Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!

Ogłoszenie

Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.

Strony: 1

 

#1  2007-02-15 01:44:42

  blazejwiecha - Użytkownik

blazejwiecha
Użytkownik
Skąd: swiętochłowice
Zarejestrowany: 2005-11-12
Serwis

błąd w firewall by biexi mam i nie wiem gdzie to jest.

Oto konfig firewalla:

Kod:

echo 1 > /proc/sys/net/ipv4/ip_forward
#####

#/sbin/modprobe iptable_filter 
#/sbin/modprobe ip_conntrack 
#/sbin/modprobe iptable_nat 
#/sbin/modprobe ipt_MASQUERADE 
#/sbin/modprobe ipt_REDIRECT 
#/sbin/modprobe ip_nat_ftp 
#/sbin/modprobe ip_nat_irc 
#/sbin/modprobe ip_conntrack_ftp 
#/sbin/modprobe ip_conntrack_irc 

####
iptables -F
iptables -X
iptables -t nat -X
iptables -t nat -F

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

iptables -A FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
#www
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -i eth1 --dport 80 -j ACCEPT
#jescze cos##########

iptables -A INPUT -p tcp -j ACCEPT -m state --state ESTABLISHED,RELATED 
iptables -A FORWARD -p tcp -j ACCEPT -m state --state ESTABLISHED,RELATED 
iptables -A OUTPUT -p tcp -j ACCEPT -m state --state ESTABLISHED,RELATED 
iptables -A INPUT -p udp -j ACCEPT -m state --state ESTABLISHED,RELATED 
iptables -A FORWARD -p udp -j ACCEPT -m state --state ESTABLISHED,RELATED 
iptables -A OUTPUT -p udp -j ACCEPT -m state --state ESTABLISHED,RELATED 
iptables -A INPUT -p icmp -j ACCEPT -m state --state ESTABLISHED,RELATED 
iptables -A FORWARD -p icmp -j ACCEPT -m state --state ESTABLISHED,RELATED 
iptables -A OUTPUT -p icmp -j ACCEPT -m state --state ESTABLISHED,RELATED 

#####################

iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT 
iptables -A OUTPUT -p udp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT




iptables -A INPUT -i lo -j ACCEPT
iptables -A FORWARD -o lo -j ACCEPT

#SQUID działający TEN DZIAŁA PONIŻSZE DWA ODHASHOWAĆ
#iptables -A FORWARD -s 192.168.0.1 -j ACCEPT
#iptables -A FORWARD -d 192.168.0.1 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128



#lub nie działa
#iptables -A FORWARD -s 192.168.0.1 -j ACCEPT
#iptables -A FORWARD -d 192.168.0.1 -j ACCEPT

#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.0.100:8080

#blokada niechcianych portów

iptables -I FORWARD -p tcp --dport 137:139 -s 192.168.0.0/24 -j DROP
iptables -I FORWARD -p udp --dport 137:139 -s 192.168.0.0/24 -j DROP
iptables -I FORWARD -p tcp --dport 135 -s 192.168.0.0/24 -j DROP
iptables -I FORWARD -p udp --dport 135 -s 192.168.0.0/24 -j DROP
iptables -I FORWARD -p tcp --dport 445 -s 192.168.0.0/24 -j DROP
iptables -I FORWARD -p udp --dport 445 -s 192.168.0.0/24 -j DROP
iptables -I FORWARD -p tcp --dport 113 -s 192.168.0.0/24 -j DROP
iptables -I FORWARD -p tcp --dport 2825 -s 192.168.0.0/24 -j DROP
iptables -I FORWARD -p udp --dport 2825 -s 192.168.0.0/24 -j DROP
iptables -I FORWARD -p tcp --dport 1189:1198 -s 192.168.0.0/24 -j DROP
iptables -I FORWARD -p udp --dport 1189:1198 -s 192.168.0.0/24 -j DROP
iptables -I FORWARD -p tcp --dport 1025 -s 192.168.0.0/24 -j DROP
iptables -I FORWARD -p udp --dport 1025 -s 192.168.0.0/24 -j DROP
iptables -I FORWARD -p tcp --dport 3127 -s 192.168.0.0/24 -j DROP
iptables -I FORWARD -p udp --dport 3127 -s 192.168.0.0/24 -j DROP

#iptables -I FORWARD -p tcp --dport 1000:4000 -s 192.168.0.0/24 -j DROP
#iptables -I FORWARD -p udp --dport 1000:4000 -s 192.168.0.0/24 -j DROP
#iptables -I FORWARD -p tcp --dport 7002:65535 -s 192.168.0.0/24 -j DROP
#iptables -I FORWARD -p udp --dport 7002:65535 -s 192.168.0.0/24 -j DROP

#SQUID działający TEN DZIAŁA PONIŻSZE DWA ODHASHOWAĆ
###TEN DZIAŁA NA 100%
#iptables -A FORWARD -s 192.168.0.1 -j ACCEPT
#iptables -A FORWARD -d 192.168.0.1 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128




#przekierowanie konkretnych portów
iptables -A FORWARD -s 192.168.0.2 -j ACCEPT
iptables -A FORWARD -d 192.168.0.2 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 49155 -j DNAT --to 192.168.0.2:49155
iptables -t nat -A PREROUTING -p udp --dport 49155 -j DNAT --to 192.168.0.2:49155
iptables -t nat -A PREROUTING -p tcp --dport 7100 -j DNAT --to 192.168.0.2:7100
iptables -t nat -A PREROUTING -p udp --dport 7100 -j DNAT --to 192.168.0.2:7100
iptables -t nat -A PREROUTING -p tcp --dport 1026 -j DNAT --to 192.168.0.2:1026
iptables -t nat -A PREROUTING -p udp --dport 1026 -j DNAT --to 192.168.0.2:1026
iptables -t nat -A PREROUTING -p tcp --dport 1560 -j DNAT --to 192.168.0.2:1560
iptables -t nat -A PREROUTING -p udp --dport 1560 -j DNAT --to 192.168.0.2:1560


iptables -t nat -A PREROUTING -p tcp --dport 4662 -j DNAT --to 192.168.0.2:4662
iptables -t nat -A PREROUTING -p udp --dport 4672 -j DNAT --to 192.168.0.2:4672
#iptables -t nat -A PREROUTING -p tcp --dport 6969 -j DNAT --to 192.168.0.2:6969
iptables -A FORWARD -s 192.168.0.70 -j ACCEPT
iptables -A FORWARD -d 192.168.0.70 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 49152 -j DNAT --to 192.168.0.70:49152
iptables -t nat -A PREROUTING -p udp --dport 49152 -j DNAT --to 192.168.0.70:49152
iptables -t nat -A PREROUTING -p tcp --dport 7017 -j DNAT --to 192.168.0.70:7017
iptables -t nat -A PREROUTING -p udp --dport 7017 -j DNAT --to 192.168.0.70:7017
iptables -A FORWARD -s 192.168.0.28 -j ACCEPT
iptables -A FORWARD -d 192.168.0.28 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 7009 -j DNAT --to 192.168.0.28:7009
iptables -t nat -A PREROUTING -p udp --dport 7009 -j DNAT --to 192.168.0.28:7009



iptables -A FORWARD -s 192.168.0.39 -j ACCEPT
iptables -A FORWARD -d 192.168.0.39 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 4669 -j DNAT --to 192.168.0.39:4669
iptables -t nat -A PREROUTING -p udp --dport 4679 -j DNAT --to 192.168.0.39:4679
iptables -A FORWARD -s 192.168.0.8 -j ACCEPT
iptables -A FORWARD -d 192.168.0.8 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 4668 -j DNAT --to 192.168.0.8:4668
iptables -t nat -A PREROUTING -p udp --dport 4677 -j DNAT --to 192.168.0.8:4677
iptables -A FORWARD -s 192.168.0.7 -j ACCEPT
iptables -A FORWARD -d 192.168.0.7 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 4666 -j DNAT --to 192.168.0.7:4666
iptables -t nat -A PREROUTING -p udp --dport 4673 -j DNAT --to 192.168.0.7:4673
iptables -t nat -A PREROUTING -p udp --dport 4666 -j DNAT --to 192.168.0.7:4666
iptables -A FORWARD -s 192.168.0.26 -j ACCEPT
iptables -A FORWARD -d 192.168.0.26 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 7002 -j DNAT --to 192.168.0.26:7002
iptables -t nat -A PREROUTING -p udp --dport 7002 -j DNAT --to 192.168.0.26:7002

iptables -A FORWARD -s 192.168.0.18 -j ACCEPT
iptables -A FORWARD -d 192.168.0.18 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 7003 -j DNAT --to 192.168.0.18:7003
iptables -t nat -A PREROUTING -p udp --dport 7003 -j DNAT --to 192.168.0.18:7003


