|
[x]
Posted via EE Mobile
|
||
Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again. |
||
| Question |
|
[x]
Attachment Details
|
||
|
[x]
The Solution Rating System
|
||
With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.
Your Input Matters If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support. Thank you! |
||
1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255: 256: 257: 258: 259: 260: 261: 262: 263: 264: 265: 266: 267: 268: 269: 270: 271: 272: 273: 274: 275: 276: 277: 278: 279: 280: 281: 282: 283: 284: 285: 286: 287: 288: 289: 290: 291: 292: 293: 294: 295: 296: 297: 298: 299: 300: 301: 302: 303: 304: 305: 306: 307: 308: 309: 310: 311: 312: 313: 314: 315: 316: 317: 318: 319: 320: 321: 322: 323: 324: 325: 326: 327: 328: 329: 330: |
# Generated by iptables-save v1.3.8 on Wed Apr 22 11:21:26 2009 *mangle :PREROUTING ACCEPT [108983:23638102] :INPUT ACCEPT [39585:3795243] :FORWARD ACCEPT [68353:19701326] :OUTPUT ACCEPT [54161:43536415] :POSTROUTING ACCEPT [122502:63223121] :CHECKIIF - [0:0] :INCOMINGMARK - [0:0] :LOCALMARK - [0:0] :LOCALPOLICYROUTING - [0:0] :LOCALROUTING - [0:0] :LVS - [0:0] :LVSSMTPSCAN - [0:0] :MARKIIF - [0:0] :POLICYROUTING - [0:0] :ROUTING - [0:0] :ZONEFW - [0:0] :ZONETRAFFIC - [0:0] -A PREROUTING -i lo -j ACCEPT -A PREROUTING -j ROUTING -A INPUT -i lo -j ACCEPT -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -m state --state NEW -m mark --mark 0x0/0xfff80000 -j ZONETRAFFIC -A FORWARD -m state --state RELATED,ESTABLISHED -j MARK --and-mark 0xfffbffff -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j LOCALROUTING -A CHECKIIF -i ! eth1 -m connmark --mark 0x1000/0x3f800 -j MARK --and-mark 0xfffff807 -A CHECKIIF -i ! eth1 -m connmark --mark 0x1000/0x3f800 -j MARK --or-mark 0x7e0 -A CHECKIIF -i ! eth0 -m connmark --mark 0x800/0x3f800 -j MARK --and-mark 0xfffff807 -A CHECKIIF -i ! br0 -m connmark --mark 0x1800/0x3f800 -j MARK --and-mark 0xfffff807 -A INCOMINGMARK -j POLICYROUTING -A INCOMINGMARK -j CONNMARK --restore-mark -A LOCALMARK -j LOCALPOLICYROUTING -A LOCALMARK -j CONNMARK --restore-mark -A LOCALPOLICYROUTING -d 208.67.220.220 -p udp -m udp --dport 53 -j CONNMARK --set-mark 0x7e0/0x7f8 -A LOCALPOLICYROUTING -d 208.67.220.220 -p udp -m udp --dport 53 -m connmark ! --mark 0x0/0x7f8 -j RETURN -A LOCALPOLICYROUTING -d 208.67.220.220 -p tcp -m tcp --dport 53 -j CONNMARK --set-mark 0x7e0/0x7f8 -A LOCALPOLICYROUTING -d 208.67.220.220 -p tcp -m tcp --dport 53 -m connmark ! --mark 0x0/0x7f8 -j RETURN -A LOCALPOLICYROUTING -d 208.67.220.220 -p udp -m udp --dport 53 -j CONNMARK --set-mark 0x7e0/0x7f8 -A LOCALPOLICYROUTING -d 208.67.220.220 -p udp -m udp --dport 53 -m connmark ! --mark 0x0/0x7f8 -j RETURN -A LOCALPOLICYROUTING -d 208.67.220.220 -p tcp -m tcp --dport 53 -j CONNMARK --set-mark 0x7e0/0x7f8 -A LOCALPOLICYROUTING -d 208.67.220.220 -p tcp -m tcp --dport 53 -m connmark ! --mark 0x0/0x7f8 -j RETURN -A LOCALROUTING -i lo -j RETURN -A LOCALROUTING -o lo -j RETURN -A LOCALROUTING -m state --state INVALID,RELATED,ESTABLISHED,UNTRACKED -m connmark ! --mark 0x0 -j CONNMARK --restore-mark -A LOCALROUTING -m state --state INVALID,RELATED,ESTABLISHED,UNTRACKED -m connmark ! --mark 0x0 -j CHECKIIF -A LOCALROUTING -m state --state NEW -j MARKIIF -A LOCALROUTING -m state --state NEW -j LOCALMARK -A MARKIIF -i eth1 -j CONNMARK --set-mark 0x1000/0x3f800 -A MARKIIF -i eth0 -j CONNMARK --set-mark 0x800/0x3f800 -A MARKIIF -i br0 -j CONNMARK --set-mark 0x1800/0x3f800 -A POLICYROUTING -d 208.67.220.220 -p udp -m udp --dport 53 -j CONNMARK --set-mark 0x7e0/0x7f8 -A POLICYROUTING -d 208.67.220.220 -p udp -m udp --dport 53 -m connmark ! --mark 0x0/0x7f8 -j RETURN -A POLICYROUTING -d 208.67.220.220 -p tcp -m tcp --dport 53 -j CONNMARK --set-mark 0x7e0/0x7f8 -A POLICYROUTING -d 208.67.220.220 -p tcp -m tcp --dport 53 -m connmark ! --mark 0x0/0x7f8 -j RETURN -A POLICYROUTING -d 208.67.220.220 -p udp -m udp --dport 53 -j CONNMARK --set-mark 0x7e0/0x7f8 -A POLICYROUTING -d 208.67.220.220 -p udp -m udp --dport 53 -m connmark ! --mark 0x0/0x7f8 -j RETURN -A POLICYROUTING -d 208.67.220.220 -p tcp -m tcp --dport 53 -j CONNMARK --set-mark 0x7e0/0x7f8 -A POLICYROUTING -d 208.67.220.220 -p tcp -m tcp --dport 53 -m connmark ! --mark 0x0/0x7f8 -j RETURN -A ROUTING -i lo -j RETURN -A ROUTING -o lo -j RETURN -A ROUTING -m state --state INVALID,RELATED,ESTABLISHED,UNTRACKED -m connmark ! --mark 0x0 -j CONNMARK --restore-mark -A ROUTING -m state --state INVALID,RELATED,ESTABLISHED,UNTRACKED -m connmark ! --mark 0x0 -j CHECKIIF -A ROUTING -m state --state NEW -j MARKIIF -A ROUTING -m state --state NEW -j INCOMINGMARK -A ZONEFW -i br0 -o br0 -j ACCEPT -A ZONEFW -i br0 -o br2 -j ACCEPT -A ZONEFW -i br0 -o br1 -j ACCEPT -A ZONEFW -i br2 -o br2 -j ACCEPT -A ZONEFW -i br1 -o br1 -j ACCEPT -A ZONETRAFFIC -i br0 -o br0 -j ZONEFW -A ZONETRAFFIC -i br0 -o br0 -j RETURN COMMIT # Completed on Wed Apr 22 11:21:26 2009 # Generated by iptables-save v1.3.8 on Wed Apr 22 11:21:26 2009 *filter :ALLOW - [0:0] :ALLOW_HOOKS - [0:0] :BADTCP - [0:0] :BADTCP_LOGDROP - [0:0] :CUSTOMFORWARD - [0:0] :CUSTOMINPUT - [0:0] :CUSTOMOUTPUT - [0:0] :HAFORWARD - [0:0] :ICMP_LOGDROP - [0:0] :INPUT DROP [569:493670] :FORWARD DROP [64:5654] :INPUTFW - [0:0] :INPUTFW_LOGDROP - [0:0] :INPUTTRAFFIC - [0:0] :LOG_FORWARD - [0:0] :LOG_INPUT - [0:0] :NEWNOTSYN - [0:0] :NEWNOTSYN_LOGDROP - [0:0] :OPENVPNCLIENTDHCP - [0:0] :OPENVPNDHCP - [0:0] :OUTGOINGFW - [0:0] :OUTPUT ACCEPT [54231:43544381] :PORTFWACCESS - [0:0] :REDINPUT - [0:0] :VPNFW - [0:0] :VPNFWDST - [0:0] :VPNFW_LOGDROP - [0:0] :VPNTRAFFIC - [0:0] :ZONEFW - [0:0] :ZONEFW_LOGDROP - [0:0] :ZONETRAFFIC - [0:0] :ipac~fi - [0:0] :ipac~fo - [0:0] :ipac~i - [0:0] :ipac~o - [0:0] -A ALLOW -j ALLOW_HOOKS -A ALLOW -j ACCEPT -A BADTCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j BADTCP_LOGDROP -A BADTCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j BADTCP_LOGDROP -A BADTCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j BADTCP_LOGDROP -A BADTCP -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j BADTCP_LOGDROP -A BADTCP -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j BADTCP_LOGDROP -A BADTCP_LOGDROP -j DROP -A ICMP_LOGDROP -p icmp -m icmp --icmp-type 8 -j RETURN -A ICMP_LOGDROP -p icmp -m icmp --icmp-type 30 -j RETURN -A ICMP_LOGDROP -j DROP -A INPUT -j ipac~o -A INPUT -j REDINPUT -A INPUT -j BADTCP -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j NEWNOTSYN_LOGDROP -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 10/sec -A INPUT -j CUSTOMINPUT -A INPUT -m state --state RELATED,ESTABLISHED -j ALLOW -A INPUT -p icmp -j ICMP_LOGDROP -A INPUT -i lo -m state --state NEW -j ALLOW -A INPUT -s 127.0.0.0/255.0.0.0 -m state --state NEW -j DROP -A INPUT -d 127.0.0.0/255.0.0.0 -m state --state NEW -j DROP -A INPUT -m state --state NEW -j INPUTTRAFFIC -A INPUT -j LOG_INPUT -A FORWARD -j ipac~fi -A FORWARD -j ipac~fo -A FORWARD -j OPENVPNCLIENTDHCP -A FORWARD -j OPENVPNDHCP -A FORWARD -j BADTCP -A FORWARD -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j NEWNOTSYN -A FORWARD -j CUSTOMFORWARD -A FORWARD -m state --state RELATED,ESTABLISHED -j ALLOW -A FORWARD -p icmp -j ICMP_LOGDROP -A FORWARD -i lo -m state --state NEW -j ALLOW -A FORWARD -s 127.0.0.0/255.0.0.0 -m state --state NEW -j DROP -A FORWARD -d 127.0.0.0/255.0.0.0 -m state --state NEW -j DROP -A FORWARD -j HAFORWARD -A FORWARD -m state --state NEW -j PORTFWACCESS -A FORWARD -j VPNTRAFFIC -A FORWARD -m state --state NEW -j OUTGOINGFW -A FORWARD -m state --state NEW -j ZONETRAFFIC -A FORWARD -j LOG_FORWARD -A INPUTFW -s 192.168.168.0/255.255.255.0 -p tcp -m tcp --dport 10000 -j ALLOW -A INPUTFW -i br0 -p tcp -m tcp --dport 80 -j ALLOW -A INPUTFW -i br2 -p tcp -m tcp --dport 80 -j ALLOW -A INPUTFW -i br1 -p tcp -m tcp --dport 80 -j ALLOW -A INPUTFW -i br0 -p tcp -m tcp --dport 10443 -j ALLOW -A INPUTFW -i br0 -p tcp -m tcp --dport 3001 -j ALLOW -A INPUTFW -i br2 -p tcp -m tcp --dport 3001 -j ALLOW -A INPUTFW -i br1 -p tcp -m tcp --dport 3001 -j ALLOW -A INPUTFW -i br0 -p icmp -m hashlimit --hashlimit 3/sec --hashlimit-mode srcip,dstip --hashlimit-name xticmp -m icmp --icmp-type 8 -j ALLOW -A INPUTFW -i br0 -p icmp -m hashlimit --hashlimit 3/sec --hashlimit-mode srcip,dstip --hashlimit-name xticmp -m icmp --icmp-type 30 -j ALLOW -A INPUTFW -i br2 -p icmp -m hashlimit --hashlimit 3/sec --hashlimit-mode srcip,dstip --hashlimit-name