new Philips SRM5100 Fix bug in Linux

posted on 15 Oct 2008 22:17 by linux4live
Philips SRM5100 (mceusb2) - no /dev/lirc0 created
Sorted thanks;

For others stumbling across this, here's what you need to do.

Code: 
lsusb
Note down the info for your remote, in my case;

Code: 
0471:060d Philips
Install the lirc modules source files

Code: 
sudo apt-get install lirc-modules-source
Go find the driver;

Code: 
cd /usr/src/lirc-0.8.3~pre1/drivers/lirc_mceusb2
Edit the lirc_mceusb2.c file and add in your particulars. Scroll down to where the remotes are listed. If your vendor is not listed than you'll have to add that in. (eg define VENDOR_PHILIPS 0x0471)
NB. Philips is already listed as above.

Now add in the particulars for your remote. In my case;

Code: 
        /* Philips SRM5100 */
{ USB_DEVICE(VENDOR_PHILIPS, 0x060d) },
NB. Note from the code you noted down that the first bit is the vendor code (0471) and the second the remote id. (060d)

Now it's time to rebuild the modules.

We'll start by clearing out the old one.

Code: 
sudo dkms remove -m lirc -v 0.8.3~pre1 --all
Now it's time to build your new one.

Code: 
sudo dkms add -m lirc -v 0.8.3~pre1
sudo dkms -m lirc -v 0.8.3~pre1 build
sudo dkms -m lirc -v 0.8.3~pre1 install
Now update the modules and restart lirc;

Code: 
sudo rmmod lirc_mceusb2
sudo modprobe lirc_mceusb2
sudo /etc/init.d/lirc restart
Now run;
Code: 
irw
press a few buttons on your remote and you should now get a response. You're done! (You may need to reboot to have it working in mythtv)
Tags: bug, lirc, ubuntu2 Comments

Add Mirror Ubuntu 8.04 in thai

posted on 15 Oct 2008 21:30 by linux4live

#sudo /etc/apt/source.list

#deb cdrom:[Mythbuntu 8.04 i386]/ hardy main restricted universe
deb http://mirror.in.th./osarchive/ubuntu hardy main restricted universe mult$
deb http://mirror.in.th./osarchive/ubuntu hardy-updates main restricted unive$
deb http://mirror.in.th./osarchive/ubuntu hardy-security main restricted univ$
deb http://mirror.in.th./osarchive/ubuntu hardy-backports main restricted uni$
deb-src http://mirror.in.th./osarchive/ubuntu hardy-updates main restricted u$
deb-src http://mirror.in.th./osarchive/ubuntu hardy universe multiverse main $
deb-src http://mirror.in.th./osarchive/ubuntu hardy-backports main restricted$
deb-src http://mirror.in.th./osarchive/ubuntu hardy-security main restricted $

 

Tags: ubuntu0 Comments

CC multiwan Custom Script

posted on 02 Apr 2008 13:21 by linux4live  in Clarkconnect
Hi all, I just finished my config CCBox 2 for 2 supports simultannées Internet connections.

J'ai eu beaucoup de soucis pour faire fonctionner mon serveur de manière optimale donc j'espere que ce modeste tutorial permetra a certains de moins galérer I had a lot of trouble doing my server function in an optimal way, therefore I hope that this modest tutorial allow certain less galérer
Ce tutorial est basé sur la distrib CC en version 2 mais peut sans probléme être adapté sur toute machine linux. This tutorial is based on the distrib CC version 2 without problem but can be adapted to any machine linux.

Petit historique : Little background:
------------------ ------------------
Etant abonné à Free dégroupé je suis souvent victime de probléme techniques plus ou moins long Being a subscriber to Free unbundled I am often a victim of technical problem or longer c'est pourquoi j'ai decidé de rajouter une deuxiéme ligne téléphonique chez moi ainsi qu'un abonnement ADSL 1024 à Club Internet That is why I decided to add a second phone line at home and an ADSL Internet Club in 1024 J'ai donc desormais 2 connexiosn ADSL qu'il s'agisait d'exploiter à fond... So I now 2 connexiosn ADSL s'agisait exploit it thoroughly ...

Solution matérielle alternative : Solution alternative material:
----------------------------------- -----------------------------------
Pour ceux qui ne veulent pas se fatiquer à configurer une machine Linux il ya un routeur chez Nexland qui permet de gérer 2 accès WAN le ISB 800 Pro Turbo. For those who do not want to fatiquer to configure a Linux machine ago at Nexland router that manages 2 WAN access the ISB Pro Turbo 800. Mais d'une part ca vaut + de 400€ et d'autre part Nexland a été racheté par Symantec et il n'est pas sur qu'ils continuent à produire ce routeur. But on the one hand is ca + € 400 and on the other hand Nexland was acquired by Symantec and it is not on they continue to produce this router. (http://www.materiel.net/details_ISB-PRO800T.html) (Http://www.materiel.net/details_ISB-PRO800T.html)

Matériel minimum nécessaire : Hardware minimum necessary:
--------------------------------- ---------------------------------
- Un PC qui permet de faire tourner Linux (c pas beaucoup demandé) -- A PC which allows you to run Linux (c little requested)
- 3 cartes réseaux reconnues par le penguin -- 3 network cards recognized by the penguin
- 2 modems ADSL Ethernet (ou routeur/modem) -- 2 Ethernet ADSL modems (or router / modem)
(PS : la config peut être adaptée aux PPPoE/A via modem USB avec un peut de travail) (PS: config can be tailored to PPPoE / A via USB modem with a bit of work)

Pour info voici ma config : For info here is my config:
- Athlon 1700Xp / 256Mo / 40Go -- Athlon 1700Xp / 256MB / 40GB
- 1 port réseau sur CM -- 1 network port on CM
- 2 cartes réseaux PCI "noname" à 10€ -- 2 PCI network cards "noname" to 10 €
- Un modem/routeur SMC Bra 7401 -- 7401
- Un modem Alcatel STH patché en 510v3 -- A modem Alcatel STH patched in 510v3
Le SMC est configuré pour ClubInternet et le Alcatel pour Free The MSC is configured to ClubInternet and Alcatel for Free

Interfaces : Interfaces:
------------ ------------
On suppose que l'on a 2 interfaces externes : eth1 et eth2 It is assumed that one has 2 external interfaces: eth1 and eth2
Le réseau local (LAN) est sur The local area network (LAN) is on

WORLD WORLD WORLD WORLD
| | | |
Free Club Internet Free Club Internet
192.168.2.1 192.168.1.1 192.168.2.1 192.168.1.1
eth1 eth2/ Eth1 eth2 /
192.168.2.100 192.168.1.100 192.168.2.100 192.168.1.100
NAT ROUTER NAT ROUTER
|192.168.0.100 | 192.168.0.100
----+-------------------+--- ----+-------------------+---
Internal Boxes 192.168.0.XXX Internal Boxes 192.168.0.XXX

Merci a Julian pour le shéma Thanks to Julian for shéma

Donc : So:
-192.168.2.100 est l'adresse IP de la carte réseau connecté au modem STH -192.168.2.100 Is the IP address of the network card connected to the modem STH
-192.168.2.1 est l'adresse IP du modem STH -192.168.2.1 Is the IP address of the modem STH
Pareil du côté de SMC Such side SMC

Mise en place : Mise en place:
--------------- ---------------

1- Modification du Kernel : 1 - Changing the Kernel:
------------------------------ ------------------------------

Avant toutes choses il faut patché et recompiler le Kernel de Linux. Above all it must be patched and recompile the Linux Kernel.