#blokowane nieznane MAC

iptables -I FORWARD -m mac --mac-source 00:0A:E4:E2:CA:73 -j DROP
iptables -I FORWARD -m mac --mac-source 00:40:61:4B:90:61 -j DROP
iptables -I FORWARD -m mac --mac-source 00:50:FC:88:20:49 -j DROP
iptables -I FORWARD -m mac --mac-source 00:14:85:BB:3D:FF -j DROP
iptables -I FORWARD -m mac --mac-source 00:14:A4:5D:C6:19 -j DROP
iptables -I FORWARD -m mac --mac-source 00:E0:2E:52:2B:38 -j DROP
iptables -I FORWARD -m mac --mac-source 00:40:F4:B9:16:19 -j DROP
iptables -I FORWARD -m mac --mac-source 00:50:FC:88:20:49 -j DROP
iptables -I FORWARD -m mac --mac-source 00:0E:9B:C0:C3:9D -j DROP
iptables -I FORWARD -m mac --mac-source 00:14:A5:2F:7D:43 -j DROP
iptables -I FORWARD -m mac --mac-source 00:16:CE:31:B6:BE -j DROP


###SŁAWEK SZUSZKIEWICZ blokada

#iptables -I FORWARD -m mac --mac-source 00:01:E3:45:AC:D7 -j DROP

###Przelaczkowscy blok
iptables -I FORWARD -m mac --mac-source 00:04:61:55:BE:54 -j DROP
iptables -I FORWARD -m mac --mac-source 00:0B:2B:12:7F:1B -j DROP
iptables -I FORWARD -m mac --mac-source 00:80:C6:E7:DF:2B -j DROP
###Klaudia blok
#iptables -I FORWARD -m mac --mac-source 00:11:50:8A:BF:0F -j DROP
###Barczyk Blok
#iptables -I FORWARD -m mac --mac-source 00:80:C6:E7:79:BA -j DROP
###GrzegorzWiecha
#iptables -I FORWARD -m mac --mac-source 00:16:6F:1D:C4:2B -j DROP



####BLOKADA RIAA
iptables -t filter -I INPUT -s 68.163.75.0/24 -d 0/0 -j DROP
iptables -t filter -I OUTPUT -s 68.163.75.0/24 -d 0/0 -j DROP
####SPAM na Hugonnet.org
iptables -t filter -I INPUT -s 201.46.243.6 -d 0/0 -j DROP
iptables -t filter -I OUTPUT -s 201.46.243.6 -d 0/0 -j DROP
####BLOKADA GEMIUS.PL
iptables -t filter -I INPUT -s 80.48.15.244 -d 0/0 -j DROP
iptables -t filter -I OUTPUT -s 80.48.15.244 -d 0/0 -j DROP

#Inne blokowane hosty
iptables -t filter -I INPUT -s 64.202.189.170 -d 0/0 -j DROP
iptables -t filter -I OUTPUT -s 64.202.189.170 -d 0/0 -j DROP
iptables -t filter -I INPUT -s 66.185.126.34 -d 0/0 -j DROP
iptables -t filter -I OUTPUT -s 66.185.126.34 -d 0/0 -j DROP



##Banner w gg
#iptables -t nat -A PREROUTING -d adserver.gadu-gadu.pl -s 192.168.0.0/24 -p tcp --dport 80 -j DNAT --to 192.168.0.1
#iptables -t nat -A PREROUTING -d adserver.gadu-gadu.pl -s 192.168.0.0/24 -p tcp --dport 3128 -j DNAT --to 192.168.0.1


#test

#ograniczenie ilosci otwartych sesji TCP do 150/host
#iptables -I FORWARD -s 192.168.0.0/24 -p tcp --syn -m connlimit --connlimit-above 150 --connlimit-mask 32 -j DROP
#iptables -I FORWARD -s 83.15.24.203 -p tcp --syn -m connlimit --connlimit-above 150 --connlimit-mask 32 -j DROP

#ograniczenie ICMP
iptables -A INPUT -p icmp -s 0/0 -m limit --limit 2/s --limit-burst 4 -j ACCEPT

