Prihlásiť sa Odoslať Novinky :: FAQ :: Rozšírené vyhľadávanie :: Napísali o nás :: Ankety
Main Menu
· Home
· 
· FAQ
· 
· Diskusia
· 
Main Menu
· Domov

Moduly
· AvantGo
· Downloads
· FAQ
· News
· Recommend Us
· Reviews
· Search
· Sections
· Stats
· Topics
· Top List
· Web Links
· Forum
Jazyk
Výber jazykovej mutácie:

FAQ  •  Search  •  Register  •  Log in to check your private messages
Log in  •  Maximize
The time now is 29.04.2024 - 00:17

SKFREE Forum Index » SKFree Network » Software

Iptables - presmerovanie

Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Page 1 of 2 12 >
Author Message
gyro
Post subject: Iptables - presmerovanie  PostPosted: 01.06.2004 - 08:49 #9316
Majster


Joined: Okt 22, 2003
Posts: 3321
Location: Banská Bystrica - Rudlová
Poradite mi ako mam cez IPTables presmerovat poziadavku na internet na moj lokalny WEB server? ... vdaka
 
 View user's profile Send private message Send e-mail Visit poster's website ICQ Number 
Reply with quote Back to top
fleg
Post subject: RE: Iptables - presmerovanie  PostPosted: 01.06.2004 - 13:24 #9324
Majster


Joined: Feb 05, 2003
Posts: 2686
Location: Topolcany
ako to myslis? proste vsetko co ide mimo privatov chces presmerovat na istu ip a urcity port?
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
eXplorer
Post subject: RE: Iptables - presmerovanie  PostPosted: 01.06.2004 - 18:00 #9343
Majster


Joined: Feb 25, 2003
Posts: 2606
Location: BA,BB
Skus to takto :

$IPTABLES -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -d 0/0 -j REDIRECT --to-port 80

kde eth1 je sietovka na ktorej to presmerovanie chces realizovat
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
magnum
Post subject: RE: Iptables - presmerovanie  PostPosted: 01.06.2004 - 19:09 #9346
Basic


Joined: Okt 12, 2003
Posts: 354
neslo by to radsej s -j DNAT --to-destination loc.aln.aip.cka:80 ???

REDIRECT skor pouzivam na proxac ked je na tej istej masine
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
jmi
Post subject: RE: Iptables - presmerovanie  PostPosted: 01.06.2004 - 19:14 #9347
Guru


Joined: Feb 19, 2003
Posts: 1133
Location: blizko Trencina
a este musis mat povoleny FORWARD na ten server a tiez z toho servera do inetu
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
eXplorer
Post subject: RE: Iptables - presmerovanie  PostPosted: 01.06.2004 - 23:28 #9351
Majster


Joined: Feb 25, 2003
Posts: 2606
Location: BA,BB
magnum: Aky je v tom rozdiel ked to aj tak presmerovavam na tu istu lokalnu masinu ? Keby som chcel na nejaku inu tak sa to da vpodstate len tak ako pises ty ...
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
magnum
Post subject: RE: Iptables - presmerovanie  PostPosted: 02.06.2004 - 18:39 #9368
Basic


Joined: Okt 12, 2003
Posts: 354
eXplorer: ved prave ja som tak pochopil otazku, ze verejnu IP ma "nejaka" masina a requesty na nu sa presmerovavaju do vnutra siete na nejaku inu masinu
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
eXplorer
Post subject: RE: Iptables - presmerovanie  PostPosted: 02.06.2004 - 19:20 #9370
Majster


Joined: Feb 25, 2003
Posts: 2606
Location: BA,BB
Gyro to myslel podla mna opacne, vid povodny dotaz
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
gyro
Post subject: RE: Iptables - presmerovanie  PostPosted: 02.06.2004 - 19:24 #9371
Majster


Joined: Okt 22, 2003
Posts: 3321
Location: Banská Bystrica - Rudlová
No vyjadril som sa trocha nepresne Smile ...

Mam lokalny (hlavny) router, cez ktory ficia usery na NET a ja potrebujem na nom niektore IP adresy userov presmerovat na interny WEB server kde je napisane ze "Nezaplatil si za NET, tak budes abstinovat !!!" Smile ....

... dufam ze sa uz rozumieme:)

(presmerovat chcem len poziadavku na Internet, ostatne sluzby necha tak)
 
 View user's profile Send private message Send e-mail Visit poster's website ICQ Number 
Reply with quote Back to top
fleg
Post subject: RE: Iptables - presmerovanie  PostPosted: 02.06.2004 - 21:40 #9373
Majster


Joined: Feb 05, 2003
Posts: 2686
Location: Topolcany
moze to byt takto nejako?
prik. pre siet 10.100.0.0/16
/usr/sbin/iptables -A FORWARD -s 10.100.0.0/8 -d 10.100.0.0/8 -j ACCEPT - toto by malo umoznit pohyb vo vnutri siete 10.100.0.0/8
/usr/sbin/iptables -A FORWARD -s neplatic -d 0.0.0.0/32 PREROUNTING weserver:80

no dufam ze ma opravite ak je to zle (hlavne nekamenovat
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
kockac
Post subject: RE: Iptables - presmerovanie  PostPosted: 02.06.2004 - 21:51 #9374
Basic


