NETWORK SECURITY (ip masquarading):
IPTABLES:
/etc/sysctl.conf: net.ipv4.ip_forward=1
/etc/sysconfig/network: FORWARD_IPV4=yes
-->reboot
echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all
-->works with no net restart
_broadcasts
rmmod ipchains
rpm -e ipchains
rpm -e iptables
iptables -F --> to delete all exsisting rules
-X
-Z
serves to "nagate" the address
iptables -t filter -A INPUT -s ! 192.168.0.254 -j DROP
to c the results: iptables -nL
service iptables save
restore
config is saved in /etc/sysconfig/iptables or:
iptables-save > file_name
iptables-restore < file_name
-u can direct port 80 to an XP iis(asp)machine:
close the 80 ACCEPT,redirect the outside 80 to
local XP port 80-but than u cannot surf by nat
(u can ping though) so do proxy.
(for tswer look at file clients)
errors:
if u get errors by running this script check if u
have: [dos] below the vi editor. if so: open the
script with pico ,change something than save it.
|