|
ip XP - 192.168.0.1
# Maximum Segment Size (MSS) для Forwarding на PMTU разрешить
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
# NAT для IRC
modprobe ip_nat_irc
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 6667 -j DNAT --to-destination 192.168.0.1
iptables -t nat -A POSTROUTING -o eth1 -p tcp --dport 6667 -j SNAT --to-source $LAN_IP
iptables -A FORWARD -i ppp0 -m state --state NEW -p tcp -d 192.168.0.1 --dport 6667 -j ACCEPT
# NAT для EDONKEY
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 4661 -j DNAT --to-destination 192.168.0.1
iptables -t nat -A POSTROUTING -o eth1 -p tcp --dport 4661 -j SNAT --to-source $LAN_IP
iptables -A FORWARD -i ppp0 -m state --state NEW -p tcp -d 192.168.0.1 --dport 4661 -j ACCEPT
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 4662 -j DNAT --to-destination 192.168.0.1
iptables -t nat -A POSTROUTING -o eth1 -p tcp --dport 4662 -j SNAT --to-source $LAN_IP
iptables -A FORWARD -i ppp0 -m state --state NEW -p tcp -d 192.168.0.1 --dport 4662 -j ACCEPT
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 4663 -j DNAT --to-destination 192.168.0.1
iptables -t nat -A POSTROUTING -o eth1 -p tcp --dport 4663 -j SNAT --to-source $LAN_IP
iptables -A FORWARD -i ppp0 -m state --state NEW -p tcp -d 192.168.0.1 --dport 4663 -j ACCEPT
iptables -t nat -A PREROUTING -i ppp0 -p udp --dport 4665 -j DNAT --to-destination 192.168.0.1
iptables -t nat -A POSTROUTING -o eth1 -p udp --dport 4665 -j SNAT --to-source $LAN_IP
iptables -A FORWARD -i ppp0 -m state --state NEW -p udp -d 192.168.0.1 --dport 4665 -j ACCEPT
Последний раз редактировалось Gennadi; 28.05.2004 в 09:48.
|