.titleBar { margin-bottom: 5px!important; }

Firewallscripts für VOIP und Linux als router

Dieses Thema im Forum "Allgemeines" wurde erstellt von Sveni, 24 Mai 2005.

  1. Sveni

    Sveni Neuer User

    Registriert seit:
    14 Mai 2005
    Beiträge:
    1
    Zustimmungen:
    0
    Punkte für Erfolge:
    0
    Seit ein paar Tagen bastel ich an meinem Script rum und k0omme nicht weiter. Hinter meinem router habe ich ein Windose mit GMB NetpHone.
    Dieser Rechner hat die Adresse 192.168.11.50

    Mein router liegt auf ppp0 und bekomt eine dynamische adresse und was reinkommt soll an eth0 mit 192.168.11.1 weitergeleitet werden. Diese Adresse ist auch die Gateway addesse.

    Als nächstes will ich dann nicht mehr das Softwareprogram verwenden- dient nur als Test- sondern wieder meine Fritz Fon Wlan. die ich zu ata umprogrammiert habe- sofern ich das richtig machte.

    Könnt ihr mal euere Scripts posten oder meines überrrdenken.

    #!/bin/sh

    # Alte Firewallregeln loeschen
    iptables -F
    iptables -X
    iptables -F
    iptables -t nat -F

    # IP Forwarding aktivieren
    echo "1" > /proc/sys/net/ipv4/ip_forward

    # Das Modul für Network Addrestranslation (NAT) bzw: Masquerading
    # laden und Masquerading einschalten.
    modprobe iptable_nat
    iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

    # MTU Paketgroesse wir fuer routing anpassen
    iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

    # Enfache Firewallregeln zur Blockade eingehender Verbindungen
    iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP
    iptables -A FORWARD -i ppp0 -m state --state NEW,INVALID -j DROP

    # Firewallregeln fuer SSH zulassen
    iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
    iptables -I INPUT -i ppp0 -p tcp --sport 22 -j ACCEPT

    # Weiterleitung der Ports 5004 & 5060 auf 192.168.11.50 (IPTel)
    iptables -I FORWARD -i ppp0 -p udp --dport 5060 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 5060 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --dport 5060 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 5060 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 5060 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 5060 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 5060 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 5060 -j DNAT --to 192.168.11.50



    iptables -I FORWARD -i ppp0 -p tcp --dport 5061 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 5061 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 5061 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 5061 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 5061 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 5061 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 5061 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 5061 -j DNAT --to 192.168.11.50




    iptables -I FORWARD -i ppp0 -p tcp --dport 5062 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 5062 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 5062 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 5062 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 5062 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 5062 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 5062 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 5062 -j DNAT --to 192.168.11.50




    iptables -I FORWARD -i ppp0 -p tcp --dport 5070 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 5070 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 5070 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 5070 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 5070 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 5070 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 5070 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 5070 -j DNAT --to 192.168.11.50







    iptables -I FORWARD -i ppp0 -p tcp --dport 5071 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 5071 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 5071 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 5071 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 5071 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 5071 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 5071 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 5071 -j DNAT --to 192.168.11.50


    iptables -I FORWARD -i ppp0 -p tcp --dport 5072 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 5072 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 5072 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 5072 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 5072 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 5072 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 5072 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 5072 -j DNAT --to 192.168.11.50


    iptables -I FORWARD -i ppp0 -p tcp --dport 7077 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 7077 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 7077 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 7077 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 7077 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 7077 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 7077 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 7077 -j DNAT --to 192.168.11.50


    iptables -I FORWARD -i ppp0 -p tcp --dport 7078 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 7078 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 7078 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 7078 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 7078 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 7078 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 7078 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 7078 -j DNAT --to 192.168.11.50


    iptables -I FORWARD -i ppp0 -p tcp --dport 7079 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 7079 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 7079 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 7079 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 7079 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 7079 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 7079 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 7079 -j DNAT --to 192.168.11.50


    iptables -I FORWARD -i ppp0 -p tcp --dport 7080 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 7080 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 7080 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 7080 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 7080 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 7080 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 7080 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 7080 -j DNAT --to 192.168.11.50


    iptables -I FORWARD -i ppp0 -p tcp --dport 7081 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 7081 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 7081 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 7081 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 7081 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 7081 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 7081 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 7081 -j DNAT --to 192.168.11.50


    iptables -I FORWARD -i ppp0 -p tcp --dport 30000 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 30000 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 30000 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 30000 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 30000 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 30000 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 30000 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 30000 -j DNAT --to 192.168.11.50



    iptables -I FORWARD -i ppp0 -p tcp --dport 30001 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 30001 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 30001 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 30001 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 30001 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 30001 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 30001 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 30001 -j DNAT --to 192.168.11.50


    iptables -I FORWARD -i ppp0 -p tcp --dport 30002 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 30002 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 30002 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 30002 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 30002 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 30002 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 30002 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 30002 -j DNAT --to 192.168.11.50


    iptables -I FORWARD -i ppp0 -p tcp --dport 30003 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 30003 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 30003 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 30003 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 30003 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 30003 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 30003 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 30003 -j DNAT --to 192.168.11.50


    iptables -I FORWARD -i ppp0 -p tcp --dport 30004 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 30004 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 30004 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 30004 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 30004 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 30004 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 30004 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 30004 -j DNAT --to 192.168.11.50


    iptables -I FORWARD -i ppp0 -p tcp --dport 30005 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 30005 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 30005 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 30005 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 30005 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 30005 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 30005 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 30005 -j DNAT --to 192.168.11.50


    iptables -I FORWARD -i ppp0 -p tcp --dport 5004 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 5004 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 5004 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 5004 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 5004 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 5004 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 5004 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 5004 -j DNAT --to 192.168.11.50


    iptables -I FORWARD -i ppp0 -p tcp --dport 10000 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p tcp --sport 10000 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --dport 10000 -j ACCEPT
    iptables -I FORWARD -i ppp0 -p udp --sport 10000 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 10000 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p tcp --sport 10000 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 10000 -j DNAT --to 192.168.11.50
    iptables -t nat -I PREROUTING -i ppp0 -p udp --sport 10000 -j DNAT --to 192.168.11.50