WCM Forum - Einzelnen Beitrag anzeigen

scrambler · 18.02.2004, 12:35

ich möchte ja nur das script manuell ausführen ohne die Firewall neu zu starten ...

trotzdem:

code:--------------------------------------------------------------------------------
# You should not edit this file. Instead, create a file with the same
# name as this one, but with a .rul extension instead of .def. The
# .rul file will override this one.
#
# However, any changes you make to this file will be preserved.

#: Masquerade packets from internal networks
if [ -n "$INTERNAL" -a -n "$EXTERNAL" ]; then
for j in $EXTERNAL; do
for i in $INTERNAL; do
ipnm_cache $i
case $MASQMETHOD in
ipfwadm)
$IPFWADM -F -a masq -W ${j%%:*} -S $IPOFIF/$NMOFIF
;;
ipchains)
if [ -n "$PEEROFIF" ]; then
$IPCHAINS --no-warnings -A forward -j MASQ -i ${j%%:*} -s $PEEROFIF/$NMOFIF
else
$IPCHAINS --no-warnings -A forward -j MASQ -i ${j%%:*} -s $IPOFIF/$NMOFIF
fi
;;
netfilter)
i=$(echo $i | cut -d ":" -f 1)
j=$(echo $j | cut -d ":" -f 1)
if [ -n "$PEEROFIF" ]; then
$IPTABLES -t nat -A POSTROUTING -s $PEEROFIF/$NMOFIF -j MASQUERADE

$IPTABLES -A FORWARD -i $i -o ${j%%:*} -s 192.168.1.100/32 -j ACCEPT
# Transparent proxying
# $IPTABLES -t nat -A PREROUTING -i $i -p tcp --dport 80 -j REDIRECT --to-port 8080

$IPTABLES -A FORWARD -i $i -o ${j%%:*} -s $PEEROFIF/$NMOFIF -p tcp -j DROP

$IPTABLES -A FORWARD -o $i -i ${j%%:*} -d $PEEROFIF/$NMOFIF -j ACCEPT

else
$IPTABLES -t nat -A POSTROUTING -s $IPOFIF/$NMOFIF -j MASQUERADE

$IPTABLES -A FORWARD -i $i -o ${j%%:*} -s 192.168.1.100/32 -j ACCEPT # pc-slettmayer
$IPTABLES -A FORWARD -i $i -o ${j%%:*} -s 192.168.1.99/32 -j ACCEPT # pc-hlessiak

# Transparent proxying
# $IPTABLES -t nat -A PREROUTING -i $i -p tcp --dport 80 -j REDIRECT --to-port 8080

$IPTABLES -A FORWARD -i $i -o ${j%%:*} -s $IPOFIF/$NMOFIF -p tcp -j DROP
$IPTABLES -A FORWARD -i $i -o ${j%%:*} -s $IPOFIF/$NMOFIF -p udp -j DROP

$IPTABLES -A FORWARD -i $i -o ${j%%:*} -s $IPOFIF/$NMOFIF -j ACCEPT

$IPTABLES -A FORWARD -o $i -i ${j%%:*} -d $IPOFIF/$NMOFIF -j ACCEPT
fi
;;
esac
done
done
fi

--------------------------------------------------------------------------------

es funzt ja sonst ohne Probleme

PS: hab das Script gekürzt (also die meisten Iptables rausgelöscht) damit ich's posten kann ...

18.02.2004, 12:35	#5
scrambler Jr. Member Registriert seit: 12.01.2004 Alter: 43 Beiträge: 21	glaub ich nicht ... ich möchte ja nur das script manuell ausführen ohne die Firewall neu zu starten ... trotzdem: code:-------------------------------------------------------------------------------- # You should not edit this file. Instead, create a file with the same # name as this one, but with a .rul extension instead of .def. The # .rul file will override this one. # # However, any changes you make to this file will be preserved. #: Masquerade packets from internal networks if [ -n "$INTERNAL" -a -n "$EXTERNAL" ]; then for j in $EXTERNAL; do for i in $INTERNAL; do ipnm_cache $i case $MASQMETHOD in ipfwadm) $IPFWADM -F -a masq -W ${j%%:} -S $IPOFIF/$NMOFIF ;; ipchains) if [ -n "$PEEROFIF" ]; then $IPCHAINS --no-warnings -A forward -j MASQ -i ${j%%:} -s $PEEROFIF/$NMOFIF else $IPCHAINS --no-warnings -A forward -j MASQ -i ${j%%:} -s $IPOFIF/$NMOFIF fi ;; netfilter) i=$(echo $i \| cut -d ":" -f 1) j=$(echo $j \| cut -d ":" -f 1) if [ -n "$PEEROFIF" ]; then $IPTABLES -t nat -A POSTROUTING -s $PEEROFIF/$NMOFIF -j MASQUERADE $IPTABLES -A FORWARD -i $i -o ${j%%:} -s 192.168.1.100/32 -j ACCEPT # Transparent proxying # $IPTABLES -t nat -A PREROUTING -i $i -p tcp --dport 80 -j REDIRECT --to-port 8080 $IPTABLES -A FORWARD -i $i -o ${j%%:} -s $PEEROFIF/$NMOFIF -p tcp -j DROP $IPTABLES -A FORWARD -o $i -i ${j%%:} -d $PEEROFIF/$NMOFIF -j ACCEPT else $IPTABLES -t nat -A POSTROUTING -s $IPOFIF/$NMOFIF -j MASQUERADE $IPTABLES -A FORWARD -i $i -o ${j%%:} -s 192.168.1.100/32 -j ACCEPT # pc-slettmayer $IPTABLES -A FORWARD -i $i -o ${j%%:} -s 192.168.1.99/32 -j ACCEPT # pc-hlessiak # Transparent proxying # $IPTABLES -t nat -A PREROUTING -i $i -p tcp --dport 80 -j REDIRECT --to-port 8080 $IPTABLES -A FORWARD -i $i -o ${j%%:} -s $IPOFIF/$NMOFIF -p tcp -j DROP $IPTABLES -A FORWARD -i $i -o ${j%%:} -s $IPOFIF/$NMOFIF -p udp -j DROP $IPTABLES -A FORWARD -i $i -o ${j%%:} -s $IPOFIF/$NMOFIF -j ACCEPT $IPTABLES -A FORWARD -o $i -i ${j%%:} -d $IPOFIF/$NMOFIF -j ACCEPT fi ;; esac done done fi -------------------------------------------------------------------------------- es funzt ja sonst ohne Probleme PS: hab das Script gekürzt (also die meisten Iptables rausgelöscht) damit ich's posten kann ... ____________________________________ Da Reh springt hoch da Reh springt weit - warum denn nit da Reh hot Zeit!