D
derload
Grünschnabel
Hallo
ich bin grade ein Proxy wo ich mit BOT, rechner erlauben kann das sie ohne Proxy Aufs Internet zuzugreifen können.
Dann habe ich ein eintrag der mit erlaubt alle port 80 anfragen auf ein webserver umzuleiten wo eine Infoseite liegt
Das Poblemm ist nun das er auch die anfragen von den freien Pc umleitet ,was er aber nicht machen soll und da ist mein poblem
meine iptables
ich bin grade ein Proxy wo ich mit BOT, rechner erlauben kann das sie ohne Proxy Aufs Internet zuzugreifen können.
Dann habe ich ein eintrag der mit erlaubt alle port 80 anfragen auf ein webserver umzuleiten wo eine Infoseite liegt
Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 80
Das Poblemm ist nun das er auch die anfragen von den freien Pc umleitet ,was er aber nicht machen soll und da ist mein poblem
meine iptables
Code:
root@ipcop:~ # iptables -L -v
Chain BADTCP (2 references)
pkts bytes target prot opt in out source destination
0 0 PSCAN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
0 0 PSCAN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
0 0 PSCAN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
0 0 PSCAN tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN,RST
0 0 PSCAN tcp -- any any anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
6 240 NEWNOTSYN tcp -- any any anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
Chain BOT_FORWARD (1 references)
pkts bytes target prot opt in out source destination
1460 351K ACCEPT all -- eth0 eth1 laptop.stefanlan anywhere (hier sind die pcs die frei Internet habe für die keine info umleitung soll
1687 1534K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 REJECT all -- eth0 eth1 anywhere anywhere reject-with icmp-port-unreachable
Chain BOT_INPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eth0 any anywhere anywhere MAC 00:1F:16:0A:94:F3 tcp dpt:microsoft-ds
0 0 ACCEPT tcp -- eth0 any 10.0.0.0/24 anywhere tcp dpt:rsh-spx
10 541 ACCEPT tcp -- eth0 any 10.0.0.0/24 anywhere tcp dpt:mdbs_daemon
0 0 ACCEPT tcp -- eth0 any 10.0.0.0/24 anywhere tcp dpt:microsoft-ds
0 0 ACCEPT tcp -- eth0 any 10.0.0.0/24 anywhere tcp dpt:domain
45 2886 ACCEPT udp -- eth0 any 10.0.0.0/24 anywhere udp dpt:domain
0 0 ACCEPT tcp -- eth0 any 10.0.0.0/24 anywhere tcp dpt:ntp
0 0 ACCEPT udp -- eth0 any 10.0.0.0/24 anywhere udp dpt:ntp
0 0 ACCEPT tcp -- eth0 any 10.0.0.0/24 anywhere tcp dpt:bootpc
0 0 ACCEPT udp -- eth0 any 10.0.0.0/24 anywhere udp dpt:bootpc
0 0 ACCEPT tcp -- eth0 any 10.0.0.0/24 anywhere tcp dpt:bootps
0 0 ACCEPT udp -- eth0 any 10.0.0.0/24 anywhere udp dpt:bootps
0 0 ACCEPT tcp -- eth0 any 10.0.0.0/24 anywhere tcp dpt:hosts2-ns
59 12951 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
57 4446 REJECT all -- eth0 any anywhere anywhere reject-with icmp-port-unreachable
Chain CUSTOMFORWARD (1 references)
pkts bytes target prot opt in out source destination
5804 3956K XTG all -- any any anywhere anywhere
5804 3956K BOT_FORWARD all -- any any anywhere anywhere
Chain CUSTOMINPUT (1 references)
pkts bytes target prot opt in out source destination
26866 18M XTG all -- any any anywhere anywhere
26866 18M BOT_INPUT all -- any any anywhere anywhere
Chain CUSTOMOUTPUT (1 references)
pkts bytes target prot opt in out source destination
28342 19M XTG all -- any any anywhere anywhere
Chain DHCPBLUEINPUT (1 references)
pkts bytes target prot opt in out source destination
Chain DMZHOLES (0 references)
pkts bytes target prot opt in out source destination
Chain GUIINPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
Chain INPUT (policy DROP 1265 packets, 100K bytes)
pkts bytes target prot opt in out source destination
26872 18M ipac~o all -- any any anywhere anywhere
26872 18M BADTCP all -- any any anywhere anywhere
26866 18M CUSTOMINPUT all -- any any anywhere anywhere
25994 18M GUIINPUT all -- any any anywhere anywhere
24269 18M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
1725 136K IPSECVIRTUAL all -- any any anywhere anywhere
1725 136K OPENSSLVIRTUAL all -- any any anywhere anywhere
47 2148 ACCEPT all -- lo any anywhere anywhere state NEW
0 0 DROP all -- any any 127.0.0.0/8 anywhere state NEW
0 0 DROP all -- any any anywhere 127.0.0.0/8 state NEW
413 33649 ACCEPT !icmp -- eth0 any anywhere anywhere state NEW
1265 100K DHCPBLUEINPUT all -- any any anywhere anywhere
