[vodic] ena mrezna kartica vec IP naslovov

bl4z Član Ubuntu.si
v Triki, nasveti, članki ter vodiči
recimo, da je to uporabno ce imaste prenosnik pa ga vkljucujete na vec lokacij pa niamte dhcp ali recimo internet streznik ki ima vec ipjev ...

glavno se dogaja v 
root@taks:/home/quaddown/public_html# cat /etc/network/interfaces 
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.71
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

auto eth0:1
iface eth0:1 inet static
address 192.168.1.72
netmask 255.255.255.0

pa recimo se skripta iptables, ki pomogca dostopanje do posameznih servisov glede na ip

root@taks:/home/quaddown/public_html# cat /etc/init.d/iptables 
#! /bin/sh

PATH=/bin:/sbin:/usr/bin:/usr/sbin
EXT_IF=\"eth0\"

test -x /sbin/iptables || exit 0

case $1 in
    start)
        echo -n Starting iptables firewall

        echo \"1\" > /proc/sys/net/ipv4/tcp_syncookies

        echo \"1\" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

        for f in /proc/sys/net/ipv4/conf/*; do
            echo \"0\" > $f/accept_source_route
        done

        # Default policies
        iptables -P INPUT DROP
        iptables -P FORWARD DROP
        iptables -P OUTPUT ACCEPT
        iptables -F INPUT
        iptables -F FORWARD
        iptables -F OUTPUT

        # Create a common chain for the INPUT and FORWARD handling
        iptables -N block
        iptables -F block

        # Allow traffic on established connections
        iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
        # Allow new connections if not from the outside
        iptables -A block -m state --state NEW -i ! \"$EXT_IF\" -j ACCEPT

        #Allow ssh, dns na ip 192.168.1.72
        iptables -A INPUT -p tcp -m tcp -d 192.168.1.72 --dport 22 -j ACCEPT
        iptables -A INPUT -p udp -m udp -d 192.168.1.72 --dport 53 -j ACCEPT

        #Allow web, flash na ip 192.168.1.71
        iptables -A INPUT -p tcp -m tcp -d 192.168.1.71 --dport 80 -j ACCEPT
        iptables -A INPUT -p tcp -m tcp -d 192.168.1.71 --dport 1111 -j ACCEPT
        iptables -A INPUT -p tcp -m tcp -d 192.168.1.71 --dport 1935 -j ACCEPT


        #Allow ICMP:
        iptables -A INPUT -p icmp -j ACCEPT

        # Block anything else
        iptables -A block -j LOG

        # Activate the new chain
        iptables -A INPUT -j block
        iptables -A FORWARD -j block
        
        echo \".\"
    ;;

    stop)
        echo You Are shutting down the firewall 
        echo We hope you know what you are doing
        echo There will be no firewall protection when the shutdown is complete.
  
        iptables -F INPUT
        iptables -F OUTPUT
        iptables -F FORWARD
        iptables -P INPUT ACCEPT
        iptables -P OUTPUT ACCEPT
        iptables -P FORWARD ACCEPT
        iptables -F block
        iptables -X block
        ;;

    restart)
        echo Restarting firewall.

        iptables -F FORWARD
        $0 start
    ;;

    reload)
        $0 restart
    ;;

    force-reload)
        $0 restart
    ;;

    *)
        echo \"Usage: /etc/init.d/iptables {start|stop|restart|reload|force-reload}\" >& 2
        exit 1
    ;;
esac

exit 0
Za komentiranje se prijavite ali pa se vpišite.