debian router

**Jaymare** · 17-04-2006, 17:05

nessuno che mi possa aiutare? forse non è chiaro.. debian deve fare da router tra due reti (e a quesro punto gli faccio fare anche da firewall). La prima rete è un punto-punto con router e debian (eth0) che hanno due ip pubblici contigui (/30). Sulla eth1 c'è la lan.

router..
Destination Gateway Genmask Flags Metric Ref Use Iface
87.87.87.0 * 255.255.255.252 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
default 87.87.87.1 0.0.0.0 UG 0 0 0 eth0

firewall.sh..

#!/bin/sh

echo -e "\n\nSETTING UP IPTABLES FIREWALL..."
INTIF="eth1"
INTNET="192.168.1.0/24"
INTIP="192.168.1.1/24"

EXTIF="eth0"
EXTIP="87.87.87.2/30"
EXTNET="87.87.87.0/30"

echo "Loading required stateful/NAT kernel modules..."
echo " Enabling IP forwarding..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

echo " External interface: $EXTIF"
echo " External interface IP address is: $EXTIP"
echo " Loading firewall server rules..."

UNIVERSE="0.0.0.0/0"

iptables -P INPUT DROP
iptables -F INPUT
iptables -P OUTPUT DROP
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -F -t nat

if [ "`iptables -L | grep drop-and-log-it`" ]; then
iptables -F drop-and-log-it
fi

iptables -X

iptables -Z

iptables -N drop-and-log-it
iptables -A drop-and-log-it -j LOG --log-level info
iptables -A drop-and-log-it -j REJECT

echo -e " - Loading INPUT rulesets"
iptables -A INPUT -i lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT
iptables -A INPUT -i $INTIF -s $INTNET -d $UNIVERSE -j ACCEPT
iptables -A INPUT -i $EXTIF -s $INTNET -d $UNIVERSE -j drop-and-log-it
iptables -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -j ACCEPT
iptables -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s $UNIVERSE -d $UNIVERSE -j drop-and-log-it

echo -e " - Loading OUTPUT rulesets"

iptables -A OUTPUT -o lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT
iptables -A OUTPUT -o $INTIF -s $EXTIP -d $INTNET -j ACCEPT
iptables -A OUTPUT -o $INTIF -s $INTIP -d $INTNET -j ACCEPT
iptables -A OUTPUT -o $EXTIF -s $UNIVERSE -d $INTNET -j drop-and-log-it
iptables -A OUTPUT -o $EXTIF -s $EXTIP -d $UNIVERSE -j ACCEPT
iptables -A OUTPUT -s $UNIVERSE -d $UNIVERSE -j drop-and-log-it

eho -e " - Loading FORWARD rulesets"

iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -A FORWARD -j drop-and-log-it

# Enable SNAT (MASQUERADE) functionality on $EXTIF
#iptables -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP

echo -e " Firewall server rule loading

ora.. da debian riesco a pingare fuori ma dalla lan non arrivo a pingare 87.87.87.1 che è la ethernet del router ??? AIUTO!

Discussione: debian router

Strumenti discussione

Ricerca discussione

Visualizza

Hybrid View

Permessi di invio