NAT router with port 80 forwarded to 10.0.0.2 and port 25 open on the router; with logs
IPT='/usr/local/sbin/iptables' $IPT -F $IPT -X $IPT -P FORWARD DROP $IPT -P INPUT DROP $IPT -P OUTPUT ACCEPT $IPT -N loga $IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT $IPT -A FORWARD -i eth1 -j ACCEPT $IPT -A FORWARD -p tcp --dport 80 -j loga $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT $IPT -A INPUT -i lo -j ACCEPT $IPT -A INPUT -p tcp --dport 25 -j loga $IPT -A loga -j ULOG $IPT -A loga -j ACCEPT $IPT -t nat -F $IPT -t nat -X $IPT -t nat -P PREROUTING ACCEPT $IPT -t nat -P POSTROUTING ACCEPT $IPT -t nat -P OUTPUT ACCEPT $IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2 $IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
阅读(1989) | 评论(0) | 转发(0) |