tailieunhanh - Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT, and filter phần 5

để hiển thị các địa chỉ IP cho mỗi thiết bị mạng (ip addr hiển thị), hoặc để xóa các địa chỉ IP từ giao diện (ip addr del). Địa chỉ IP cũng có thể được flushed bằng cách sử dụng các tiêu chí khác nhau, ví dụ như ip addr tuôn ra năng động sẽ tuôn ra tất cả các tuyến được thêm vào hạt nhân bởi một giao thức định tuyến động. | NAT and Packet Mangling with iptables computers in 24 that are not in 27 pass through the Linux router and get SNATed. To solve this problem we have two alternatives. The first would be not to SNAT 24 when the destination is another computer in 24 iptables -t nat -A POSTROUTING -s 24 -d 24 -j SNAT --to --to The second choice we have is to SNAT only the packets that go out on Eth1 iptables -t nat -A POSTROUTING -s 24 -o ethl -j SNAT --to --to Our provider connected another location of our company to the same equipment and since we are in the same VLAN we don t have to build a tunnel between the routers at each location but just route the networks through the Linux router at that location. On the other site we have the network 24. We need to let computers in our network access computers in the 24 network without SNATing them iptables -t nat -I POSTROUTING -s 24 -d 24 -j ACCEPT This command will insert the rule before the NAT rule so if any packet from 24 is destined to any IP in the 24 network this rule will match and the chain will not be analyzed further so SNAT will not take place. Jane our secretary is famous for her good coffee but since she got the IRC fever she s not doing anything anymore. The manager is angry about this but she doesn t want to fire Jane because she s addicted to her famous coffee so she comes to ask us to do something about it. There are many things we can do in this matter for instance drop packets from Jane when trying to access ports 6666 to 6669 in the POSTROUTING chain iptables -t nat -I POSTROUTING -s -p tcp --dport 6666 6669 -j DROP We might want to ask the manager what Jane is allowed to do. For instance if the manager wants to allow Jane only web access we can do the following iptables -t nat -I .

TỪ KHÓA LIÊN QUAN