Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Redes de Datos
- [server]
- |
- (r2)
- |
- ^
- [pc1]--<(r1)>--<(firewall)>--[serverlocal]
- Configuración de red
- pc1: ifconfig eth0 10.0.1.2/24
- pc1: route add default gw 10.0.1.1
- firewall: route add -net 10.0.1.0/24 gw 10.0.2.1
- serverlocal: ifconfig eth0 10.0.3.2/24
- serverlocal: route add default gw 10.0.3.1
- Verificación
- serverlocal: netstat -tuplen
- Conectar pc1 a serverlocal via links
- pc1: links http://serverlocal:8080
- Politicas por defecto
- firewall: iptables -P INPUT ACCEPT
- firewall: iptables -P FORWARD ACCEPT
- firewall: iptables -P OUTPUT ACCEPT
- r1: iptables -P INPUT ACCEPT
- r1: iptables -P FORWARD ACCEPT
- r1: iptables -P OUTPUT ACCEPT
- Denegar ping
- firewall: iptables -A FORWARD -p icmp --icmp-type echo-request -d 10.0.1.0/24 -j DROP
- firewall: iptables -A FORWARD -p icmp --icmp-type echo-request -d 10.0.3.0/24 -j DROP
- Salida a internet
- firewall: iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -o eth1 -j SNAT --to 200.200.0.2
- firewall: iptables -t nat -A POSTROUTING -s 10.0.3.0/24 -o eth1 -j SNAT --to 200.200.0.2
- Acceso a serverlocal y pc1
- firewall: iptables -t nat -A PREROUTING -p tcp -d 200.200.0.2 --dport 80 -j DNAT --to 10.0.1.2:80
- firewall: iptables -t nat -A POSTROUTING -p tcp -s 10.0.1.2 --sport 80 -j SNAT --to 200.200.0.2:80
- firewall: iptables -t nat -A PREROUTING -p tcp -d 200.200.0.2 --dport 8080 -j DNAT --to 10.0.3.2:8080
- firewall: iptables -t nat -A POSTROUTING -p tcp -s 10.0.3.2 --sport 8080 -j SNAT --to 200.200.0.2:8080
- Ssh server a pc1
- firewall: iptables -I PREROUTING -t nat -p tcp -d 200.200.0.2 --dport 22 -j DNAT --to 10.0.1.2:22
- firewall: iptables -I POSTROUTING -t nat -p tcp -s 10.0.1.2 --sport 22 -j SNAT --to 200.200.0.2:22
- Deniega login de DMZ a pc1
- firewall: iptables -I FORWARD -p tcp -s 10.0.3.0/24 --dport 22 -d 10.0.1.2 -j DROP
- Deniega ping a server
- firewall: iptables -A FORWARD -p icmp --icmp-type echo-request -d 200.200.1.2 -j DROP
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement