firewall e ip pubblici
Consadori Andrea
consadoria a pierreconsulting.net
Mar 19 Ago 2003 10:25:14 UTC
salve,
stava mettendo su un firewall di prova
# Generated by iptables-save v1.2.6a on Tue Aug 19 11:56:01 2003
*mangle
:PREROUTING ACCEPT [16372:4857330]
:INPUT ACCEPT [4480:321799]
:FORWARD ACCEPT [11853:4533121]
:OUTPUT ACCEPT [3643:1036114]
:POSTROUTING ACCEPT [15488:5568179]
COMMIT
# Completed on Tue Aug 19 11:56:01 2003
# Generated by iptables-save v1.2.6a on Tue Aug 19 11:56:01 2003
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp -d 192.168.10.253 -i eth1 --dport 80 -j
DNAT --to-destination 192.168.0.253:80
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -j MASQUERADE
COMMIT
# Completed on Tue Aug 19 11:56:01 2003
# Generated by iptables-save v1.2.6a on Tue Aug 19 11:56:01 2003
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.0.0/255.255.255.0 -i eth0 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue Aug 19 11:56:01 2003
la cosa strana รจ che aggiungendo a mano (ip addr add 192.168.10.253 dev
eth1),
quindi configurando un altro ip pub sulla eth1 va tutto,
ma al riavvio perdo la configurazione della eth1
come faccio a rendere permanente il comando ip addr add 192.168.10.253 dev
eth1
che fa si che la int pubblica del firewall sia sia 192.168.10.222 che
192.168.10.253 ?
Ringraziando
Andrea Consadori
Maggiori informazioni sulla lista
Lug
|