Le but de ce tutorial n'est pas d'apprendre à recompiler un Kernel pour cela allez sur : The purpose of this tutorial is not to learn how to compile a Kernel why go to:
http://lea-linux.org/kernel/ Http://lea-linux.org/kernel/

Sous CC vous devez installer l'environnement de developpement ainsi que les sources du kernel. Under CC you need to install the development environment and the kernel sources. Il ya plein d'explication sur le forum officiel. There are plenty of explanation on the official forum. (de mémoire il faut utiliser apt-get) (Memory must be used apt-get)

Vous devez donc patcher votre Kernel avec le diff de Julian Anastasov sur You need to patch your kernel with the diff on Julian Anastasov http://www.ssi.bg/~ja/#routes Http://www.ssi.bg/ ja ~ / # roads (ClarkConnect utilise un Kernel 2.4.X) (ClarkConnect uses a Kernel 2.4.X)

Pour rappel la commande pour patcher : To recall the order to patch:
#/usr/src/linux patch -p1 < file.diff # / Usr / src / linux patch-p1 <file.diff

Dans le noyau vous devez activer toutes les options réseaux avancées en particulier le MULTIPATH. In the nucleus you need to activate all the options advanced networking in particular MULTIPATH.

On compile et on intstall. It compiles and intstall it.

2- Création d'un fichier de configuration des interfaces réseaux : 2 - Creating a configuration file of network interfaces:
------------------------------------------------------------------------- -------------------------------------------------- -----------------------

Afin de facilier toutes modifs ultérieures et autres changement de configuration on va créer un fichier de paramétre du réseau. In order to facilitate any future modifications and other configuration change we will create a file parameter of the network. Je sais ca existe déjà notament dans /etc/sysconfig/networking-sripts mais bon je trouve ces fichiers compliqués et difficiles d'accés. I know ca already exists especially in / etc / sysconfig / networking-sripts good but I find these files complicated and difficult to find.

on appel le fichier network-settings Call on the network-settings file

A oui désolé pour les non anglophones mais en général je fait tous mes scripts en Anglais... A yes sorry for the non-English, but overall I made all my scripts in English ...

En réponse à: In response to:


# Network settings for iproute.sh and iptables.sh # Network settings for iproute.sh and iptables.sh
# Author: Cyrille # Author: Cyrille

######################################################## ################################################## ######
# LAN / INTERNAL # LAN / INTERNAL
######################################################## ################################################## ######

LANIF="eth0" # Interface LANIF = "eth0" # Interface
LANIP="192.168.0.100" # IP Address LANIP = "192.168.0.100" # IP Address
NMI="24" # Network Mask NMI = "24" # Network Mask
NWI="192.168.0.0" # Network Address NWI = "192.168.0.0" # Network Address

######################################################### ################################################## #######
# EXTERNAL 1 : FREE (with STH) EXTERNAL # 1: FREE (with STH)
######################################################### ################################################## #######
EXTIF1="eth1" # Interface EXTIF1 = "eth1" # Interface
EXTIP1="192.168.2.100"# IP Address EXTIP1 = "192.168.2.100" # IP Address
GWE1="192.168.2.1" # Gateway GWE1 = "192.168.2.1" # Gateway
NME1="24" # Network mask in number of bits NME1 = "24" # Network mask in number of bits
BRD1="192.168.2.255" # Broadcast Address BRD1 = "192.168.2.255" # Broadcast Address
NWE1="192.168.2.0" # Network Address NWE1 = "192.168.2.0" # Network Address

######################################################## ################################################## ######
# EXTERNAL 2 : CLUB INTERNET EXTERNAL # 2: INTERNET CLUB
######################################################## ################################################## ######

EXTIF2="eth2" # Interface EXTIF2 = "eth2" # Interface
EXTIP2="192.168.1.100"# IP Address EXTIP2 = "192.168.1.100" # IP Address
GWE2="192.168.1.1" # Gateway GWE2 = "192.168.1.1" # Gateway
NME2="24" # Network mask in number of bits NME2 = "24" # Network mask in number of bits
BRD2="192.168.1.255" # Broadcast Address BRD2 = "192.168.1.255" # Broadcast Address
NWE2="192.168.1.0" # Network Address NWE2 = "192.168.1.0" # Network Address



Ce fichier sert juste à récapituler vos paramétres réseaux. This file is used just to summarize your network settings. Remplacez les valeurs par les votres. Replace the values by yours. N'oubliez pas que les adresses de chaque interface doivent être dans le même subnet. Remember that addresses each interface must be in the same subnet.

