Grouping of rules (Creating your own chain)
-------------------------------------------
# iptables –N WEB
# iptables –N SSH
# iptables –N FTP
# iptables –t filter –I INPUT --goto FTP |
|
# iptables –t filter –I INPUT --goto WEB |-- Putting references of User Defile chain in
| origional chains (Eg: INPUT, OUTPUT, FORWARD)
# iptables –t filter –I INPUT --goto SSH |
# iptables -t filter -I FTP -s 192.168.0.21 -p tcp --dport 21 -j REJECT
# iptables -t filter -I WEB -s 192.168.0.16 -p tcp --dport 80 -j REJECT
# iptables -t filter -I WEB -s 192.168.0.4 -p tcp --dport 80 -j DROP
# iptables -t filter -I SSH -s 192.168.0.28 -p tcp --dport 22 -j REJECT
Deleting User Defined Chains
----------------------------
To delete user define chain first we need to remove the references the
we need to clear all rules of custom chain.
# iptables -X FTP ----- it will give you error "too many links"
# iptables -t filter -D FTP 1 ------ Removing rules of FTP chain
# iptables -t filter -D INPUT 2 --- Removing FTP CHAIN link from INPUT chain.
Now Delete
# iptables -X FTP
NAT (Network Address Translatin)
----------------------------------
Q. Why we use NAT ?
A. To Hide Your Intranet from Internet.
To Share internet Connection.
NATing are of two types :--
1. Source Network Address Translatin (SNAT)
2. Destinatin Network Address Translatin (DNAT)
Steps for NATing
At first we need to enable "Packet Forwarding"
# vim /etc/sysctl.conf
net.ipv4.ip_forward=1
:wq!
# sysctl -p
Senario 1
-------
My ip is 192.168.0.22, whenever 192.168.0.16 is trying to ssh to my ip i will forward that to 192.168.0.4.
#iptables -t nat -I PREROUTING -s 192.168.0.4 -p tcp --dport 22 -j DNAT --to-dest 192.168.0.4:22
#iptables -t nat -I POSTROUTING -j MASQUERAGE
#iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to-dest 192.168.0.4:80
#iptables -t nat -I PREROUTING -p tcp --dport 8080 -j DNAT --to-dest 192.168.0.16:80
No comments:
Post a Comment