#ograniczenie UDP
#iptables -I FORWARD -p udp -s 192.168.0.0/24 -m limit --limit 30/s -j ACCEPT
#iptables -I FORWARD -p udp -s IP_ZEWN_MISKA -m limit --limit 30/s -j ACCEPT


#layer 7


#iptables -t mangle -A FORWARD -m layer7 --l7proto ares -j DROP
#iptables -t mangle -A FORWARD -m layer7 --l7proto fasttrack -j DROP
#iptables -t mangle -A FORWARD -m layer7 --l7proto gnutella -j DROP
#iptables -t mangle -A FORWARD -m layer7 --l7proto edonkey -j DROP
#iptables -t mangle -A FORWARD -m layer7 --l7proto napster -j DROP
iptables -A FORWARD -m layer7 --l7proto ares -p tcp --dport 80 -j REJECT
iptables -A FORWARD -m layer7 --l7proto fasttrack -p tcp --dport 80 -j REJECT
iptables -A FORWARD -m layer7 --l7proto gnutella -p tcp --dport 80 -j REJECT
iptables -A FORWARD -m layer7 --l7proto edonkey -p tcp --dport 80 -j REJECT
iptables -A FORWARD -m layer7 --l7proto napster -p tcp --dport 80 -j REJECT
iptables -A FORWARD -m layer7 --l7proto bittorrent -p tcp --dport 80 -j REJECT
iptables -A FORWARD -m layer7 --l7proto directconnect -p tcp --dport 80 -j REJECT
iptables -A FORWARD -m layer7 --l7proto imesh -p tcp --dport 80 -j REJECT
iptables -A FORWARD -m layer7 --l7proto ares -p tcp --sport 80 -j REJECT
iptables -A FORWARD -m layer7 --l7proto fasttrack -p tcp --sport 80 -j REJECT
iptables -A FORWARD -m layer7 --l7proto gnutella -p tcp --sport 80 -j REJECT
iptables -A FORWARD -m layer7 --l7proto edonkey -p tcp --sport 80 -j REJECT
iptables -A FORWARD -m layer7 --l7proto napster -p tcp --sport 80 -j REJECT
iptables -A FORWARD -m layer7 --l7proto bittorrent -p tcp --sport 80 -j REJECT
iptables -A FORWARD -m layer7 --l7proto directconnect -p tcp --sport 80 -j REJECT
iptables -A FORWARD -m layer7 --l7proto imesh -p tcp --sport 80 -j REJECT


#### Reguly HTB ####
#iptables -t mangle -F
#iptables -t mangle -X
#iptables -t mangle -N lay7
#iptables -t mangle -A POSTROUTING -j lay7
#iptables -t mangle -A lay7 -m layer7 --l7proto bittorrent -j MARK --set-mark 1 iptables -t mangle -A lay7 -o eth1 -m mark --mark 1 -j CLASSIFY --set-class 2:2
#iptables -t mangle -A lay7 -m layer7 --l7proto smtp -j MARK --set-mark 2
#iptables -t mangle -A lay7 -o eth1 -m mark --mark 2 -j CLASSIFY --set-class 2:3

#logi sieci dla pewnosci i wolnosci TESST

#iptables -t nat -A POSTROUTING -s 192.168.0/24 -d 0/0 -m state --state NEW -j LOG --log-level info --log-prefix "IP NAT: " 



####blokada SSH po nieudanych próbach
iptables -I INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --set

iptables -I INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --update --seconds 300 --hitcount 3 -j DROP
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 300 --hitcount 3 -j DROP




#SQUID działający TEN DZIAŁA PONIŻSZE DWA ODHASHOWAĆ
#iptables -A FORWARD -s 192.168.0.1 -j ACCEPT
#iptables -A FORWARD -d 192.168.0.1 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

iptables -A INPUT -s 0/0 -d xx.15.24.203 -p tcp --dport 22 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 0/0 -d xx.15.24.203 -p udp --dport 22 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p udp --dport 22 -j ACCEPT

iptables -A INPUT -s 0/0 -d xx.15.24.203 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -s 0/0 -d xx.15.24.203 -p udp --dport 80 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p udp --dport 80 -j ACCEPT

iptables -A INPUT -s 0/0 -d 192.168.0.1 -p tcp --dport 22 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.0.1 -p udp --dport 22 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p udp --dport 22 -j ACCEPT

iptables -A INPUT -s 0/0 -d 192.168.0.1 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.0.1 -p udp --dport 80 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p udp --dport 80 -j ACCEPT

iptables -A INPUT -s 0/0 -d xx.15.24.203 -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -s 0/0 -d xx.15.24.203 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p udp --dport 53 -j ACCEPT

iptables -A INPUT -s 0/0 -d 192.168.0.1 -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.0.1 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p udp --dport 53 -j ACCEPT

iptables -A INPUT -s 0/0 -d 192.168.0.1 -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.0.1 -p udp --dport 21 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p udp --dport 21 -j ACCEPT

iptables -A INPUT -s 0/0 -d xx.15.24.203 -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -s 0/0 -d xx.15.24.203 -p udp --dport 21 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p udp --dport 21 -j ACCEPT

iptables -A INPUT -s 0/0 -d xx.15.24.203 -p tcp --dport 10000 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p tcp --dport 10000 -j ACCEPT
iptables -A INPUT -s 0/0 -d xx.15.24.203 -p udp --dport 10000 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p udp --dport 10000 -j ACCEPT

iptables -A INPUT -s 0/0 -d 192.168.0.1 -p tcp --dport 10000 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p tcp --dport 10000 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.0.1 -p udp --dport 10000 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p udp --dport 10000 -j ACCEPT

iptables -A INPUT -s 0/0 -d xx.15.24.203 -p tcp --dport 3306 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -s 0/0 -d xx.15.24.203 -p udp --dport 3306 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p udp --dport 3306 -j ACCEPT

iptables -A INPUT -s 0/0 -d 192.168.0.1 -p tcp --dport 3306 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.0.1 -p udp --dport 3306 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p udp --dport 3306 -j ACCEPT

iptables -A INPUT -s 0/0 -d 192.168.0.1 -p tcp --dport 3128 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.0.1 -p udp --dport 3128 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p udp --dport 3128 -j ACCEPT

iptables -A INPUT -s 0/0 -d xx.15.24.203 -p tcp --dport 3128 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -s 0/0 -d xx.15.24.203 -p udp --dport 3128 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p udp --dport 3128 -j ACCEPT

iptables -A INPUT -s 0/0 -d 192.168.0.1 -p tcp --dport 3000 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p tcp --dport 3000 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.0.1 -p udp --dport 3000 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p udp --dport 3000 -j ACCEPT

iptables -A INPUT -s 0/0 -d xx.15.24.203 -p tcp --dport 3000 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p tcp --dport 3000 -j ACCEPT
iptables -A INPUT -s 0/0 -d xx.15.24.203 -p udp --dport 3000 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p udp --dport 3000 -j ACCEPT

iptables -A INPUT -s 0/0 -d 192.168.0.2 -p tcp --dport 1026 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.2 -p tcp --dport 1026 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.0.2 -p udp --dport 1026 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.2 -p udp --dport 1026 -j ACCEPT

iptables -A INPUT -s 0/0 -d xx.15.24.203 -p tcp --dport 1026 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p tcp --dport 1026 -j ACCEPT
iptables -A INPUT -s 0/0 -dxx.15.24.203 -p udp --dport 1026 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p udp --dport 1026 -j ACCEPT

iptables -A INPUT -s 0/0 -d 192.168.0.1 -p tcp --dport 997 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p tcp --dport 997 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.0.1 -p udp --dport 997 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.1 -p udp --dport 997 -j ACCEPT

iptables -A INPUT -s 0/0 -d xx.15.24.203 -p tcp --dport 997 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p tcp --dport 997 -j ACCEPT
iptables -A INPUT -s 0/0 -d xx.15.24.203 -p udp --dport 997 -j ACCEPT
iptables -A FORWARD -s 0/0 -d xx.15.24.203 -p udp --dport 997 -j ACCEPT

# blazej - lipowa50
iptables -t nat -A POSTROUTING -s 192.168.0.2 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:16:E6:6B:75:BE -j ACCEPT 

# plaszczyk - brzozowa
iptables -t nat -A POSTROUTING -s 192.168.0.3 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:40:F4:64:9A:C1 -j ACCEPT 

# rabenda - brzozowa
iptables -t nat -A POSTROUTING -s 192.168.0.4 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:40:F4:64:9A:98 -j ACCEPT 

# mikolajczy - brzozowa
iptables -t nat -A POSTROUTING -s 192.168.0.5 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:04:61:4B:90:61 -j ACCEPT 