3- Mise en place du fichier iproute.sh : 3 - Setting up file iproute.sh:
------------------------------------------
Ce fichier sert a regénérer les interfaces réseaux ainsi que la table de routage au démarage de l'ordinateur. This file is used to regenerate the network interfaces, as well as the routing table at startup of the computer.
Ce fichier se place dans /etc/rc.d et on fait un chmod +x dessus. This file is placed in / etc / rc.d and doing a chmod + x.

En réponse à: In response to:

#!/bin/sh #! / Bin / sh
#
# Network and routing table script # Network and routing table script
# Author: Cyrille Stepanyk # Author: Cyrille Stepanyk
#

########################################################## ################################################## ########
# SETTINGS # SETTINGS
########################################################## ################################################## ########

# Read Network Settings File # Read Network File Settings
[ -f /etc/rc.d/network-settings ] && . [-F / etc / rc.d / network-settings] & &. /etc/rc.d/network-settings / Etc / rc.d / network-settings

########################################################## ################################################## ########
# NICS SETTINGS # NICS SETTINGS
########################################################## ################################################## ########

# local loopback # Local loopback
ip link set lo up IP link set up LO
ip addr add 127.0.0.1/8 brd + dev lo Ip addr add 127.0.0.1 / 8 + dev lo brd

# eth0 # Eth0
ip link set $LANIF up Ip link set up $ LANIF
ip addr add $LANIP/$NMI brd + dev $LANIF Ip addr add $ LANIP / $ NMI brd + dev $ LANIF

# eth1 # Eth1
ip link set $EXTIF1 up Ip link set up $ EXTIF1
ip addr add $EXTIP1/$NME1 brd $BRD1 dev $EXTIF1 Ip addr EXTIP1 add $ / $ $ NME1 brd BRD1 dev $ EXTIF1
ifconfig $EXTIF1 mtu 1472 Ifconfig $ EXTIF1 MTU 1472

# eth2 # Eth2
ip link set $EXTIF2 up Ip link set up $ EXTIF2
ip addr add $EXTIP2/$NME2 brd $BRD2 dev $EXTIF2 Ip addr EXTIP2 add $ / $ $ NME2 brd BRD2 dev $ EXTIF2
ifconfig $EXTIF2 mtu 1472 Ifconfig $ EXTIF2 MTU 1472

########################################################## ################################################## ########
# ROUTING TABLE # ROUTING TABLE
########################################################## ################################################## ########

# table main # Main table
ip rule add prio 10 table main Ip rule add 10 table main priority

# table 20 # 20 table
ip rule add prio 20 from $NWE1/$NME1 table 20 Ip rule add priority NWE1 from $ 20 / $ 20 table NME1
ip route append default via $GWE1 dev $EXTIF1 src $EXTIP1 table 20 Ip route append default via GWE1 dev $ $ $ EXTIF1 src EXTIP1 table 20

# table 30 # 30 table
ip rule add prio 30 from $NWE2/$NME2 table 30 Ip rule add priority NWE2 from $ 30 / $ 30 table NME2
ip route append default via $GWE2 dev $EXTIF2 src $EXTIP2 table 30 Ip route append default via GWE2 dev $ $ $ EXTIF2 src EXTIP2 table 30

# table 100 Table # 100
ip rule add prio 100 from $NWI/$NMI table 100 Ip rule add priority NWI from $ 100 / $ 100 table NMI
ip route add default table 100 nexthop via $GWE1 dev $EXTIF1 weight 2 nexthop via $GWE2 dev $EXTIF2 weight 1 Ip route add default table nexthop via $ 100 dev GWE1 $ EXTIF1 weight nexthop via $ 2 dev GWE2 $ 1 weight EXTIF2

