Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- source /etc/network/interfaces.d/*
- auto lo
- iface lo inet loopback
- auto wan0
- iface wan0 inet dhcp
- auto eth0.11
- iface eth0.11 inet static
- address 10.1.0.1
- network 10.1.0.0
- netmask 255.255.0.0
- broadcast 10.1.255.255
- vlan-raw-device eth0
- auto eth1.22
- iface eth1.22 inet static
- address 10.2.0.1
- network 10.2.0.0
- netmask 255.255.0.0
- broadcast 10.2.255.255
- vlan-raw-device eth1
- auto eth1.33
- iface eth1.33 inet static
- address 10.3.0.1
- network 10.3.0.0
- netmask 255.255.0.0
- broadcast 10.3.255.255
- vlan-raw-device eth1
- auto dsl-provider
- iface dsl-provider inet ppp
- pre-up /bin/ip link set wan0 up # line maintained by pppoeconf
- provider dsl-provider
- $IPTABLES -N privnet_as_source_accept
- $IPTABLES -A privnet_as_source_accept -i eth0.11 -j ACCEPT
- $IPTABLES -A privnet_as_source_accept -i eth1.22 -j ACCEPT
- $IPTABLES -A privnet_as_source_accept -i eth1.33 -j ACCEPT
- $IPTABLES -A privnet_as_source_accept -j DROP
- .
- .
- .
- # Allow everything which is related to an earlier action
- $IPTABLES -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
- # ICMP forward all subtype from private network to internet
- $IPTABLES -A FORWARD -o ppp0 -p icmp -j privnet_as_source_accept
- # SSH
- $IPTABLES -A FORWARD -o ppp0 -p tcp --dport 22 -m conntrack --ctstate NEW -j privnet_as_source_accept
- # whois
- $IPTABLES -A FORWARD -o ppp0 -p udp --dport 43 -m conntrack --ctstate NEW -j privnet_as_source_accept
- $IPTABLES -A FORWARD -o ppp0 -p tcp --dport 43 -m conntrack --ctstate NEW -j privnet_as_source_accept
- # DNS
- $IPTABLES -A FORWARD -o ppp0 -p udp --dport 53 -m conntrack --ctstate NEW -j privnet_as_source_accept
- $IPTABLES -A FORWARD -o ppp0 -p tcp --dport 53 -m conntrack --ctstate NEW -j privnet_as_source_accept
- # HTTP
- $IPTABLES -A FORWARD -o ppp0 -p tcp --dport 80 -m conntrack --ctstate NEW -j privnet_as_source_accept
- Kernel IP routing table
- Destination Gateway Genmask Flags Metric Ref Use Iface
- 0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 ppp0
- 10.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
- 10.1.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0.111
- 10.2.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1.222
- 10.3.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1.333
Add Comment
Please, Sign In to add comment