xticmp -m icmp --icmp-type 8 -j ALLOW -A INPUTFW -i br2 -p icmp -m hashlimit --hashlimit 3/sec --hashlimit-mode srcip,dstip --hashlimit-name xticmp -m icmp --icmp-type 30 -j ALLOW -A INPUTFW -i br1 -p icmp -m hashlimit --hashlimit 3/sec --hashlimit-mode srcip,dstip --hashlimit-name xticmp -m icmp --icmp-type 8 -j ALLOW -A INPUTFW -i br1 -p icmp -m hashlimit --hashlimit 3/sec --hashlimit-mode srcip,dstip --hashlimit-name xticmp -m icmp --icmp-type 30 -j ALLOW -A INPUTFW -i ipsec+ -p icmp -m hashlimit --hashlimit 3/sec --hashlimit-mode srcip,dstip --hashlimit-name xticmp -m icmp --icmp-type 8 -j ALLOW -A INPUTFW -i ipsec+ -p icmp -m hashlimit --hashlimit 3/sec --hashlimit-mode srcip,dstip --hashlimit-name xticmp -m icmp --icmp-type 30 -j ALLOW -A INPUTFW -i br0 -p tcp -m tcp --dport 53 -j ALLOW -A INPUTFW -i br0 -p udp -m udp --dport 53 -j ALLOW -A INPUTFW -i br2 -p tcp -m tcp --dport 53 -j ALLOW -A INPUTFW -i br2 -p udp -m udp --dport 53 -j ALLOW -A INPUTFW -i br1 -p tcp -m tcp --dport 53 -j ALLOW -A INPUTFW -i br1 -p udp -m udp --dport 53 -j ALLOW -A INPUTFW -i ipsec+ -p tcp -m tcp --dport 53 -j ALLOW -A INPUTFW -i ipsec+ -p udp -m udp --dport 53 -j ALLOW -A INPUTFW -i br0 -p tcp -m tcp --dport 22 -j ALLOW -A INPUTFW -i eth1 -p gre -j ALLOW -A INPUTFW -i eth1 -p esp -j ALLOW -A INPUTFW -i eth1 -p ah -j ALLOW -A INPUTFW -i eth1 -p udp -m udp --dport 500 -j ALLOW -A INPUTFW -i eth1 -p udp -m udp --dport 4500 -j ALLOW -A INPUTFW -i br2 -p gre -j ALLOW -A INPUTFW -i br2 -p esp -j ALLOW -A INPUTFW -i br2 -p ah -j ALLOW -A INPUTFW -i br2 -p udp -m udp --dport 500 -j ALLOW -A INPUTFW -i br2 -p udp -m udp --dport 4500 -j ALLOW -A INPUTFW -i br1 -p gre -j ALLOW -A INPUTFW -i br1 -p esp -j ALLOW -A INPUTFW -i br1 -p ah -j ALLOW -A INPUTFW -i br1 -p udp -m udp --dport 500 -j ALLOW -A INPUTFW -i br1 -p udp -m udp --dport 4500 -j ALLOW -A INPUTFW -i br0 -p udp -m udp --dport 5060 -j ALLOW -A INPUTFW -i br0 -p udp -m udp --dport 7070:7090 -j ALLOW -A INPUTFW -i eth1 -p udp -m udp --dport 5060 -j ALLOW -A INPUTFW -i eth1 -p udp -m udp --dport 7070:7090 -j ALLOW -A INPUTFW -i br0 -p udp -m udp --dport 123 -j ALLOW -A INPUTFW -i br0 -p tcp -m tcp --dport 123 -j ALLOW -A INPUTFW -i br2 -p udp -m udp --dport 123 -j ALLOW -A INPUTFW -i br2 -p tcp -m tcp --dport 123 -j ALLOW -A INPUTFW -i br1 -p udp -m udp --dport 123 -j ALLOW -A INPUTFW -i br1 -p tcp -m tcp --dport 123 -j ALLOW -A INPUTFW -i ipsec+ -p udp -m udp --dport 123 -j ALLOW -A INPUTFW -i ipsec+ -p tcp -m tcp --dport 123 -j ALLOW -A INPUTFW -i br0 -p tcp -m tcp --dport 8080 -j ALLOW -A INPUTFW -i ipsec+ -p tcp -m tcp --dport 8080 -j ALLOW -A INPUTFW -i br2 -p tcp -m tcp --dport 8080 -j ALLOW -A INPUTFW -i br1 -p tcp -m tcp --dport 8080 -j ALLOW -A INPUTFW_LOGDROP -j DROP -A INPUTTRAFFIC -i ipsec+ -j INPUTFW -A INPUTTRAFFIC -i ipsec+ -j INPUTFW_LOGDROP -A INPUTTRAFFIC -i tap+ -j INPUTFW -A INPUTTRAFFIC -i tap+ -j INPUTFW_LOGDROP -A INPUTTRAFFIC -m physdev --physdev-in tap+ -j INPUTFW -A INPUTTRAFFIC -m physdev --physdev-in tap+ -j INPUTFW_LOGDROP -A INPUTTRAFFIC -i br0 -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable -A INPUTTRAFFIC -i br0 -j INPUTFW -A INPUTTRAFFIC -i br0 -j INPUTFW_LOGDROP -A INPUTTRAFFIC -j INPUTFW -A NEWNOTSYN -i br0 -o br0 -j RETURN -A NEWNOTSYN -i tap+ -j RETURN -A NEWNOTSYN -o tap+ -j RETURN -A NEWNOTSYN -j NEWNOTSYN_LOGDROP -A NEWNOTSYN_LOGDROP -j DROP -A OUTGOINGFW -i br1 -o eth1 -j ALLOW -A OUTGOINGFW -i br2 -o eth1 -j ALLOW -A OUTGOINGFW -i br0 -o eth1 -j ALLOW -A OUTPUT -j ipac~i -A OUTPUT -j CUSTOMOUTPUT -A PORTFWACCESS -d 192.168.168.2 -p tcp -m tcp --dport 80 -j ALLOW -A PORTFWACCESS -d 192.168.168.2 -p tcp -m tcp --dport 21 -j ALLOW -A PORTFWACCESS -d 192.168.168.2 -p tcp -m tcp --dport 443 -j ALLOW -A PORTFWACCESS -d 192.168.168.2 -p tcp -m tcp --dport 993 -j ALLOW -A PORTFWACCESS -d 192.168.168.2 -p tcp -m tcp --dport 3389 -j ALLOW -A PORTFWACCESS -d 192.168.168.2 -p tcp -m tcp --dport 1723 -j ALLOW -A PORTFWACCESS -d 192.168.168.9 -p udp -m udp --dport 6277 -j ALLOW -A PORTFWACCESS -d 192.168.168.9 -p udp -m udp --dport 24441 -j ALLOW -A PORTFWACCESS -d 192.168.168.9 -p tcp -m tcp --dport 2703 -j ALLOW -A PORTFWACCESS -d 192.168.168.9 -p tcp -m tcp --dport 4282 -j ALLOW -A PORTFWACCESS -d 192.168.168.9 -p tcp -m tcp --dport 4280 -j ALLOW -A PORTFWACCESS -d 192.168.168.10 -p udp -m udp --dport 10000:10100 -j ALLOW -A PORTFWACCESS -d 192.168.168.2 -p tcp -m tcp --dport 465 -j ALLOW -A PORTFWACCESS -d 192.168.168.10 -p udp -m udp --dport 4569 -j ALLOW -A PORTFWACCESS -d 192.168.168.10 -p tcp -m tcp --dport 22 -j ALLOW -A PORTFWACCESS -d 192.168.168.34 -p tcp -m tcp --dport 3389 -j ALLOW -A PORTFWACCESS -d 192.168.168.9 -p tcp -m tcp --dport 25 -j ALLOW -A PORTFWACCESS -d 192.168.168.2 -p gre -j ALLOW -A VPNFW -j ALLOW -A VPNFW_LOGDROP -j DROP -A VPNTRAFFIC -o ipsec+ -j VPNFW -A VPNTRAFFIC -o ipsec+ -j VPNFW_LOGDROP -A VPNTRAFFIC -i ipsec+ -j VPNFW -A VPNTRAFFIC -i ipsec+ -j VPNFW_LOGDROP -A VPNTRAFFIC -o tap+ -j VPNFW -A VPNTRAFFIC -o tap+ -j VPNFW_LOGDROP -A VPNTRAFFIC -i tap+ -j VPNFW -A VPNTRAFFIC -i tap+ -j VPNFW_LOGDROP -A VPNTRAFFIC -m physdev --physdev-out tap+ --physdev-is-bridged -j VPNFW -A VPNTRAFFIC -m physdev --physdev-out tap+ --physdev-is-bridged -j VPNFW_LOGDROP -A VPNTRAFFIC -m physdev --physdev-in tap+ -j VPNFW -A VPNTRAFFIC -m physdev --physdev-in tap+ -j VPNFW_LOGDROP -A ZONEFW -i br0 -o br0 -j ALLOW -A ZONEFW -i br0 -o br2 -j ALLOW -A ZONEFW -i br0 -o br1 -j ALLOW -A ZONEFW -i br2 -o br2 -j ALLOW -A ZONEFW -i br1 -o br1 -j ALLOW -A ZONEFW_LOGDROP -j DROP -A ZONETRAFFIC -i br0 -o br0 -j ZONEFW -A ZONETRAFFIC -i br0 -o br0 -j ZONEFW_LOGDROP -A ipac~fi -i br0 -A ipac~fi -i eth1 -A ipac~fo -o br0 -A ipac~fo -o eth1 -A ipac~i -o br0 -A ipac~i -o eth1 -A ipac~o -i br0 -A ipac~o -i eth1 COMMIT # Completed on Wed Apr 22 11:21:26 2009 # Generated by iptables-save v1.3.8 on Wed Apr 22 11:21:26 2009 *nat :PREROUTING ACCEPT [4527:375551] :POSTROUTING ACCEPT [38:3093] :OUTPUT ACCEPT [248:18489] :CONTENTFILTER - [0:0] :CUSTOMPOSTROUTING - [0:0] :CUSTOMPREROUTING - [0:0] :DNSMASQ - [0:0] :OPENVPNCLIENT - [0:0] :PORTFW - [0:0] :POSTPORTFW - [0:0] :SIPROXDPORTFW - [0:0] :SMTPSCAN - [0:0] :SOURCENAT - [0:0] :SQUID - [0:0] -A PREROUTING -j CUSTOMPREROUTING -A PREROUTING -j SIPROXDPORTFW -A PREROUTING -j CONTENTFILTER -A PREROUTING -j SQUID -A PREROUTING -j DNSMASQ -A PREROUTING -j PORTFW -A POSTROUTING -j CUSTOMPOSTROUTING -A POSTROUTING -j OPENVPNCLIENT -A POSTROUTING -j SOURCENAT -A POSTROUTING -j POSTPORTFW -A OUTPUT -j PORTFW -A CUSTOMPREROUTING -p tcp -m tcp --dport 25 -j SMTPSCAN -A PORTFW -d 10.1.1.150 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.168.2:80 -A PORTFW -d 10.1.1.150 -p tcp -m tcp --dport 21 -j DNAT --to-destination 192.168.168.2:21 -A PORTFW -d 10.1.1.150 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.168.2:443 -A PORTFW -d 10.1.1.150 -p tcp -m tcp --dport 993 -j DNAT --to-destination 192.168.168.2:993 -A PORTFW -d 10.1.1.150 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.168.2:3389 -A PORTFW -d 10.1.1.150 -p tcp -m tcp --dport 1723 -j DNAT --to-destination 192.168.168.2:1723 -A PORTFW -d 10.1.1.150 -p udp -m udp --dport 6277 -j DNAT --to-destination 192.168.168.9:6277 -A PORTFW -d 10.1.1.150 -p udp -m udp --dport 24441 -j DNAT --to-destination 192.168.168.9:24441 -A PORTFW -d 10.1.1.150 -p tcp -m tcp --dport 2703 -j DNAT --to-destination 192.168.168.9:2703 -A PORTFW -d 10.1.1.150 -p tcp -m tcp --dport 4282 -j DNAT --to-destination 192.168.168.9:4282 -A PORTFW -d 10.1.1.150 -p tcp -m tcp --dport 4280 -j DNAT --to-destination 192.168.168.9:4280 -A PORTFW -d 10.1.1.150 -p udp -m udp --dport 10000:10100 -j DNAT --to-destination 192.168.168.10:10000-10100 -A PORTFW -d 10.1.1.150 -p tcp -m tcp --dport 465 -j DNAT --to-destination 192.168.168.2:465 -A PORTFW -d 10.1.1.150 -p udp -m udp --dport 4569 -j DNAT --to-destination 192.168.168.10:4569 -A PORTFW -d 10.1.1.150 -p tcp -m tcp --dport 22 -j DNAT --to-destination 192.168.168.10:22 -A PORTFW -d 10.1.1.150 -p tcp -m tcp --dport 3390 -j DNAT --to-destination 192.168.168.34:3389 -A PORTFW -d 10.1.1.150 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.168.9:25 -A PORTFW -d 10.1.1.150 -p gre -j DNAT --to-destination 192.168.168.2 -A SOURCENAT -o eth1 -j SNAT --to-source 10.1.1.150 COMMIT # Completed on Wed Apr 22 11:21:26 2009 |
Advertisement
| Hall of Fame |
