Re: Q: IPTABLES linux'e [Ingodas Vytrastas @ 2009-03-16 17:09:38] — Newsgroups.lt

Tema: Re: Q: IPTABLES linux'e

Autorius: Ingodas Vytrastas

Data: 2009-03-16 17:09:38

Artūras Šlajus wrote:
> Ingodas Vytrastas wrote:
>>
>> priminkit prašau, kaip paketai vaikšto NAT atveju?
>>
>> nat/PREROUTING - > nat/POSTROUTING -> filter/FORWARD - filter/OUTPUT ?
>>
>> reik nugesinti SMTP į išorinius serverius, ale nalabai sekasi surasti 
>> kur DROP'inti - nat/PREROUTING grasina ateityje nevykdyti DROP taisyklės.
>>
> filter/FORWARD
> 
> http://iptables-tutorial.frozentux.net/iptables-tutorial.html#TRAVERSINGOFTABLES 
> 

mucias gracias. Berods gavosi.

jei kam reikės:

# SMTP block
-A FORWARD -d 127.0.0.1 -p tcp --dport 25 -j ACCEPT
-A FORWARD -d $vidinis_SMTP -p tcp --dport 25 -j ACCEPT
-A FORWARD -d $isorinis_SMTP -p tcp --dport 25 -j ACCEPT
-A FORWARD -p tcp --dport 25 -j LOG --log-prefix "SMTP out: "
-A FORWARD -i $vidinis_IF -d 0/0 -p tcp --dport 25 -j REJECT

-A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

$me durna galva: taisykles reikia dėti prieš "-m state ...".
-- 
  ejs

3D astronomy agriculture audio autos autos.audi autos.audio autos.binaries autos.bmw autos.club autos.ford autos.hondacrx autos.japan autos.mercedes autos.opel autos.sport autos.volvo autos.vw avia avia.binaries bankcards binaries books building cinema commerce comp.hardware comp.software comp.lietuvinimas comp.networks culture darbas.ieskau darbas.siulau design economics electronics fauna fauna.aqua fauna.binaries fishing flora foto foto.binaries games games.cs games.online gsm gurmanai humour humour.binaries internet law microsoft moto music music.binaries music.instruments music.LT.binaries navigacija php politics programming rpg sport studying sveikata talk test translation transportation travel travel.binaries tv unix video video.binaries watersports www www.flash pda autos.supermama.lt mobile darbas retro.3D retro.agriculture retro.astronomy retro.audio retro.autos retro.autos.audi retro.autos.audio retro.autos.binaries retro.autos.bmw retro.autos.club retro.autos.ford retro.autos.hondacrx retro.autos.japan retro.autos.mercedes retro.autos.opel retro.autos.sport retro.autos.supermama retro.autos.supermama.lt retro.autos.volvo retro.autos.vw retro.avia retro.avia.binaries retro.bankcards retro.beos retro.binaries retro.books retro.building retro.cinema retro.commerce retro.comp retro.comp.hardware retro.comp.lietuvinimas retro.comp.networks retro.comp.software retro.culture retro.darbas retro.darbas.ieskau retro.darbas.siulau retro.design retro.economics retro.electronics retro.e-vejas retro.fauna retro.fauna.aqua retro.fauna.binaries retro.fishing retro.flora retro.foto retro.foto.binaries retro.games retro.games.cs retro.games.online retro.games.rpg retro.genealogija retro.gsm retro.gurmanai retro.humour retro.humour.binaries retro.internet retro.YZF retro.YZF.nebuk retro.YZF.nebuk.netikintis retro.YZF.nebuk.netikintis.buk retro.YZF.nebuk.netikintis.buk.tikintis retro.law retro.microsoft retro.mobile retro.moto retro.music retro.music.binaries retro.music.instruments retro.music.LT retro.music.LT.binaries retro.navigacija retro.news retro.news.taisykles retro.newuser retro.pda retro.php retro.politics retro.programming retro.rpg retro.sport retro.studying retro.sveikata retro.talk retro.translation retro.transportation retro.travel retro.travel.binaries retro.tv retro.unix retro.video retro.video.binaries retro.watersports retro.www retro.www.flash diy lt.rkm.news.announce lt.rkm.news.newuser

