Thread: Open Mail Ports

View Single Post
  #5 (permalink)  
Old 13th December 2006, 11:29 AM
B!n@ry's Avatar
B!n@ry B!n@ry is offline
Senior Member
  
Join Date: Dec 2006
Location: B!n@ry-z0ne
OS: Ojuba 3
Posts: 129
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
B!n@ry
Send a message via MSN to B!n@ry
Default
Ok lets finalize the case my script shall be like this:

Code:
SQUID_SERVER="192.168.0.1"
INTERNET="eth1"
LAN_IN="eth0"
SQUID_PORT="3120"
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT


iptables -A OUTPUT -p tcp -s 192.168.1.1 --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -jACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 25 -d 192.168.1.1 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

iptables -t nat -A POSTROUTING -o eth1 -p tcp -s 192.168.0.0/24 --sport 1024:65535 -d 0/0 --dport 25 -j SNAT --to 192.168.1.1
iptables -A OUTPUT -p tcp -s 192.168.0.0/24 --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 25 -d 192.168.0.0/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT


iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.1.1 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.1.1 --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.0.0/24 --sport 1024:65535 -d 192.168.0.1 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.0.1 --sport 25 -d 192.168.0.0/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.1.2 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.1.2 --sport 110 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT


iptables -A INPUT -p tcp -s 192.168.0.1/24 --sport 1024:65535 -d 192.168.1.2 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.1.2 --sport 110 -d 192.168.0.1/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.0.1/24 --sport 1024:65535 -d 192.168.0.1 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.0.1 --sport 110 -d 192.168.0.1/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT 

iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

am I right or wrong ?
Reply With Quote