[Gllug] iptables and flaky ssh, ftp, vnc
Tom Schutzer-Weissmann
trmsw at yahoo.co.uk
Tue Jun 21 20:54:02 UTC 2005
On Tue, 2005-06-21 at 16:37 +0100, Peter Grandi wrote:
> There is probably wrong with the 'iptables' rules too, they are
> very very difficut to get right (and, as usual, very easy to get
> wrong but ''working''). I usually recommend using a rule set
> generator... But even that does not avoid the need for clear
> thinking.
I'll stick my neck out. This is a semi-theoretical question. Given that
I wanted as transparent a link as possible, isn't this the minimal
ruleset I could have?
regards,
Tom Weissmann
----------------------------------------
world=0.0.0.0/0.0.0.0
dest=192.168.200.0/24
dev=$1
dynip=`/sbin/ifconfig | grep -A 4 $dev | awk '/inet/ { print $2 } ' |
sed -e s/addr://`
iptables -I OUTPUT 1 -s $world -d $dest -j ACCEPT -o $dev
iptables -I INPUT 1 -s $dest -d $world -j ACCEPT -i $dev
iptables -I FORWARD 1 -s $world -d $dest -j ACCEPT -o $dev
iptables -I FORWARD 1 -s $dest -d $world -j ACCEPT -i $dev
iptables -t nat -A POSTROUTING -o $dev -j SNAT --to $dynip
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
echo 1 > /proc/sys/net/ipv4/ip_forward
___________________________________________________________
How much free photo storage do you get? Store your holiday
snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list