+q: apie dhcpblah2009-04-03 21:02

+mount: uzmountinta particija nerodo viso jos dydzioosourcem2009-04-02 23:48

+programinis raid (software raid)osourcem2009-04-02 15:37

+Dėl IPTABLES eilių apdorojimo tvarkoskrx2009-03-30 12:20

+fizinio adreso keitimasDex2009-03-27 16:07

+vpnMarius2009-03-27 14:53

+iptables, snat, dnatTZ2009-03-27 09:51

+terminal server ir KDEpracyvnas2009-03-26 11:55

+megaTV, wrt54gl, igmpTZ2009-03-25 09:31

+Klausimas LDAP žinovamsbertas2009-03-24 17:44

+gal ir biski OT: Researchers demo BIOS attack that survives hard-disk wipegk <zhyna@(sabaka)zhyzni.net>2009-03-24 02:48

+public ip ant domUtaip2009-03-23 18:13

+klausimas del iSCASIazuolas2009-03-23 13:27

+dirbtine kernel panikaazuolas2009-03-22 15:20

+putty UTF8 cmd line raktasTZ2009-03-20 09:36

+Ubuntu backup/restorebullka2009-03-19 16:01

+Midnight Commander alternatyva? +keli klausimai@bullka2009-03-19 07:39

logmein.com is ubuntuscript kiddie2009-03-18 02:52

+Q: dar ir CUPS problemosIngodas Vytrastas2009-03-16 16:48

+nat pagal porta per skirtingus ipandrws2009-03-16 15:52

-Q: IPTABLES linux'eIngodas Vytrastas2009-03-16 13:22

Re: IPTABLES linux'eandrws2009-03-16 15:56

Re: Q: IPTABLES linux'eDeprecated2009-03-16 15:48

Re: Q: IPTABLES linux'eIngodas Vytrastas2009-03-16 16:01

Re: Q: IPTABLES linux'eArtūras Šlajus2009-03-16 15:24

Re: Q: IPTABLES linux'eIngodas Vytrastas2009-03-16 17:09

Virtualus serveris ir chkrootkitbertas2009-03-14 22:32

+rkhunter pranešimasbertas2009-03-14 22:30

+Aisku bijom virusu, bet....Levas2009-03-10 20:54

+centos bootmrxas2222009-03-06 11:00

+Del rsync ir filterAne2009-03-02 17:29

+nemoku anglu...tiek kad skaityciau...Drambliukas2009-03-02 07:57

+OO writer ir word failaitas kuris virshija2009-03-01 21:26

luzineja asspPro2009-02-27 17:14

+Duomenu atstatymasuntanas2009-02-27 17:07

+mistika postfixjulius2009-02-27 15:02

+Fedora ir Webcamasbertas2009-02-25 20:48

+option gt 3g+ emeaMarius2009-02-21 14:14

+serveris (gal kas galit patart)omnitel2009-02-21 09:39

paprasto mail listo sistemosemnt2009-02-20 14:34

ubuntu gma3100 driverandrius2009-02-20 10:03

+Q: zebra, SMTP: kaip išsiųsti domeno paštąejs2009-02-19 23:34

+802.1x + ADTrecias Brolis2009-02-17 16:12

+Dingsta internetas.Makauskas Vidas2009-02-17 15:01

+Toolsas monitorinimuiSashokas2009-02-17 11:20

+Vėl dėl RocketRaidbertas2009-02-12 19:02

+full capture boxscript kiddie2009-02-11 23:27

+Labai labai reikia routerio, nepykitDrambliukas2009-02-11 17:03

+Mirga vaizdaspracyvnas2009-02-11 16:56

19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1