Linux

Moderators: ArcherBarry, Fuzzwood

Reageer

Bericht 28-05-'08, 13:09

johannesen

Berichten: 30

Linux

dag allemaal,

ik ga morgen linux installeren op mijn pc

ik heb een aantal configuraties en commando's verzameld om mee te experimenteren, ik heb een idee van hun betekenissen maar de consequenties kan ik moeilijk inschatten (per commando of per configuratie)

weet iemand er meer van, kan iemand meer uitleg geven

max-lease-time 86400;

default-lease-time 86400;

Option domain-name-servers 193.190.59.97, 193.190.59.100, 193.190.56.250;

subnet 192.168.0.0 netmask 255.255.255.0

{range 192.168.0.1 192.168.0.99;

option routers 192.168.0.100;}

subnet 192.168.1.0 netmask 255.255.255.0

{range 192.168.1.1 192.168.1.99;

option routers 192.168.1.100;}

subnet 10.1.0.0 netmask 255.255.0.0

{nonauthoratative}

ddns-update-style ad-hoc;

iptables -F

iptables -t nat -F

iptables - -delete-chain

iptables - -table nat - -delete-chain

iptables –t nat –A POSTROUTING –o eth0 –j MASQUERADE

#!/bin/bash

iptables --table filter --flush

iptables --table filter --delete-chain

iptables --table filter --zero

iptables --table nat --flush

iptables --table nat --delete-chain

iptables --table nat --zero

iptables --table mangle --flush

iptables --table mangle --delete-chain

iptables --table mangle --zero

iptables --table filter --policy INPUT ACCEPT

iptables --table filter --policy OUTPUT ACCEPT

iptables --table filter --policy FORWARD ACCEPT

iptables --table nat --policy PREROUTING ACCEPT

iptables --table nat --policy POSTROUTING ACCEPT

iptables --table nat --policy OUTPUT ACCEPT

iptables --table mangle --policy INPUT ACCEPT

iptables --table nat --policy OUTPUT ACCEPT

iptables --table nat --policy FORWARD ACCEPT

iptables --table nat --policy POSTROUTING ACCEPT

echo “Hallo $USER”

echo “de iptables zijn gereset naar hun standaard waarden”

chmod +x /etc/cleantables sh cleantables

iptables –L –n

#!bin/bash

iptables - -table filter - -policy INPUT DROP

iptables - -table filter - -policy OUTPUT DROP

iptables - -table filter - -policy FORWARD DROP

iptables –t filter –A INPUT –s 127.0.0.1 –i lo –j ACCEPT

iptables –t filter –A OUTPUT –d 127.0.01 –o lo j ACCEPT

echo “de chains in de filter table staan op drop”

echo “verkeer van en naar localhost is toegestaan”

iptables - -table filter –A INPUT –s 192.168.0.0/24 –d 192.168.0.100 –i eth1 –j ACCEPT

iptables - -table filter –A OUTPUT –s 192.168.0.100 –d 192.168.0.0/24 –o eth1 –j ACCEPT

iptables –table filter –A INPUT –s 192.168.1.0/24 –d 192.168.1.100 –i eth2 –j ACCEPT

iptables –table filter –A OUTPUT –s 192.168.1.100 –d 192.168.1.0/24 –o eth2 –j ACCEPT

iptables –table filter –A FORWARD –s 192.168.0.0/24 –d 192.168.1.0/24 –i eth1 –j ACCEPT

iptables –table filter –A FORWARD –s 192.168.1.0/24 –d 192.168.0.0/24 –i eth2 –j ACCEPT

iptables –t filter –A FORWARD –i eth1 –p tcp - -tcp-flags SYN,ACK,RST,FIN SYN –j ACCEPT

iptables –t filter –A FORWARD –i eth0 –p tcp - -tcp-flags SYN,ACK,RST,FIN SYN,ACK –j ACCEPT

iptables –t filter –A FORWARD –p tcp - -tcp-flags SYN,ACK,RST,FIN ACK –j ACCEPT

iptables –t filter –A FORWARD –p tcp - -tcp-flags SYN,ACK,RST,FIN ACK,FIN –j ACCEPT

iptables –t filter –A FORWARD –p tcp - -tcp-flags SYN,ACK,RST,FIN RST –j ACCEPT

iptables –A FORWARD –p tcp –m state - -state ESTABLISHED –j ACCEPT

iptables –A FORWARD –p tcp –m state - -state NEW –i ! eth0 –j ACCEPT

iptables –A FORWARD –p udp –m state - -state ESTABLISHED –j ACCEPT

iptables –A FORWARD –p udp –m state - -state NEW –i ! eth0 –j ACCEPT

iptables - -table filter –A OUTPUT –o eth0 –p icmp - -icmp-type echo-request –j ACCEPT

iptables - -table filter –A INPUT –i eth0 –p icmp - -icmp-type echo-reply –j ACCEPT

iptables - -table filter –A INPUT –i eth0 –p icmp - -icmp-type echo-request –m limit - -limit 5/minute - -limit-burst 10 –j ACCEPT