# koczwara - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.6 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:30:4F:11:9E:BE -j ACCEPT 

# mlynarczyk - brzozowa
iptables -t nat -A POSTROUTING -s 192.168.0.7 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:E0:4C:07:F1:F6 -j ACCEPT 

# SOLAR - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.8 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E8:5B:04 -j ACCEPT 

# strzyga - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.9 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:40:F4:60:EB:AC -j ACCEPT 

# machelak - jesionowa
iptables -t nat -A POSTROUTING -s 192.168.0.10 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:14:38:16:8E:CA -j ACCEPT 

# rabenda - brzozowa
iptables -t nat -A POSTROUTING -s 192.168.0.11 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:40:F4:91:E3:5B -j ACCEPT 

# skowron - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.12 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:E0:4C:E2:06:0D -j ACCEPT 

# baryla - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.13 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:E0:4C:E2:05:FE -j ACCEPT 

# koczwara - brzozowa
iptables -t nat -A POSTROUTING -s 192.168.0.15 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:13:0D:34:26:77 -j ACCEPT 

# igor - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.16 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E8:2F:FF -j ACCEPT 

# pietroniec - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.17 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:0D:3A:D4:52:27 -j ACCEPT 

# Pietroniec - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.18 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:13:8F:C2:77:3C -j ACCEPT 

# pietroniec - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.19 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 4C:00:10:50:DB:05 -j ACCEPT 

# blaszczyk - brzozowa
iptables -t nat -A POSTROUTING -s 192.168.0.20 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:B9:E3 -j ACCEPT 

# sasiadtomka - topolowa
iptables -t nat -A POSTROUTING -s 192.168.0.21 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E8:25:C8 -j ACCEPT 

# ktos - ktos
iptables -t nat -A POSTROUTING -s 192.168.0.24 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E8:66:88 -j ACCEPT 

# tatarczyk - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.25 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:C1:26:07:31:20 -j ACCEPT 

# zwak - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.26 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:08:A1:80:FF:14 -j ACCEPT 

# morawski - brzozowa
iptables -t nat -A POSTROUTING -s 192.168.0.27 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:79:B1 -j ACCEPT 

# wiecha - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.28 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:11:50:8A:BF:0F -j ACCEPT 

# ap - lipowa50
iptables -t nat -A POSTROUTING -s 192.168.0.30 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:4F:62:04:CD:90 -j ACCEPT 

# GrzegorzWiecha - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.31 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:16:6F:1D:C4:2B -j ACCEPT 

# leoAP - brzozowa
iptables -t nat -A POSTROUTING -s 192.168.0.32 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:30:4F:28:D1:75 -j ACCEPT 

# tatarczyk - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.33 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:7C:5F -j ACCEPT 

# marekz - klon10
iptables -t nat -A POSTROUTING -s 192.168.0.34 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:60:B3:16:99:7F -j ACCEPT 

# Leokomp2 - brzozowa
iptables -t nat -A POSTROUTING -s 192.168.0.35 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:50:FC:88:02:49 -j ACCEPT 

# marekz - klonowa
iptables -t nat -A POSTROUTING -s 192.168.0.36 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:6A:AE -j ACCEPT 

# Leszekkomp1 - brzozowa
iptables -t nat -A POSTROUTING -s 192.168.0.37 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:13:02:B6:D7:A7 -j ACCEPT 

# wojtek - brzozowa9
iptables -t nat -A POSTROUTING -s 192.168.0.38 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:30:4F:2E:28:A5 -j ACCEPT 

# Kasia - akacjowa11
iptables -t nat -A POSTROUTING -s 192.168.0.39 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E8:3B:21 -j ACCEPT 

# sasiadBAQ - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.40 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:0E:2E:B0:D2:FC -j ACCEPT 

# staniow - topolowa
iptables -t nat -A POSTROUTING -s 192.168.0.45 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:33:68 -j ACCEPT 

# korus - niewiem
iptables -t nat -A POSTROUTING -s 192.168.0.46 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:2B:42 -j ACCEPT 

# pawelec - niewiem
iptables -t nat -A POSTROUTING -s 192.168.0.47 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:D2:FC -j ACCEPT 

# kubecki - topolowa
iptables -t nat -A POSTROUTING -s 192.168.0.48 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:6B:2F -j ACCEPT 

# szuszkiewicz - brzozowa
iptables -t nat -A POSTROUTING -s 192.168.0.49 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:01:E3:45:AC:D7 -j ACCEPT 

