Home > Developer > PHP

RHEL4/5iptables instance (updating)

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
[Root @ localhost ~] # Catetcaccess #! Binbash # clear policy sudoetcinit. diptablesstop # Open Server Port sudosbiniptables-IINPUT-ptcp -- dport22-jACCEPTsudosbiniptables-IOUTPUT-ptcp -- sport22-jACCEPTsudosbiniptables

[Root @ localhost ~] # Cat/etc/access #! /Bin/bash # Clear sudo/etc/init. d/iptables stop # Open Server Port sudo/sbin/iptables-I input-p tcp -- dport 22-j ACCEPT sudo/sbin/iptables-I OUTPUT-p tcp -- sport 22- j ACCEPT sudo/sbin/iptables

[Root @ localhost ~] # Cat/etc/access
#! /Bin/bash
# Clearing Policy
Sudo/etc/init. d/iptables stop
# Open Server Port
Sudo/sbin/iptables-I INPUT-p tcp -- dport 22-j ACCEPT
Sudo/sbin/iptables-I OUTPUT-p tcp -- sport 22-j ACCEPT
Sudo/sbin/iptables-I INPUT-p tcp -- dport 80-j ACCEPT
Sudo/sbin/iptables-I OUTPUT-p tcp -- sport 80-j ACCEPT
# Allow external access
Sudo/sbin/iptables-I OUTPUT-p tcp -- dport 80-j ACCEPT
Sudo/sbin/iptables-I INPUT-p tcp -- sport 80-j ACCEPT
Sudo/sbin/iptables-I OUTPUT-p tcp -- dport 123-j ACCEPT
Sudo/sbin/iptables-I INPUT-p tcp -- sport 123-j ACCEPT
Sudo/sbin/iptables-I OUTPUT-p udp -- dport 123-j ACCEPT
Sudo/sbin/iptables-I INPUT-p udp -- sport 123-j ACCEPT
Sudo/sbin/iptables-I OUTPUT-p tcp -- dport 53-j ACCEPT
Sudo/sbin/iptables-I INPUT-p tcp -- sport 53-j ACCEPT
Sudo/sbin/iptables-I OUTPUT-p udp -- dport 53-j ACCEPT
Sudo/sbin/iptables-I INPUT-p udp -- sport 53-j ACCEPT
# Allow lo port mutual access
Sudo/sbin/iptables-I input-I lo-j ACCEPT
Sudo/sbin/iptables-I OUTPUT-o lo-j ACCEPT
# Allow icmp Packets
Sudo/sbin/iptables-I INPUT-p icmp-j ACCEPT
Sudo/sbin/iptables-I OUTPUT-p icmp-j ACCEPT
# Allow mutual access between LAN (LAN) Segments
Sudo/sbin/iptables-I OUTPUT-p tcp -- sport 0: 65535-d 10.10.1.0/24-j ACCEPT
Sudo/sbin/iptables-I INPUT-p tcp-s 10.10.1.0/24 -- dport 0: 65535-j ACCEPT
Sudo/sbin/iptables-I OUTPUT-p udp -- sport 0: 65535-d 10.10.1.0/24-j ACCEPT
Sudo/sbin/iptables-I INPUT-p udp-s 10.10.1.0/24 -- dport 0: 65535-j ACCEPT
# Change the default policy to DROP (discard all unmatched packages)
Sudo/sbin/iptables-P INPUT DROP
Sudo/sbin/iptables-P OUTPUT DROP
Sudo/sbin/iptables-P FORWARD DROP
######################################## #########
# When it is an OPENVPN server, allow the client to access the outside world through this tunnel (default NAT eth1 port)
Sudo/sbin/iptables-t nat-I POSTROUTING-s 10.8.0.0/24-o eth1-j MASQUERADE
# When using the OPENVPN server, allow the client to access a specific CIDR Block through a NAT Port
Sudo/sbin/iptables-t nat-I POSTROUTING-s 10.8.0.0/24-o eth1-d 10.31.255.0/24-j MASQUERADE
Sudo/sbin/iptables-t nat-I POSTROUTING-s 10.8.0.0/24-o eth0-d 172.17.167.0/24-j MASQUERADE
# Allow mutual access between OPENVPN clients
Sudo/sbin/iptables-a forward-o tun0-d 10.8.0.0/24-j ACCEPT
Sudo/sbin/iptables-a forward-I tun0-s 10.8.0.0/24-j ACCEPT

######################################## #########
# Filter a port that accesses a specific IP address 10.10.1.100 (its own IP address) for a specific network segment
Sudo/sbin/iptables-I INPUT-s 10.10.1.0/24-p tcp-d 10.10.1.100 -- dport 5566-j DROP
# Filter an IP address to access a port of the local IP Address
Sudo/sbin/iptables-I INPUT-m iprange -- src-range 10.10.1.20-10.10.1.22-p tcp-d 10.10.1.100 -- dport 5566-j DROP
######################################## ######### LVS server communication package sudo/sbin/iptables-I input-I eth0-d 224.0.0.18-j ACCEPT
Sudo/sbin/iptables-I OUTPUT-o eth0-d 224.0.0.18-j ACCEPT
######################################## ######### Enable the NAT port ing function for CEN segments. it is to map port 15941 accessing 10.31.20.14 to port 15941 of 10.31.20.41 #10.31.20.41. This host must set the gateway to 10.31.20.14 # enable the forwarding iptables-a forward-o of the 10.31.255.41 IP address on the eth1 Nic. eth1-d 10.31.255.0/24-j ACCEPT
Iptables-a forward-I eth1-s 10.31.255.0/24-j ACCEPT # DNAT from Port 15941 accessing 10.31.20.14 to port 15941 of 10.31.20.41
Iptables-t nat-a prerouting-d 10.31.20.14-p tcp -- dport 15941-j DNAT -- to-destination 10.31.20.41: 15941
######################################## ######### Instructions on DNAT and SNAT of Iptables # Use DNAT to access the local IP address (202.96.209.20, and it must be added to the NIC.) The ing to a specific internal IP address is DMZ.
# Iptables-t nat-a prerouting-d 202.96.209.20.- j DNAT -- to-destination 192.168.0.110 # Then, all the IP addresses in the Intranet segment are added to the NIC through A local IP address 202.96.209.134) forward iptables-t nat-a postrouting-s 192.168.0.0/24-j SNAT -- to-source 202.96.209.134

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
play store not updating updating to windows 10 play store not updating google play not updating symantec not updating mcafee not updating equifax not updating

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More