# table 200 Table # 200
ip rule add prio 200 table 200 Ip rule add prio 200 table 200
ip route append default via $GWE1 dev $EXTIF1 src $EXTIP1 table 200 Ip route default via append $ GWE1 dev $ EXTIF1 src $ 200 table EXTIP1
ip route append default via $GWE2 dev $EXTIF2 src $EXTIP2 table 200 Ip route default via append $ GWE2 dev $ EXTIF2 src $ 200 table EXTIP2

# Flush existing cache # Flush existing cache
echo 1 >/proc/sys/net/ipv4/route/flush Echo 1> / proc/sys/net/ipv4/route/flush



3- Modification des régles de firewall de CC : 3 - Changing rules of firewall CC:
--------------------------------------------------

Je me suis permis de modifier un peu le scipt rc.firewall (/etc/rc.d) afin de prendre en compte les 2 interfaces internet. I was able to modify a bit the scipt rc.firewall (/ etc / rc.d) to take into account the 2 interfaces internet.
Au lieu d'écraser ce fichier j'en ai crée un nouveau appelé iptables.sh et stocké dans /etc/rc.d/ Instead of overwriting that file I created a new iptables.sh called and stored in / etc / rc.d /
Pour que le firewall le prenne en compte il faut modifier le fichier /etc/rc.d/init.d/firewall : For the firewall that takes into account it is necessary to modify the / etc / rc.d / init.d / firewall:

En réponse à: In response to:

IPTABLES_CONFIG=/etc/rc.d/iptables.sh IPTABLES_CONFIG = / etc / rc.d / iptables.sh


Le fichier iptables.sh contient : Iptables.sh The file contains:

En réponse à: In response to:


#!/bin/sh #! / Bin / sh
#
# Firewall Script # Firewall Script
# Author : Cyrille # Author: Cyrille
#

########################################################## ################################################## ########
# SETTINGS # SETTINGS
########################################################## ################################################## ########

# Path # Path
PATH=/sbin:/bin:/usr/bin PATH = / sbin: / bin: / usr / bin

# Binaries # Binaries
IPTABLES="/sbin/iptables" IPTABLES = "/ sbin / iptables"
LOGGER="/usr/bin/logger -p local6.notice -t firewall" LOGGER = "/ usr / bin / logger-p-t local6.notice firewall"
SYSCTL="/sbin/sysctl" SYSCTL = "/ sbin / sysctl"
MODPROBE="/sbin/modprobe" MODPROBE = "/ sbin / modprobe"
IPCALC="/bin/ipcalc" IPCALC = "/ bin / ipcalc"

# Set to blank for no debug. # Set to blank for no debug. Default to on for now. Default on to for now.
DEBUG="1" DEBUG = "1"

# Shorthand # Shorthand
ALLIP="0.0.0.0/0" ALLIP = "0.0.0.0 / 0"

# Read Network Settings File # Read Network File Settings
[ -f /etc/rc.d/network-settings ] && . [-F / etc / rc.d / network-settings] & &. /etc/rc.d/network-settings / Etc / rc.d / network-settings

########################################################## ################################################## ########
# FUNCTIONS # FUNCTIONS
########################################################## ################################################## ########

# Kernet security settings # Kernet security settings

SetKernelSettings() { SetKernelSettings () (
[ $DEBUG ] && $LOGGER "Setting kernel parameters" [$ DEBUG] & & $ LOGGER "Setting kernel parameters"
echo " [Setting kernel parameters]" Echo "[Setting kernel parameters]"
# Enable IP Forwarding, not really required for standalone mode # Enable IP Forwarding, not really required for standalone mode
$SYSCTL -w net.ipv4.ip_forward=1 >/dev/null SYSCTL $ net.ipv4.ip_forward-w = 1> / dev / null

# Enable TCP SYN Cookie protection: # Enable TCP SYN Cookie protection:
$SYSCTL -w net.ipv4.tcp_syncookies=1 >/dev/null SYSCTL $ net.ipv4.tcp_syncookies-w = 1> / dev / null

# Enabling dynamic TCP/IP address hacking. # Enabling dynamic TCP / IP address hacking.
$SYSCTL -w net.ipv4.ip_dynaddr=1 >/dev/null SYSCTL $ net.ipv4.ip_dynaddr-w = 1> / dev / null