# machelak - jesionowa3
iptables -t nat -A POSTROUTING -s 192.168.0.50 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:13:46:C4:B1:6A -j ACCEPT 

# lekarka - kasztanowa1
iptables -t nat -A POSTROUTING -s 192.168.0.51 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:5F:47 -j ACCEPT 

# gracjan - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.52 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:5F:46 -j ACCEPT 

# sosna - niewiem
iptables -t nat -A POSTROUTING -s 192.168.0.53 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:6B:E6 -j ACCEPT 

# hadkin - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.54 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:5F:45 -j ACCEPT 

# weglarzy - brzozowa
iptables -t nat -A POSTROUTING -s 192.168.0.58 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:79:9C -j ACCEPT 

# barczyk - niewiem
iptables -t nat -A POSTROUTING -s 192.168.0.59 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:79:BA -j ACCEPT 

# wiecha - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.60 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:0D:3A:51:7A:CF -j ACCEPT 

# blazejlap - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.70 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:10:60:63:2A:1A -j ACCEPT 

# blazejlap2 - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.71 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:40:D0:90:A0:3F -j ACCEPT 

# leszekwifi - brzozowa
iptables -t nat -A POSTROUTING -s 192.168.0.72 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:30:4F:2F:D1:77 -j ACCEPT 

# serw2 - lipowa
iptables -t nat -A POSTROUTING -s 192.168.0.100 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:0A:CD:04:D3:62 -j ACCEPT 

# SKOP - bukowa139
iptables -t nat -A POSTROUTING -s 192.168.0.74 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:80:C6:E8:9F:2A -j ACCEPT 

# LEOSIECLOK - BRZOZOWA
iptables -t nat -A POSTROUTING -s 192.168.0.75 -j MASQUERADE 
iptables -A FORWARD -m mac --mac-source 00:03:0D:49:EE:7D -j ACCEPT 

iptables -D FORWARD -m mac --mac-source 00:00:00:00:00:01 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:00:00:00:00:01 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:00:00:00:00:01 -p tcp --dport 997 -s 10.10.10.3 -d 192.168.0.1 -j ACCEPT
iptables -A PREROUTING -t nat -s 10.10.10.3 -p tcp --dport 1:52 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 10.10.10.3 -p tcp --dport 54:442 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 10.10.10.3 -p tcp --dport 444:3127 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 10.10.10.3 -p tcp --dport 3129:65535 -j DNAT --to 192.168.0.1:997
iptables -A FORWARD -s 192.168.0.1 -j ACCEPT
iptables -A FORWARD -d 192.168.0.1 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -s 10.10.10.3 -p tcp --dport 3128 -j REDIRECT --to-port 997

iptables -D FORWARD -m mac --mac-source 00:80:C6:E7:79:BA -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:79:BA -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:79:BA -p tcp --dport 997 -s 192.168.0.59 -d 192.168.0.1 -j ACCEPT
iptables -A PREROUTING -t nat -s 192.168.0.59 -p tcp --dport 1:52 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.59 -p tcp --dport 54:442 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.59 -p tcp --dport 444:3127 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.59 -p tcp --dport 3129:65535 -j DNAT --to 192.168.0.1:997
iptables -A FORWARD -s 192.168.0.1 -j ACCEPT
iptables -A FORWARD -d 192.168.0.1 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -s 192.168.0.59 -p tcp --dport 3128 -j REDIRECT --to-port 997

iptables -D FORWARD -m mac --mac-source 00:80:C6:E7:5F:46 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:5F:46 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:5F:46 -p tcp --dport 997 -s 192.168.0.52 -d 192.168.0.1 -j ACCEPT
iptables -A PREROUTING -t nat -s 192.168.0.52 -p tcp --dport 1:52 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.52 -p tcp --dport 54:442 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.52 -p tcp --dport 444:3127 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.52 -p tcp --dport 3129:65535 -j DNAT --to 192.168.0.1:997
iptables -A FORWARD -s 192.168.0.1 -j ACCEPT
iptables -A FORWARD -d 192.168.0.1 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -s 192.168.0.52 -p tcp --dport 3128 -j REDIRECT --to-port 997

