CC commmunication schrieb:
> Hi
> wt i want to do is just simple setup. I will be very
> thankful for the help
>
> firewall/Gateway
> lan0---eth0-192.168.1.253/30--eth1-10.0.0.253/30-----Lan1
>
> I want one to write the iptable rule for forwarding of
> TCP traffic from Lan0 to lan1 on the server
> 10.0.0.254/30 port www, telnet, ssh, ftp 21,22 during
> the office timeings 9 am to 5pm with syn bit set or
> stateful option New, Established, Related
Just basic, may need some tuning. Ofcourse there are other ways to
achieve your goal.
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe ip_conntrack_ftp
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -N ALLOWED_TIME
iptables -A INPUT -i lo -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m time --timestart 09:00 --timestop 17:00 \
--days Mon,Tue,Wed,Thu,Fri -j ALLOWED_TIME
iptables -A ALLOWED_TIME -p tcp --dport 80 -s $LAN0 -d $LAN1 \
--syn -j ACCEPT
...
And so on.
> and log the packet field informations as well.
Sorry, what exactly do want to log ?
HTH and have a nice time,
Joerg
