Difference between revisions of "Iptables"
From Hack Sphere Labs Wiki
(→Iptables NAT FW (Without Full NAT, Just Insert)) |
|||
| Line 31: | Line 31: | ||
iptables -I FORWARD -p icmp -m icmp --icmp-type 8 -d WA.N.DEV.ICE -j ACCEPT | iptables -I FORWARD -p icmp -m icmp --icmp-type 8 -d WA.N.DEV.ICE -j ACCEPT | ||
iptables -I FORWARD -p icmp -m icmp --icmp-type 0 -d SOURCE.NAT.NET.WORK/24 -j ACCEPT | iptables -I FORWARD -p icmp -m icmp --icmp-type 0 -d SOURCE.NAT.NET.WORK/24 -j ACCEPT | ||
| − | <pre> | + | </pre> |
Latest revision as of 05:46, 5 August 2014
IP Tables That Work (That bonding thing)
iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables --append FORWARD --in-interface tun0 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward
client
iptables --table nat --append POSTROUTING --out-interface bond0 -j MASQUERADE iptables --append FORWARD --in-interface eth1 -j ACCEPT
server
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables --append FORWARD --in-interface bond0 -j ACCEPT
Iptables NAT FW (Without Full NAT, Just Insert)
#DISABLE ACCESS TO WAN NETWORK iptables -I FORWARD -d WA.N.NET.WORK/24 -j DROP #ALLOW HOST iptables -I FORWARD -p tcp -d WA.N.DEV.ICE -s SOURCE.NAT.NET.WORK/24 -j ACCEPT iptables -I FORWARD -p udp -d WA.N.DEV.ICE -s SOURCE.NAT.NET.WORK/24 -j ACCEPT #ALLOW PING iptables -I FORWARD -p icmp -m icmp --icmp-type 8 -d WA.N.DEV.ICE -j ACCEPT iptables -I FORWARD -p icmp -m icmp --icmp-type 0 -d SOURCE.NAT.NET.WORK/24 -j ACCEPT