iptables -D FORWARD -m mac --mac-source 00:80:C6:E7:6B:E6 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:6B:E6 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:80:C6:E7:6B:E6 -p tcp --dport 997 -s 192.168.0.53 -d 192.168.0.1 -j ACCEPT
iptables -A PREROUTING -t nat -s 192.168.0.53 -p tcp --dport 1:52 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.53 -p tcp --dport 54:442 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.53 -p tcp --dport 444:3127 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.53 -p tcp --dport 3129:65535 -j DNAT --to 192.168.0.1:997
iptables -A FORWARD -s 192.168.0.1 -j ACCEPT
iptables -A FORWARD -d 192.168.0.1 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -s 192.168.0.53 -p tcp --dport 3128 -j REDIRECT --to-port 997

iptables -D FORWARD -m mac --mac-source 00:80:C6:E8:3B:21 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:80:C6:E8:3B:21 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:80:C6:E8:3B:21 -p tcp --dport 997 -s 192.168.0.39 -d 192.168.0.1 -j ACCEPT
iptables -A PREROUTING -t nat -s 192.168.0.39 -p tcp --dport 1:52 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.39 -p tcp --dport 54:442 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.39 -p tcp --dport 444:3127 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.39 -p tcp --dport 3129:65535 -j DNAT --to 192.168.0.1:997
iptables -A FORWARD -s 192.168.0.1 -j ACCEPT
iptables -A FORWARD -d 192.168.0.1 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -s 192.168.0.39 -p tcp --dport 3128 -j REDIRECT --to-port 997

iptables -D FORWARD -m mac --mac-source 00:01:E3:45:AC:D7 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:01:E3:45:AC:D7 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:01:E3:45:AC:D7 -p tcp --dport 997 -s 192.168.0.49 -d 192.168.0.1 -j ACCEPT
iptables -A PREROUTING -t nat -s 192.168.0.49 -p tcp --dport 1:52 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.49 -p tcp --dport 54:442 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.49 -p tcp --dport 444:3127 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.49 -p tcp --dport 3129:65535 -j DNAT --to 192.168.0.1:997
iptables -A FORWARD -s 192.168.0.1 -j ACCEPT
iptables -A FORWARD -d 192.168.0.1 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -s 192.168.0.49 -p tcp --dport 3128 -j REDIRECT --to-port 997

iptables -D FORWARD -m mac --mac-source 00:13:46:C4:B1:6A -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:13:46:C4:B1:6A -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:13:46:C4:B1:6A -p tcp --dport 997 -s 192.168.0.50 -d 192.168.0.1 -j ACCEPT
iptables -A PREROUTING -t nat -s 192.168.0.50 -p tcp --dport 1:52 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.50 -p tcp --dport 54:442 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.50 -p tcp --dport 444:3127 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.50 -p tcp --dport 3129:65535 -j DNAT --to 192.168.0.1:997
iptables -A FORWARD -s 192.168.0.1 -j ACCEPT
iptables -A FORWARD -d 192.168.0.1 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -s 192.168.0.50 -p tcp --dport 3128 -j REDIRECT --to-port 997

iptables -D FORWARD -m mac --mac-source 00:14:38:16:8E:CA -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:14:38:16:8E:CA -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:14:38:16:8E:CA -p tcp --dport 997 -s 192.168.0.10 -d 192.168.0.1 -j ACCEPT
iptables -A PREROUTING -t nat -s 192.168.0.10 -p tcp --dport 1:52 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.10 -p tcp --dport 54:442 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.10 -p tcp --dport 444:3127 -j DNAT --to 192.168.0.1:997
iptables -A PREROUTING -t nat -s 192.168.0.10 -p tcp --dport 3129:65535 -j DNAT --to 192.168.0.1:997
iptables -A FORWARD -s 192.168.0.1 -j ACCEPT
iptables -A FORWARD -d 192.168.0.1 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -s 192.168.0.10 -p tcp --dport 3128 -j REDIRECT --to-port 997

błąd tyczy się iptables: Bad rule (does a matching rule exist in that chain?)

znalazłem błąd. Post do zamknięcia .... był błąd w adresie 10.10.... taki nie mógł występować.

Pytanie jednak przy okazji pisania tego posta.
Gdzie wprowadzić do kodu By Biexi kawałek regułki tyczący się squida by działał zarówno squid jak i mozliwość blokowania osób nie płacących.

Linux Registered user #386246

Offline

 

 

Strony: 1

Stopka forum

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson
Nas ludzie lubią po prostu, a nie klikając w przyciski ;-)