1265 100K IPSECPHYSICAL all -- any any anywhere anywhere
1265 100K OPENSSLPHYSICAL all -- any any anywhere anywhere
1265 100K WIRELESSINPUT all -- any any anywhere anywhere state NEW
1265 100K REDINPUT all -- any any anywhere anywhere
1265 100K XTACCESS all -- any any anywhere anywhere state NEW
390 29571 LOG all -- any any anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `INPUT '
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5804 3956K ipac~fi all -- any any anywhere anywhere
5804 3956K ipac~fo all -- any any anywhere anywhere
5804 3956K BADTCP all -- any any anywhere anywhere
394 20192 TCPMSS tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
5804 3956K CUSTOMFORWARD all -- any any anywhere anywhere
2531 2066K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
54 2823 IPSECVIRTUAL all -- any any anywhere anywhere
54 2823 OPENSSLVIRTUAL all -- any any anywhere anywhere
0 0 ACCEPT all -- lo any anywhere anywhere state NEW
0 0 DROP all -- any any 127.0.0.0/8 anywhere state NEW
0 0 DROP all -- any any anywhere 127.0.0.0/8 state NEW
54 2823 ACCEPT all -- eth0 any anywhere anywhere state NEW
0 0 WIRELESSFORWARD all -- any any anywhere anywhere state NEW
0 0 REDFORWARD all -- any any anywhere anywhere
0 0 PORTFWACCESS all -- any any anywhere anywhere state NEW
0 0 LOG all -- any any anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `OUTPUT '
Chain IPSECPHYSICAL (1 references)
pkts bytes target prot opt in out source destination
Chain IPSECVIRTUAL (2 references)
pkts bytes target prot opt in out source destination
Chain LOG_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any anywhere anywhere limit: avg 10/min burst 5 LOG level warning
0 0 DROP all -- any any anywhere anywhere
Chain LOG_REJECT (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any anywhere anywhere limit: avg 10/min burst 5 LOG level warning
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Chain NEWNOTSYN (1 references)
pkts bytes target prot opt in out source destination
6 240 LOG all -- any any anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `NEW not SYN? '
6 240 DROP all -- any any anywhere anywhere
Chain OPENSSLPHYSICAL (1 references)
pkts bytes target prot opt in out source destination
Chain OPENSSLVIRTUAL (2 references)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 28342 packets, 19M bytes)
pkts bytes target prot opt in out source destination
28342 19M ipac~i all -- any any anywhere anywhere
28342 19M CUSTOMOUTPUT all -- any any anywhere anywhere
Chain PORTFWACCESS (1 references)
pkts bytes target prot opt in out source destination
Chain PSCAN (5 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- any any anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `TCP Scan? '
0 0 LOG udp -- any any anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `UDP Scan? '
0 0 LOG icmp -- any any anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `ICMP Scan? '
0 0 LOG all -f any any anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `FRAG Scan? '
0 0 DROP all -- any any anywhere anywhere
Chain REDFORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain REDINPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp spt:bootps dpt:bootpc
0 0 ACCEPT udp -- eth1 any anywhere anywhere udp spt:bootps dpt:bootpc
Chain WIRELESSFORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain WIRELESSINPUT (1 references)
pkts bytes target prot opt in out source destination
Chain XTACCESS (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eth1 any anywhere ipcop tcp dpt:ident
Chain XTG (3 references)
pkts bytes target prot opt in out source destination
Chain ipac~fi (1 references)
pkts bytes target prot opt in out source destination
1549 356K all -- eth0 any anywhere anywhere
1708 1557K all -- eth1 any anywhere anywhere
Chain ipac~fo (1 references)
pkts bytes target prot opt in out source destination
1708 1557K all -- any eth0 anywhere anywhere
1549 356K all -- any eth1 anywhere anywhere
Chain ipac~i (1 references)
pkts bytes target prot opt in out source destination
915 296K all -- any eth0 anywhere anywhere
111 11800 all -- any eth1 anywhere anywhere
Chain ipac~o (1 references)
pkts bytes target prot opt in out source destination
651 56457 all -- eth0 any anywhere anywhere
128 47261 all -- eth1 any anywhere anywhere
root@ipcop:~ #