OpenWrt防火墙参考
# intranet visited
iptables -I INPUT -s 192.168.0.0/23 -j ACCEPT
iptables -I INPUT -s 172.26.100.0/24 -j ACCEPT
# PPTP visited
iptables -I INPUT -p tcp --dport 1723 -j ACCEPT
iptables -I INPUT -p 47 -j ACCEPT
# SSH visited
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
# internet visit the inside web server
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 88 -j ACCEPT
iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
# INPUT default
iptables -P INPUT DROP
# intranet forward
iptables -I FORWARD -s 192.168.0.0/23 -j ACCEPT
iptables -I FORWARD -s 172.26.100.0/24 -j ACCEPT
# SNAT & DNAT
iptables -t nat -I POSTROUTING -d 192.168.1.0/24 -j MASQUERADE
#this is a sample for SNAT,above is nat weizhuang
#iptables -t nat -I POSTROUTING -d 192.168.1.0/24 -j SNAT --to 1.2.3.4
#this is a sample for DMZ
#iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.1.206:80
iptables -t nat -I PREROUTING -d 172.26.1.1 -j DNAT --to 192.168.1.1
iptables -t nat -I PREROUTING -d 172.26.1.2 -j DNAT --to 192.168.1.2
iptables -t nat -I PREROUTING -d 172.26.1.3 -j DNAT --to 192.168.1.3
iptables -t nat -I PREROUTING -d 172.26.1.4 -j DNAT --to 192.168.1.4
# REDIRECT from 88,8080 to 80
iptables -t nat -I PREROUTING -p tcp --dport 88 -j REDIRECT --to-ports 80
iptables -t nat -I PREROUTING -p tcp --dport 8080 -j REDIRECT --to-ports 80
exit 0
发表评论: