Iptables shields QQ and MSN. the current environment is as follows: intranet network segment: 192.168.10.0/24; Gateway: 192.168.10.254 (in the building property area); therefore, you can build your own gateway internally, configure the iptables policy. in the future, the intranet network will be changed to 192.168.9.0/24, and the Gateway will be 192.168.9.254... iptables shields QQ and MSN. the current environment is as follows: intranet network segment: 192.168.10.0/24; Gateway: 192.168.10.254 (in the building property area); therefore, you can build your own gateway internally, configure the iptables policy. in the future, replace the intranet network with 192.168.9.0/24, and the gateway with 192.168.9.254 as follows: 1. configure the Nic information of the gateway Server: ifconfig eth0 192.168.10.222 // Configure the Nic 0 ifconfig eth1 192.168.9.254 // Configure the Nic 1 route add default gateway 192.168.10.254 // Configure the default gateway 2. use iptables to set NATiptables-t nat-a POSTROUTING-o eth0-s 192.168.9.0/24-j SNAT -- to 192.168.10.222 // forward the 9-segment NAT to 192.168.10.222 3. the iptables policy is used to restrict the ports of QQ and MSNQQ servers to 8000, the client port to 4000 (4001 when the second QQ is enabled, and so on), and UDP. A large number of MSN ports: 1863 indicates the port required for login and-. the MSN server is gateway.messenger.hotmail.com. iptables-a forward -- protocol udp -- dport 8000-j REJECT // shield the QQ server iptables-a forward-d gateway.messenger.hotmail.com-j REJECT // shield the msn server iptables-a forward -- protocol tcp -- dport 1863-j REJECT // source-port 4000 is used to block the msn client port QQ, destination-port 8000 only needs to add A rule in FORWARD to iptables-a forward-I eth0-p udp -- dport 8000-j DROP the eth0 here is the intranet Nic. to delete this rule, you only need to enter iptables-d forward 1. here, 1 refers to the serial number attached to it: the method for blocking MSN: /sbin/iptables-I forward-d gateway.messenger.hotmail.com-j DROP/sbin/iptables-I FORWARD-p tcp -- dport 1863-j DROP
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
