezna kartica vec IP naslovov
bl4z
Član Ubuntu.si
recimo, da je to uporabno ce imaste prenosnik pa ga vkljucujete na vec lokacij pa niamte dhcp ali recimo internet streznik ki ima vec ipjev ...
glavno se dogaja v
pa recimo se skripta iptables, ki pomogca dostopanje do posameznih servisov glede na ip
glavno se dogaja v
root@taks:/home/quaddown/public_html# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.71
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
auto eth0:1
iface eth0:1 inet static
address 192.168.1.72
netmask 255.255.255.0
pa recimo se skripta iptables, ki pomogca dostopanje do posameznih servisov glede na ip
root@taks:/home/quaddown/public_html# cat /etc/init.d/iptables
#! /bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin
EXT_IF=\"eth0\"
test -x /sbin/iptables || exit 0
case $1 in
start)
echo -n Starting iptables firewall
echo \"1\" > /proc/sys/net/ipv4/tcp_syncookies
echo \"1\" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
for f in /proc/sys/net/ipv4/conf/*; do
echo \"0\" > $f/accept_source_route
done
# Default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
# Create a common chain for the INPUT and FORWARD handling
iptables -N block
iptables -F block
# Allow traffic on established connections
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow new connections if not from the outside
iptables -A block -m state --state NEW -i ! \"$EXT_IF\" -j ACCEPT
#Allow ssh, dns na ip 192.168.1.72
iptables -A INPUT -p tcp -m tcp -d 192.168.1.72 --dport 22 -j ACCEPT
iptables -A INPUT -p udp -m udp -d 192.168.1.72 --dport 53 -j ACCEPT
#Allow web, flash na ip 192.168.1.71
iptables -A INPUT -p tcp -m tcp -d 192.168.1.71 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -d 192.168.1.71 --dport 1111 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -d 192.168.1.71 --dport 1935 -j ACCEPT
#Allow ICMP:
iptables -A INPUT -p icmp -j ACCEPT
# Block anything else
iptables -A block -j LOG
# Activate the new chain
iptables -A INPUT -j block
iptables -A FORWARD -j block
echo \".\"
;;
stop)
echo You Are shutting down the firewall
echo We hope you know what you are doing
echo There will be no firewall protection when the shutdown is complete.
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F block
iptables -X block
;;
restart)
echo Restarting firewall.
iptables -F FORWARD
$0 start
;;
reload)
$0 restart
;;
force-reload)
$0 restart
;;
*)
echo \"Usage: /etc/init.d/iptables {start|stop|restart|reload|force-reload}\" >& 2
exit 1
;;
esac
exit 0