The current environment is as follows:
Intranet network segment: 192.168.10.0/24;
Gateway: 192.168.10.254 (at the Building Property Office);
So now in the interior to do a own gateway, on the above to do iptables strategy.
In the future, intranet network is replaced by 192.168.9.0/24; Gateway is 192.168.9.254
The notes are as follows:
1. Configure Gateway server network card information:
Copy Code code as follows:
Ifconfig eth0 192.168.10.222//configure network card 0
Ifconfig eth1 192.168.9.254//Configure network card 1
Route add default gateway 192.168.10.254//configuration
2. Use Iptables to set up NAT
Copy Code code as follows:
Iptables-t nat-a postrouting-o eth0-s 192.168.9.0/24-j SNAT--to 192.168.10.222//9 Network segment NAT for 192.168.10.222 out
3. Use iptables to make strategy limit QQ and MSN
QQ Server port is: 8000, the client port is: 4000 (open the second QQ when 4001, and so on);
MSN Port number: 1863 for landing the required port and 3000-4000 and so on; The MSN Server is gateway.messenger.hotmail.com.
Iptables-a FORWARD--protocol UDP--dport 8000-j REJECT/Shielding QQ Server
Iptables-a forward-d gateway.messenger.hotmail.com-j REJECT//Shielding MSN Server
Iptables-a FORWARD--protocol TCP--dport 1863-j//shielded MSN client port
QQ is Source-port 4000,destination-port 8000
You just have to add a rule to the forward.
Iptables-a forward-i eth0-p UDP--dport 8000-j DROP
The eth0 here is the intranet network card.
To delete this rule, you only need to enter:
iptables-d FORWARD 1
The 1 here refers to its serial number.
Report:
How to ban MSN:
Copy Code code as follows:
/sbin/iptables-i forward-d gateway.messenger.hotmail.com-j DROP
/sbin/iptables-i forward-p TCP--dport 1863-j DROP
