Iptables

From Hack Sphere Labs Wiki
Revision as of 05:46, 5 August 2014 by Webdawg (talk | contribs) (Iptables NAT FW (Without Full NAT, Just Insert))

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

IP Tables That Work (That bonding thing)

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface tun0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

client 

iptables --table nat --append POSTROUTING --out-interface bond0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

server 

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface bond0 -j ACCEPT

Iptables NAT FW (Without Full NAT, Just Insert)

#DISABLE ACCESS TO WAN NETWORK
iptables -I FORWARD -d WA.N.NET.WORK/24 -j DROP

#ALLOW HOST
iptables -I FORWARD -p tcp -d WA.N.DEV.ICE -s SOURCE.NAT.NET.WORK/24 -j ACCEPT
iptables -I FORWARD -p udp -d WA.N.DEV.ICE -s SOURCE.NAT.NET.WORK/24 -j ACCEPT

#ALLOW PING
iptables -I FORWARD -p icmp -m icmp --icmp-type 8 -d WA.N.DEV.ICE -j ACCEPT
iptables -I FORWARD -p icmp -m icmp --icmp-type 0 -d SOURCE.NAT.NET.WORK/24 -j ACCEPT
Retrieved from "https://wiki.hackspherelabs.com/index.php?title=Iptables&oldid=1951"