for in proc sys net ipv4 conf send_redirects do echo done for in proc

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f; done
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f; done
iptables -t nat -I PREROUTING -d 94.79.50.174 -p tcp -m tcp --dport 11100 -j DNAT --to-destination 10.8.0.2:8080
iptables -t nat -I POSTROUTING -d 10.8.0.2 -p tcp -m tcp --dport 8080 -j SNAT --to-source 10.8.0.1
iptables -t nat -I OUTPUT -d 94.79.50.174 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.8.0.2
iptables -I FORWARD 1 -i eth1 -o tap0 -d 10.8.0.2 -p tcp -m tcp --dport 8080 -j ACCEPT
iptables -t nat -I PREROUTING -d 94.79.50.174 -p tcp -m tcp --dport 11101 -j DNAT --to-destination 10.8.0.2:544
iptables -t nat -I POSTROUTING -d 10.8.0.2 -p tcp -m tcp --dport 544 -j SNAT --to-source 10.8.0.1
iptables -t nat -I OUTPUT -d 94.79.50.174 -p tcp -m tcp --dport 544 -j DNAT --to-destination 10.8.0.2
iptables -I FORWARD 1 -i eth1 -o tap0 -d 10.8.0.2 -p tcp -m tcp --dport 544 -j ACCEPT
iptables -t nat -I PREROUTING -d 94.79.50.174 -p tcp -m tcp --dport 11102 -j DNAT --to-destination 10.8.0.2:34567
iptables -t nat -I POSTROUTING -d 10.8.0.2 -p tcp -m tcp --dport 34567 -j SNAT --to-source 10.8.0.1
iptables -t nat -I OUTPUT -d 94.79.50.174 -p tcp -m tcp --dport 34567 -j DNAT --to-destination 10.8.0.2
iptables -I FORWARD 1 -i eth1 -o tap0 -d 10.8.0.2 -p tcp -m tcp --dport 34567 -j ACCEPT
iptables -t nat -I PREROUTING -d 94.79.50.174 -p tcp -m tcp --dport 11103 -j DNAT --to-destination 10.8.0.2:34599
iptables -t nat -I POSTROUTING -d 10.8.0.2 -p tcp -m tcp --dport 34599 -j SNAT --to-source 10.8.0.1
iptables -t nat -I OUTPUT -d 94.79.50.174 -p tcp -m tcp --dport 34599 -j DNAT --to-destination 10.8.0.2
iptables -I FORWARD 1 -i eth1 -o tap0 -d 10.8.0.2 -p tcp -m tcp --dport 34599 -j ACCEPT
iptables --table nat --append POSTROUTING --jump MASQUERADE
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE
--------------------------------------------------------------------------------------
# ifconfig
eth1 Link encap:Ethernet HWaddr 00:03:ff:9c:30:44
inet addr:94.79.50.174 Bcast:94.79.50.175 Mask:255.255.255.252
inet6 addr: fe80::203:ffff:fe9c:3044/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1141335709 errors:0 dropped:0 overruns:0 frame:0
TX packets:1032765761 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3202708818 (3.2 GB) TX bytes:3154854945 (3.1 GB)
Interrupt:19 Base address:0xe800
eth2 Link encap:Ethernet HWaddr 00:02:44:87:12:98
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::202:44ff:fe87:1298/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:866283084 errors:0 dropped:0 overruns:0 frame:0
TX packets:957901309 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2828543342 (2.8 GB) TX bytes:302834533 (302.8 MB)
Interrupt:16 Base address:0xe400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:137649594 errors:0 dropped:0 overruns:0 frame:0
TX packets:137649594 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7987806530 (7.9 GB) TX bytes:7987806530 (7.9 GB)
tap0 Link encap:Ethernet HWaddr 56:7d:e4:97:32:d7
inet addr:10.8.0.1 Bcast:10.8.0.255 Mask:255.255.255.0
inet6 addr: fe80::547d:e4ff:fe97:32d7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2848091 errors:0 dropped:0 overruns:0 frame:0
TX packets:2199289 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:743108788 (743.1 MB) TX bytes:138058495 (138.0 MB)
--------------------------------------------------------------------------
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 94.79.50.173 0.0.0.0 UG 100 0 0 eth1
10.8.0.0 * 255.255.255.0 U 0 0 0 tap0
94.79.50.172 * 255.255.255.252 U 0 0 0 eth1
192.168.0.0 * 255.255.255.0 U 0 0 0 eth2
--------------------------------------------------------------------------
# arp -an
? (192.168.0.32) at bc:ae:c5:c3:a1:b6 [ether] on eth2
? (192.168.0.134) at 0c:74:c2:63:c6:5a [ether] on eth2
? (192.168.0.122) at <incomplete> on eth2
? (192.168.0.127) at 00:21:91:55:1d:57 [ether] on eth2
? (192.168.0.45) at c4:3d:c7:cf:a9:a8 [ether] on eth2
? (192.168.0.157) at 00:1c:26:50:de:1b [ether] on eth2
? (192.168.0.58) at 90:b9:31:e2:36:fb [ether] on eth2
? (192.168.0.63) at 4c:60:de:6f:76:6b [ether] on eth2
? (94.79.50.173) at 00:15:f9:8f:2f:61 [ether] on eth1
? (192.168.0.93) at 00:0c:30:a2:a9:56 [ether] on eth2
? (192.168.0.41) at 00:25:22:dd:a0:58 [ether] on eth2
? (192.168.0.111) at 00:25:d3:c2:3d:01 [ether] on eth2
? (10.8.0.2) at 00:ff:3b:c2:41:f7 [ether] on tap0
? (192.168.0.49) at 84:b1:53:70:e2:44 [ether] on eth2
? (192.168.0.136) at <incomplete> on eth2
? (192.168.0.54) at 40:6c:8f:09:f5:3b [ether] on eth2
? (192.168.0.146) at 30:f7:c5:45:e6:9e [ether] on eth2
? (192.168.0.79) at 50:46:5d:af:7a:94 [ether] on eth2
? (192.168.0.89) at 00:25:22:e4:42:02 [ether] on eth2
? (192.168.0.104) at b8:e8:56:20:11:ae [ether] on eth2