NAT router with port 80 forwarded to 10.0.0.2 and port 25 open on the router; with logs
|
IPT='/usr/local/sbin/iptables'
$IPT -F
$IPT -X
$IPT -P FORWARD DROP
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -N loga
$IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A FORWARD -i eth1 -j ACCEPT
$IPT -A FORWARD -p tcp --dport 80 -j loga
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -p tcp --dport 25 -j loga
$IPT -A loga -j ULOG
$IPT -A loga -j ACCEPT
$IPT -t nat -F
$IPT -t nat -X
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2
$IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
阅读(1949) | 评论(0) | 转发(0) |