# Log spoofed, source-routed, and redirect packets Log # spoofed, source-routed, and redirect packets
$SYSCTL -w net.ipv4.conf.all.log_martians=0 >/dev/null SYSCTL $ net.ipv4.conf.all.log_martians-w = 0> / dev / null

# Disable ICMP Re-directs # Disable ICMP Re-direct
$SYSCTL -w net.ipv4.conf.all.accept_redirects=0 >/dev/null SYSCTL $ net.ipv4.conf.all.accept_redirects-w = 0> / dev / null
$SYSCTL -w net.ipv4.conf.all.send_redirects=0 >/dev/null SYSCTL $ net.ipv4.conf.all.send_redirects-w = 0> / dev / null

# Ensure that source-routed packets are dropped # Ensure that source-routed packets are dropped
$SYSCTL -w net.ipv4.conf.all.accept_source_route=0 >/dev/null SYSCTL $ net.ipv4.conf.all.accept_source_route-w = 0> / dev / null

# Disable ICMP broadcast echo protection # Disable broadcast ICMP echo protection
$SYSCTL -w net.ipv4.icmp_echo_ignore_broadcasts=1 >/dev/null SYSCTL $ net.ipv4.icmp_echo_ignore_broadcasts-w = 1> / dev / null

# Enable bad error message protection # Enable bad error message protection
$SYSCTL -w net.ipv4.icmp_ignore_bogus_error_responses=1 >/dev/null SYSCTL $ net.ipv4.icmp_ignore_bogus_error_responses-w = 1> / dev / null
} )

# Default policy to accept # Default policy to accept

SetPolicyToAccept() { SetPolicyToAccept () (
$LOGGER "Setting default policy to accept" $ LOGGER "Setting default policy to accept"
echo " [Setting default policy to accept]" Echo "[Setting default policy to accept]"
for TABLE in filter nat mangle; do TABLE in filter for nat mangle; do
$IPTABLES -t $TABLE -F # Flush all previous rules. $ IPTABLES-t $ TABLE-F # Flush all previous rules.
$IPTABLES -t $TABLE -X # Delete user-defined chains. $ IPTABLES-t $ TABLE-X # Delete user-defined chains.
done Done

$IPTABLES -P INPUT ACCEPT $ IPTABLES-P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT $ IPTABLES-P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT $ IPTABLES-P FORWARD ACCEPT
} )

# Default policy to drop # Default policy to drop

SetPolicyToDrop() { SetPolicyToDrop () (
$LOGGER "Setting default policy to drop" $ LOGGER "Setting default policy to drop"
echo " [Setting default policy to drop]" Echo "[Setting default policy to drop]"
for TABLE in filter nat mangle; do TABLE in filter for nat mangle; do
$IPTABLES -t $TABLE -F # Flush all previous rules. $ IPTABLES-t $ TABLE-F # Flush all previous rules.
$IPTABLES -t $TABLE -X # Delete user-defined chains. $ IPTABLES-t $ TABLE-X # Delete user-defined chains.
done Done

$IPTABLES -P INPUT DROP $ IPTABLES-P INPUT DROP
$IPTABLES -P OUTPUT DROP $ IPTABLES-P OUTPUT DROP
$IPTABLES -P FORWARD DROP $ IPTABLES-P FORWARD DROP
} )

# Statefull firewall mode # Statefull firewall mode

SetConfigurationStatefull() { SetConfigurationStatefull () (
$LOGGER "Setting firewall to statefull" $ LOGGER "Setting to statefull firewall"
echo " [Setting firewall to statefull]" Echo "[Setting statefull firewall to]"

$IPTABLES -t filter -N keep_state $ IPTABLES-t filter-N keep_state
$IPTABLES -t filter -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT $ IPTABLES-t filter-A keep_state-m state - state RELATED, ESTABLISHED-j ACCEPT
$IPTABLES -t filter -A keep_state -j RETURN $ IPTABLES-t filter-A-j keep_state RETURN

