iptables scripts
时间:2006-03-07 来源:level
#!/bin/bash
/sbin/modprobe ip_tables
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_tables
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
/sbin/iptables -F
/sbin/iptables -F -t nat
/sbin/iptables -X
/sbin/iptables -Z
IP="61.150.0.1"
UPLINK="eth0"
ROUTER="yes"
NAT="61.150.0.1"
INTERFACES="lo eth0 eth1"
SERVICES="ssh rsync"
iptables -P INPUT DROP
iptables -A INPUT -i ! ${UPLINK} -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for x in ${SERVICES}
do
iptables -A INPUT -p tcp --dport ${x} -m state --state NEW -j ACCEPT
done
iptables -A INPUT -p tcp -i ${UPLINK} -j REJECT --reject-with
tcp-reset
iptables -A INPUT -p udp -i ${UPLINK} -j REJECT --reject-with
icmp-port-unreachable
if [ -e /proc/sys/net/ipv4/tcp_ecn ]
then
echo 0 > /proc/sys/net/ipv4/tcp_ecn
fi
for x in ${INTERFACES}
do
echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter
done
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 5899 -j DNAT
--to 192.168.0.254:4899
iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 9999 -j DNAT
--to 192.168.0.233:9999
################## M U #########################
iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 44405
-j DNAT --to-destination 192.168.0.233:44405
iptables -t nat -A POSTROUTING -d 192.168.0.233 -p tcp -m tcp
--dport 44405 -j SNAT --to-source 192.168.0.1
iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 55901
-j DNAT --to-destination 192.168.0.233:55901
iptables -t nat -A POSTROUTING -d 192.168.0.233 -p tcp -m tcp
--dport 55901 -j SNAT --to-source 192.168.0.1
#iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 55902
-j DNAT --to-destination 192.168.0.233:55902
#iptables -t nat -A POSTROUTING -d 192.168.0.233 -p tcp -m tcp
--dport 55902 -j SNAT --to-source 192.168.0.1
iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 80 -j
DNAT --to-destination 192.168.0.233:80
#iptables -t nat -A POSTROUTING -d 192.168.0.233 -p tcp -m tcp
--dport 80 -j SNAT --to-source 192.168.0.1
iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 81 -j
DNAT --to-destination 192.168.0.233:81
iptables -t nat -A POSTROUTING -d 192.168.0.233 -p tcp -m tcp
--dport 81 -j SNAT --to-source 192.168.0.1
#iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 82 -j
DNAT --to-destination 192.168.0.233:82
#iptables -t nat -A POSTROUTING -d 192.168.0.233 -p tcp -m tcp
--dport 82 -j SNAT --to-source 192.168.0.1
################## MU END #########################
################## CS SERVER Start ################
iptables -t nat -A PREROUTING -p udp -d ${IP} --dport 27015 -j DNAT
--to 192.168.0.233:27015
#iptables -t nat -A POSTROUTING -p udp -d 192.168.0.233 --dport
27015 -j SNAT --to 192.168.0.1
iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 27015
-j DNAT --to-destination 192.168.0.233:27015
#iptables -t nat -A POSTROUTING -d 192.168.0.233 -p tcp -m tcp
--dport 27015 -j SNAT --to-source 192.168.0.1
################## CS SERVER End #################
################## D2 SERVER Start ################
#iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 23 -j DNAT
--to 192.168.0.233:23
#iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.233 --dport 23
-j SNAT --to 192.168.0.1
#iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 4000 -j DNAT
--to 192.168.0.233:4000
#iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.233 --dport 4000
-j SNAT --to 192.168.0.1
#iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 6112 -j DNAT
--to 192.168.0.233:6112
#iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.233 --dport 6112
-j SNAT --to 192.168.0.1
#iptables -t nat -A PREROUTING -p udp -d ${IP} --dport 6112 -j DNAT
--to 192.168.0.233:6112
#iptables -t nat -A POSTROUTING -p udp -d 192.168.0.233 --dport 6112
-j SNAT --to 192.168.0.1
#iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 6113 -j DNAT
--to 192.168.0.233:6113
#iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.233 --dport 6113
-j SNAT --to 192.168.0.1
#iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 6114 -j DNAT
--to 192.168.0.233:6114
#iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.233 --dport 6114
-j SNAT --to 192.168.0.1
#iptables -t nat -A PREROUTING -p udp -d ${IP} --dport 6114 -j DNAT
--to 192.168.0.233:6114
#iptables -t nat -A POSTROUTING -p udp -d 192.168.0.233 --dport 6114
-j SNAT --to 192.168.0.1
#iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 6200 -j DNAT
--to 192.168.0.233:6200
#iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.233 --dport 6200
-j SNAT --to 192.168.0.1
#iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 6667 -j DNAT
--to 192.168.0.233:6667
#iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.233 --dport 6667
-j SNAT --to 192.168.0.1
################## D2 SERVER END #################
################## Mir Server Start ###############
iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 7000 -j DNAT
--to 192.168.0.233:7000
iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.233 --dport 7000
-j SNAT --to 192.168.0.1
iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 7100 -j DNAT
--to 192.168.0.233:7100
iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.233 --dport 7100
-j SNAT --to 192.168.0.1
iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 5999 -j DNAT
--to 192.168.0.233:4899
iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 7200 -j DNAT
--to 192.168.0.233:7200
iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.233 --dport 7200
-j SNAT --to 192.168.0.1
##################### Mir3 Server ############
#iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 5600 -j DNAT
--to 192.168.0.233:5600
#iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.233 --dport 5600
-j SNAT --to 192.168.0.1
#iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 6000 -j DNAT
--to 192.168.0.233:6000
#iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.233 --dport 6000
-j SNAT --to 192.168.0.1
#iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 5100 -j DNAT
--to 192.168.0.233:5100
#iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.233 --dport 5100
-j SNAT --to 192.168.0.1
#################### Mir3 End ##################
#################### Ftp Server ################
iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 21 -j DNAT
--to 192.168.0.233:21
iptables -t nat -A PREROUTING -p tcp -d ${IP} --dport 2100 -j DNAT
--to 192.168.0.254:21
################### Ftp Server End ##############
################### MoHuan #####################
#iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 4000
-j DNAT --to-destination 192.168.0.233:4000
#iptables -t nat -A POSTROUTING -d 192.168.0.233 -p tcp -m tcp
--dport 4000 -j SNAT --to-source 192.168.0.1
#iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 4001
-j DNAT --to-destination 192.168.0.233:4001
#iptables -t nat -A POSTROUTING -d 192.168.0.233 -p tcp -m tcp
--dport 4001 -j SNAT --to-source 192.168.0.1
#iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 4100
-j DNAT --to-destination 192.168.0.233:4100
#iptables -t nat -A POSTROUTING -d 192.168.0.233 -p tcp -m tcp
--dport 4100 -j SNAT --to-source 192.168.0.1
#iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 4101
-j DNAT --to-destination 192.168.0.233:4101
#iptables -t nat -A POSTROUTING -d 192.168.0.233 -p tcp -m tcp
--dport 4101 -j SNAT --to-source 192.168.0.1
#iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 4010
-j DNAT --to-destination 192.168.0.233:4010
#iptables -t nat -A POSTROUTING -d 192.168.0.233 -p tcp -m tcp
--dport 4010 -j SNAT --to-source 192.168.0.1
################### MoHuan End ###############
iptables -t nat -A POSTROUTING -o ${UPLINK} -j MASQUERADE
相关阅读 更多 +
排行榜 更多 +