iptables - -table filter –A OUTPUT –o eth0 –p icmp - -icmp-type echo-reply –j ACCEPT

iptables –A FORWARD –p icmp –m state - -state ESTABLISHED,RELATED -j ACCEPT

iptables –A FORWARD –p icmp –m state - -state NEW –i ! eth0 -j ACCEPT

iptables --table filter --flush

iptables --table filter --delete-chain

iptables --table filter --zero

iptables --table nat --flush

iptables --table nat --delete-chain

iptables --table nat --zero

iptables --table mangle --flush

iptables --table mangle --delete-chain

iptables --table mangle --zero

iptables --table filter --policy INPUT DROP

iptables --table filter --policy OUTPUT DROP

iptables --table filter --policy FORWARD DROP

iptables --table nat --policy PREROUTING ACCEPT

iptables --table nat --policy POSTROUTING ACCEPT

iptables --table nat --policy OUTPUT ACCEPT

iptables --table mangle --policy PREROUTING ACCEPT

iptables --table mangle --policy INPUT ACCEPT

iptables --table mangle --policy FORWARD ACCEPT

iptables --table mangle --policy OUTPUT ACCEPT

iptables --table mangle --policy POSTROUTING ACCEPT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables-t nat –A PREROUTING –I eth0 –p tcp –dport 80 –j DNAT –to 192.168.20.10

iptables –t filter –A FORWARD –p tcp –m state –state ESTABLISHED –j ACCEPT

iptables –t filter –A FORWARD –p tcp –dport 80 –m state –state NEW –i eth0 –j ACCEPT



Lokaal verkeer toestaan:

iptables -t filter -A INPUT -s 127.0.0.1 -i lo -j ACCEPT

iptables -t filter -A OUTPUT -d 127.0.0.1 -o lo -j ACCEPT

Limiteren van pings naar de local host:

iptables -t filter -A INPUT -i eth0 -p icmp --icmp-type echo-request -m limit --limit 11/minute --limit-burst 15 -j ACCEPT

iptables -t filter -A OUTPUT -o eth0 -p icmp --icmp-type echo-reply -j ACCEPT

Logging:

iptables --t filter -A INPUT -j LOG --log-prefix "Toekomende pakket"

Verkeer tussen pc en router:

iptables -t filter –A INPUT –s xxx.xxx.x.x/xx –d xxx.xxx.x.xxx –i eth1 –j ACCEPT

iptables -t filter –A OUTPUT –s xxx.xxx.x.xxx –d xxx.xxx.x.x/xx –o eht1 –j ACCEPT

iptables -t filter –A INPUT –s xxx.xxx.x.x/xx –d xxx.xxx.x.xxx –i eth2 –j ACCEPT

iptables -t filter –A OUTPUT –s xxx.xxx.x.xxx –d xxx.xxx.x.x/xx –o eht2 –j ACCEPT

Internet toestaan voor LAN:

iptables -t filter -A FORWARD –i eth0 -p tcp --tcp-flags SYN,ACK,RST,FIN SYN,ACK -j ACCEPT

iptables -t filter -A FORWARD –i eth1 -p tcp --tcp-flags SYN,ACK,RST,FIN SYN -j ACCEPT

iptables -t filter -A FORWARD -p tcp --tcp-flags SYN,ACK,RST,FIN ACK -j ACCEPT

iptables --table filter -A FORWARD -p tcp --tcp-flags SYN,ACK,RST,FIN RST -j ACCEPT

iptables --table filter -A FORWARD -p tcp --tcp-flags SYN,ACK,RST,FIN ACK,FIN -j ACCEPT

iptables -t filter -A FORWARD -p udp -m state --state ESTABLISHED -j ACCEPT

iptables -t filter -A FORWARD -p udp -m state --state NEW -i ! eth0 -j ACCEPT

Services voor DMZ:

iptables-t nat –A PREROUTING –I eth0 –p tcp –dport 80 –j DNAT –to xxx.xxx.x.xx

iptables –t filter –A FORWARD –p tcp –m state –state ESTABLISHED –j ACCEPT

iptables –t filter –A FORWARD –p tcp –dport 80 –m state –state NEW –I ! eth0 –j ACCEPT
Omhoog

Bericht 28-05-'08, 19:48

EvilBro

Berichten: 7.068

Re: Linux

ik ga morgen linux installeren op mijn pc
okee,,, weet je zeker dat je dat wilt? Is het niet verstandiger om eerst een Live-cd te proberen of Wubi.
ik heb een aantal configuraties en commando's verzameld om mee te experimenteren,
Hier betwijfel ik het nut van. Ik denk dat het slimmer is dat je probeert je pc zo in te richten dat je er mee kan wat je er mee wil. Om dit te bereiken zul je bepaalde stappen moeten nemen en uitzoeken. Hierdoor leer je vanzelf commando's te gebruiken.

Hetgeen je hierna postte is een of andere configuratie file voor netwerk/firewall. Niet echt iets waar je je direct mee bezig hoeft te houden (als het goed is).
Omhoog
Reageer

Terug naar “Huiswerk en Practica”