КАК НАСТРОИТЬ FIREWALL???
Например: чтоб клиенты 192.168.182.0/24 могли подключатся к самбе(192.168.1.17)????
ifconfig
Код: Выделить всё
eth0 Link encap:Ethernet HWaddr c2:9a:8b:df:82:cf
inet addr:XX.XX.XX.XZ Bcast:XX.XX.XX.255 Mask:255.255.255.0
inet6 addr: fe80::c09a:8bff:fedf:82cf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:87704438 errors:0 dropped:0 overruns:0 frame:0
TX packets:70048821 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:476023153 (476.0 MB) TX bytes:3502310001 (3.5 GB)
eth1 Link encap:Ethernet HWaddr fa:d4:2e:15:6f:0c
inet addr:192.168.100.254 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::f8d4:2eff:fe15:6f0c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:69123402 errors:0 dropped:3718 overruns:0 frame:0
TX packets:83743184 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3621128512 (3.6 GB) TX bytes:3476110085 (3.4 GB)
eth2 Link encap:Ethernet HWaddr 2e:01:f7:4d:70:93
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::2c01:f7ff:fe4d:7093/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4603105 errors:0 dropped:0 overruns:0 frame:0
TX packets:3914381 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:352807872 (352.8 MB) TX bytes:504989035 (504.9 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:126987 errors:0 dropped:0 overruns:0 frame:0
TX packets:126987 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:15827049 (15.8 MB) TX bytes:15827049 (15.8 MB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.182.1 P-t-P:192.168.182.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING MTU:1500 Metric:1
RX packets:67981183 errors:0 dropped:0 overruns:0 frame:0
TX packets:85073920 errors:0 dropped:2308 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:2543868470 (2.5 GB) TX bytes:4279290882 (4.2 GB)
Код: Выделить всё
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 XX.XX.XX.XZ 0.0.0.0 UG 0 0 0 eth0
XX.XX.XX.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.182.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
Код: Выделить всё
$IPTABLES -t nat -I PREROUTING -p tcp -i tun0 --dport 135 -j DNAT --to-destination 192.168.1.17:135
$IPTABLES -t nat -I PREROUTING -p tcp -i tun0 --dport 139 -j DNAT --to-destination 192.168.1.17:139
$IPTABLES -t nat -I PREROUTING -p tcp -i tun0 --dport 445 -j DNAT --to-destination 192.168.1.17:445
###udp
$IPTABLES -t nat -I PREROUTING -p udp -i tun0 --dport 135 -j DNAT --to-destination 192.168.1.17:135
$IPTABLES -t nat -I PREROUTING -p udp -i tun0 --dport 137 -j DNAT --to-destination 192.168.1.17:137
$IPTABLES -t nat -I PREROUTING -p udp -i tun0 --dport 138 -j DNAT --to-destination 192.168.1.17:138
$IPTABLES -t nat -I PREROUTING -p udp -i tun0 --dport 139 -j DNAT --to-destination 192.168.1.17:139
$IPTABLES -t nat -I PREROUTING -p udp -i tun0 --dport 1024 -j DNAT --to-destination 192.168.1.17:1024
$IPTABLES -t nat -I PREROUTING -p udp -i tun0 --dport 445 -j DNAT --to-destination 192.168.1.17:445