All pastes #2132188 Raw Edit

Untitled

public text v1 · immutable
#2132188 ·published 2012-03-26 11:00 UTC
rendered paste body
IPTABLES=/sbin/iptables
INT_IP=192.168.0.144
INT_DEV=`ip route show src $INT_IP |grep eth |awk {'print $3'}`

TTK_IP=82.200.105.74
#TTK_DEV=`ip route show src $TTK_IP |grep eth |awk {'print $3'}`
TTK_DEV=eth1

date

echo 0 > /proc/sys/net/ipv4/ip_forward

$IPTABLES -F
$IPTABLES -t filter   -A FORWARD    -j TCPMSS     -p tcp --tcp-flags SYN,RST SYN --clamp-mss-to-pmtu
$IPTABLES -t filter   -A INPUT      -j ACCEPT     -m state --state RELATED,ESTABLISHED
$IPTABLES -t filter   -A INPUT      -j ACCEPT     -s 127.0.0.1         -d 127.0.0.1
echo 1
$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i $INT_DEV      -p udp -m multiport --dport 67,68
$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i $INT_DEV   -d $INT_IP -p tcp --dport 22
$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i $INT_DEV   -d $INT_IP -p tcp -m multiport --dport 20,21,22,80,81,445,3128,9090,9091,5222,5223,7777,3300:3495,8080
$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i $INT_DEV   -d $INT_IP -p tcp -m multiport --dport 20,21,49152:65534
$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i $INT_DEV   -d $TTK_IP -p tcp -m multiport --dport 20,21,49152:65534
$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i $INT_DEV   -d $TTK_IP -p tcp -m multiport --dport 20,21,22,80,81,445,3128,9090,9091,5222,5223,7777,3300:3495,8080
$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i $INT_DEV   -d $INT_IP -p udp -m multiport --dport 53,137,138,123
$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i $INT_DEV   -d $INT_IP -p icmp
$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i $INT_DEV   -d $INT_IP -p igmp
$IPTABLES -t filter   -A INPUT      -j REJECT  -i $INT_DEV


#VIP-BLOGI
$IPTABLES -t filter -A FORWARD -d 31.31.196.36 -o eth1 -j DROP
#$IPTABLES -t filter -A FORWARD -j DROP

echo 2
#$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i $TTK_DEV     -p udp -m multiport --dport 67,68
$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i eth1   -d $TTK_IP -p tcp --dport 22
$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i eth1   -d $TTK_IP -p tcp -m multiport --dport 80,5222,5223,7777,7070,10051
$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i eth1   -d $TTK_IP -p udp --dport 7867
$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i eth1   -d $TTK_IP -p udp --dport 26459
#$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i eth1   -d $TTK_IP -p udp -m multiport --dport 53,137,138,123
$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i eth1   -d $TTK_IP -p icmp
$IPTABLES -t filter   -A INPUT      -j ACCEPT  -i eth1   -d $TTK_IP -p igmp
$IPTABLES -t filter   -A INPUT      -j REJECT  -i eth1

echo 3
$IPTABLES -t filter   -A INPUT      -j ACCEPT     -m state --state RELATED,ESTABLISHED
$IPTABLES -t filter   -A INPUT      -j ACCEPT     -s 127.0.0.1         -d 127.0.0.1

$IPTABLES -t mangle -F
$IPTABLES -t mangle -A PREROUTING -s  178.63.116.212 -j TOS --set-tos 0x10
$IPTABLES -t mangle -A FORWARD -d 192.168.0.100 -j TOS --set-tos 0x10
$IPTABLES -t mangle -A POSTROUTING -d 192.168.0.148 -j TOS --set-tos 0x06
$IPTABLES -t mangle -A POSTROUTING -d 192.168.0.136 -j TOS --set-tos 0x06
$IPTABLES -t mangle -A POSTROUTING -d 192.168.0.106 -j TOS --set-tos 0x06
#$IPTABLES -t mangle -A OUTPUT -s 192.168.0.144 -j MARK --set-mark 10
echo 4

$IPTABLES -t nat -F

$IPTABLES -t nat -A POSTROUTING -s 192.168.0.0/24 -d 31.31.196.36 -o ppp100 -j MASQUERADE


$IPTABLES -t nat -A POSTROUTING -j SNAT -s 192.168.0.0/24 -o eth1 --to-source $TTK_IP
echo 5
#
#$IPTABLES -t nat -A PREROUTING -j DNAT -d $TTK_IP -p tcp --dport 5222:5223 --to-destination 192.168.0.200
#$IPTABLES -t nat -A POSTROUTING -j SNAT -s 192.168.0.0/24 -d 192.168.0.200 -p tcp -m multiport --dport 5222,5223 --to-source $INT_IP
echo 6

#asterisk api
$IPTABLES -t nat -A PREROUTING -j DNAT -d $TTK_IP -p tcp --dport 5038 --to-destination 192.168.0.100:5038
$IPTABLES -t nat -A POSTROUTING -j SNAT -s 192.168.0.0/24 -d 192.168.0.100 -p tcp --dport 5038 --to-source $INT_IP
#/asterisk
$IPTABLES -t nat -A PREROUTING -j DNAT -d $TTK_IP -p tcp --dport 39234 --to-destination 192.168.0.144:3306

echo 7
#p2p
$IPTABLES -t nat -A PREROUTING -j DNAT -d $TTK_IP -p tcp --dport 3030 --to-destination 192.168.0.125:3030
$IPTABLES -t nat -A PREROUTING -j DNAT -d $TTK_IP -p udp --dport 3030 --to-destination 192.168.0.125:3030
$IPTABLES -t nat -A PREROUTING -j DNAT -d $TTK_IP -p udp --dport 7867 --to-destination 192.168.0.125:7867
#/p2p

$IPTABLES -t nat -A PREROUTING -j DNAT -d $TTK_IP -p tcp --dport 3391 --to-destination 192.168.0.35:3389
$IPTABLES -t nat -A PREROUTING -j DNAT -d $TTK_IP -p tcp --dport 54327 --to-destination 192.168.0.100:3306
$IPTABLES -t nat -A PREROUTING -j DNAT -d $TTK_IP -p tcp --dport 3389 --to-destination 192.168.0.220:3389
#


echo 1 > /proc/sys/net/ipv4/ip_forward