API tools faq
paste
Guest User

Untitled

a guest
Mar 24th, 2018
91
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.36 KB | None | 0 0
raw download clone embed print report
  1. source /etc/network/interfaces.d/*
  2.  
  3. auto lo
  4. iface lo inet loopback
  5.  
  6. auto wan0
  7. iface wan0 inet dhcp
  8.  
  9. auto eth0.11
  10. iface eth0.11 inet static
  11. address 10.1.0.1
  12. network 10.1.0.0
  13. netmask 255.255.0.0
  14. broadcast 10.1.255.255
  15. vlan-raw-device eth0
  16.  
  17. auto eth1.22
  18. iface eth1.22 inet static
  19. address 10.2.0.1
  20. network 10.2.0.0
  21. netmask 255.255.0.0
  22. broadcast 10.2.255.255
  23. vlan-raw-device eth1
  24.  
  25. auto eth1.33
  26. iface eth1.33 inet static
  27. address 10.3.0.1
  28. network 10.3.0.0
  29. netmask 255.255.0.0
  30. broadcast 10.3.255.255
  31. vlan-raw-device eth1
  32.  
  33. auto dsl-provider
  34. iface dsl-provider inet ppp
  35. pre-up /bin/ip link set wan0 up # line maintained by pppoeconf
  36. provider dsl-provider
  37.  
  38. $IPTABLES -N privnet_as_source_accept
  39. $IPTABLES -A privnet_as_source_accept -i eth0.11 -j ACCEPT
  40. $IPTABLES -A privnet_as_source_accept -i eth1.22 -j ACCEPT
  41. $IPTABLES -A privnet_as_source_accept -i eth1.33 -j ACCEPT
  42. $IPTABLES -A privnet_as_source_accept -j DROP
  43.  
  44. .
  45. .
  46. .
  47.  
  48. # Allow everything which is related to an earlier action
  49. $IPTABLES -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
  50.  
  51. # ICMP forward all subtype from private network to internet
  52. $IPTABLES -A FORWARD -o ppp0 -p icmp -j privnet_as_source_accept
  53.  
  54. # SSH
  55. $IPTABLES -A FORWARD -o ppp0 -p tcp --dport 22 -m conntrack --ctstate NEW -j privnet_as_source_accept
  56.  
  57. # whois
  58. $IPTABLES -A FORWARD -o ppp0 -p udp --dport 43 -m conntrack --ctstate NEW -j privnet_as_source_accept
  59. $IPTABLES -A FORWARD -o ppp0 -p tcp --dport 43 -m conntrack --ctstate NEW -j privnet_as_source_accept
  60.  
  61. # DNS
  62. $IPTABLES -A FORWARD -o ppp0 -p udp --dport 53 -m conntrack --ctstate NEW -j privnet_as_source_accept
  63. $IPTABLES -A FORWARD -o ppp0 -p tcp --dport 53 -m conntrack --ctstate NEW -j privnet_as_source_accept
  64.  
  65. # HTTP
  66. $IPTABLES -A FORWARD -o ppp0 -p tcp --dport 80 -m conntrack --ctstate NEW -j privnet_as_source_accept
  67.  
  68. Kernel IP routing table
  69. Destination Gateway Genmask Flags Metric Ref Use Iface
  70. 0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 ppp0
  71. 10.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
  72. 10.1.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0.111
  73. 10.2.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1.222
  74. 10.3.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1.333
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!