Joined: Feb 23, 2003
Posts: 423
Location: Bratislava, Dubravka
Nevyznam sa v iptables, ale tusim si chcel napisat:
fleg wrote: ›moze to byt takto nejako?
prik. pre siet 10.100.0.0/16
/usr/sbin/iptables -A FORWARD -s 10.100.0.0/8 -d 10.100.0.0/8 -j ACCEPT - toto by malo umoznit pohyb vo vnutri siete 10.100.0.0/8
10.100.0.0/16, vo vsetkych 3 pripadoch
fleg wrote: ›/usr/sbin/iptables -A FORWARD -s neplatic -d 0.0.0.0/32 PREROUNTING weserver:80
0.0.0.0/0, /32 je adresa priamo hosta
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
fleg
Post subject: RE: Iptables - presmerovanie  PostPosted: 02.06.2004 - 23:24 #9375
Majster


Joined: Feb 05, 2003
Posts: 2686
Location: Topolcany
kua ja to furt pocitam sprava dolava a nie zlava doprava ... /16 ale /24 som chcel (furt sa mi to myli;o))). to druhe uznavam 0/0 (aj tam som si to spocital opacne;o)) ale skor mi slo o ten ostatny tvar ci by to tag mohlo byt
takze siet 10.100.0.0/24 - predpokladam ze ma takuto jednoduchsiu
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
si
Post subject: RE: Iptables - presmerovanie  PostPosted: 02.06.2004 - 23:51 #9378
Majster


Joined: Jan 12, 2003
Posts: 4250
Location: /dev/null
/usr/sbin/iptables -I PREROUTING -t nat -p tcp -s $SIP --dport $DPORT -j DNAT --to $DIP:$DPORT2

$SIP - IP uzivatela ktoreho potrebujes presmerovat
$DPORT - port sluzby ktoru chces presmerovat (asi 80), ja pri neplatiacom userovi parameter --dport $DPORT nedavam vobec; nech mu to hlasku pise na cokolvek (napriklad aj v otlaku ked si chce stiahnut maily Smile )
$DIP - IP stroja kde mas tu hlasku
$DPORT2 - port kde ti to vypluva tu hlasku (ty to mas asi ako web, takze port 80, ja to ale robim cez inetd ako jedno echo na porte, napriklad:
999 stream tcp nowait nobody /bin/echo /bin/echo Prepacte, ale nezaplatil ste za pouzivanie sluzieb !
a potom smerujem vsetko na port 999:
/usr/sbin/iptables -I PREROUTING -t nat -p tcp -s 10.0.0.250 -j DNAT --to 10.0.0.1:999
(IP su fiktivne, neplatiaci klient je 10.0.0.250, stroj kde mam tuto hlasku v inetd je 10.0.0.1) )
 
 View user's profile Send private message Send e-mail Visit poster's website  
Reply with quote Back to top
gyro
Post subject: RE: Iptables - presmerovanie  PostPosted: 03.06.2004 - 13:20 #9386
Majster


Joined: Okt 22, 2003
Posts: 3321
Location: Banská Bystrica - Rudlová
SI si fakt frajer Smile musim uznat.... paci sa mi to ako to mas spravene idem to urobit aj ja tak, pretoze chcel som to z jednej masiny ale tam uz je WEB server a na podstranku presmerovanie urobit neviem, takze to spravim ako to mas ty .... dík za odpovede ak mi to nepojde ešte pridem... Smile


Last edited by gyro on 03.06.2004 - 15:02; edited 2 times in total
 
 View user's profile Send private message Send e-mail Visit poster's website ICQ Number 
Reply with quote Back to top
gyro
Post subject: RE: Iptables - presmerovanie  PostPosted: 03.06.2004 - 14:46 #9387
Majster


Joined: Okt 22, 2003
Posts: 3321
Location: Banská Bystrica - Rudlová
Code: › 999 stream tcp nowait nobody /bin/echo /bin/echo Prepacte, ale nezaplatil ste za pouzivanie sluzieb !


No mozno budem vypadat Hlupo ... ale to mam napisat do noveho suboru v ceste /etc/xinet.d/ ???

Nejaky prikladik ...
Code: ›
service imap
{
    socket_type    = stream
    protocol       = tcp
    wait           = no
    user           = root
    only_from      = 198.72.5.0 localhost
    banner         = /usr/local/etc/deny_banner
    server         = /usr/local/sbin/imapd
}
 
 View user's profile Send private message Send e-mail Visit poster's website ICQ Number 
Reply with quote Back to top
Display posts from previous:     
All times are GMT
Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Page 1 of 2 12 >
Jump to:  

SKFREE Forum Index » SKFree Network » Software
Powered by PNphpBB2 © 2003-2005 The PNphpBB Group
Credits

(C) SKFree 2002-2010: Powered by POSTNUKE. Môžete prebera? naše správy vo formáte XML(RSS)