Thread: Open Mail Ports
View Single Post

  #5 (permalink)  
Old 12-13-2006, 12:29 PM
B!n@ry B!n@ry is offline
Senior Member
User
  
Join Date: Dec 2006
Location: /B!n@ry
My distro: openSuSE 10.2
Posts: 127
Rep Power: 0
B!n@ry
Send a message via MSN to B!n@ry
Default
Ok lets finalize the case my script shall be like this:

Code:
SQUID_SERVER="192.168.0.1"
INTERNET="eth1"
LAN_IN="eth0"
SQUID_PORT="3120"
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT


iptables -A OUTPUT -p tcp -s 192.168.1.1 --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -jACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 25 -d 192.168.1.1 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

iptables -t nat -A POSTROUTING -o eth1 -p tcp -s 192.168.0.0/24 --sport 1024:65535 -d 0/0 --dport 25 -j SNAT --to 192.168.1.1
iptables -A OUTPUT -p tcp -s 192.168.0.0/24 --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 25 -d 192.168.0.0/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT


iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.1.1 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.1.1 --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.0.0/24 --sport 1024:65535 -d 192.168.0.1 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.0.1 --sport 25 -d 192.168.0.0/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.1.2 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.1.2 --sport 110 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT


iptables -A INPUT -p tcp -s 192.168.0.1/24 --sport 1024:65535 -d 192.168.1.2 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.1.2 --sport 110 -d 192.168.0.1/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.0.1/24 --sport 1024:65535 -d 192.168.0.1 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.0.1 --sport 110 -d 192.168.0.1/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT 

iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

am I right or wrong ?
Reply With Quote