Difference between revisions of "Iptables"

From Hack Sphere Labs Wiki
Jump to: navigation, search
(Iptables NAT FW (Without Full NAT, Just Insert))
 
Line 31: Line 31:
 
iptables -I FORWARD -p icmp -m icmp --icmp-type 8 -d WA.N.DEV.ICE -j ACCEPT
 
iptables -I FORWARD -p icmp -m icmp --icmp-type 8 -d WA.N.DEV.ICE -j ACCEPT
 
iptables -I FORWARD -p icmp -m icmp --icmp-type 0 -d SOURCE.NAT.NET.WORK/24 -j ACCEPT
 
iptables -I FORWARD -p icmp -m icmp --icmp-type 0 -d SOURCE.NAT.NET.WORK/24 -j ACCEPT
<pre>
+
</pre>

Latest revision as of 06:46, 5 August 2014

IP Tables That Work (That bonding thing)

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface tun0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

client

iptables --table nat --append POSTROUTING --out-interface bond0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

server

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface bond0 -j ACCEPT

Iptables NAT FW (Without Full NAT, Just Insert)

#DISABLE ACCESS TO WAN NETWORK
iptables -I FORWARD -d WA.N.NET.WORK/24 -j DROP

#ALLOW HOST
iptables -I FORWARD -p tcp -d WA.N.DEV.ICE -s SOURCE.NAT.NET.WORK/24 -j ACCEPT
iptables -I FORWARD -p udp -d WA.N.DEV.ICE -s SOURCE.NAT.NET.WORK/24 -j ACCEPT

#ALLOW PING
iptables -I FORWARD -p icmp -m icmp --icmp-type 8 -d WA.N.DEV.ICE -j ACCEPT
iptables -I FORWARD -p icmp -m icmp --icmp-type 0 -d SOURCE.NAT.NET.WORK/24 -j ACCEPT