$IPTABLES -t nat -N keep_state $ IPTABLES-t nat-N keep_state
$IPTABLES -t nat -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT $ IPTABLES-t nat-A keep_state-m state - state RELATED, ESTABLISHED-j ACCEPT
$IPTABLES -t nat -A keep_state -j RETURN $ IPTABLES-t nat-A-j keep_state RETURN

$IPTABLES -t nat -A PREROUTING -j keep_state $ IPTABLES-t nat-A PREROUTING-j keep_state
$IPTABLES -t nat -A POSTROUTING -j keep_state $ IPTABLES-t nat-A POSTROUTING-j keep_state
$IPTABLES -t nat -A OUTPUT -j keep_state $ IPTABLES-t nat-A OUTPUT-j keep_state

$IPTABLES -t filter -A INPUT -j keep_state $ IPTABLES-t filter-A INPUT-j keep_state
$IPTABLES -t filter -A FORWARD -j keep_state $ IPTABLES-t filter-A FORWARD-j keep_state
$IPTABLES -t filter -A OUTPUT -j keep_state $ IPTABLES-t filter-A OUTPUT-j keep_state
} )

########################################################## ################################################## ########
# CHAINS DEFINITION # DEFINITION CHAINS
########################################################## ################################################## ########

DefineChains() { DefineChains () (
[ $DEBUG ] && $LOGGER "Defining custom chains" [$ DEBUG] & & $ LOGGER "Defining custom chains"
echo " [Defining custom chains]" Echo "[Defining custom chains]"

# Create a chain for dropping reserved network IPs # Create a chain network reserved for dropping IPs
#-------------------------------------------------
$IPTABLES -N drop-reserved $ IPTABLES-N drop-reserved
$IPTABLES -t filter -A drop-reserved -j LOG --log-prefix "Drop - reserved network: " $ IPTABLES-t filter-A drop-reserved-j LOG - log-prefix "Drop - reserved network:"
$IPTABLES -t filter -A drop-reserved -j DROP $ IPTABLES-t filter-A drop-reserved-j DROP

# Create a chain for dropping services that shouldn't leave the LAN # Create a chain services for dropping that should not leave the LAN
#------------------------------------------------------------------ #------------------------------------------------- -----------------
$IPTABLES -N drop-lan $ IPTABLES-N drop-lan
$IPTABLES -t filter -A drop-lan -j LOG --log-prefix "Drop - LAN only: " $ IPTABLES-t filter-A drop-lan-j LOG - log-prefix "Drop - LAN only:"
$IPTABLES -t filter -A drop-lan -j DROP $ IPTABLES-t filter-A drop-lan-j DROP

# Create chains for testing # Create chains for testing
#--------------------------
$IPTABLES -N drop-log $ IPTABLES-N-log drop
$IPTABLES -t filter -A drop-log -j LOG --log-prefix "Drop with log: " $ IPTABLES-t filter-A drop-log-j LOG - log-prefix "Drop with log:"
$IPTABLES -t filter -A drop-log -j DROP $ IPTABLES-t filter-A drop-log-j DROP
$IPTABLES -N accept-log $ IPTABLES-N-log accept
$IPTABLES -t filter -A accept-log -j LOG --log-prefix "Accept with log: " $ IPTABLES-t-A filter accept log-j-LOG - log-prefix "Accept with log:"
$IPTABLES -t filter -A accept-log -j ACCEPT $ IPTABLES-t accept filter-A-log-j ACCEPT
} )

########################################################## ################################################## ########
# KERNEL MODULES # KERNEL MODULES
########################################################## ################################################## ########

LoadKernelModules() { LoadKernelModules () (
[ $DEBUG ] && $LOGGER "Loading kernel modules" [$ DEBUG] & & $ LOGGER "Loading kernel modules"
echo " [Loading kernel modules]" Echo "[Loading kernel modules]"

$MODPROBE ipt_LOG # Add LOG target. $ MODPROBE ipt_LOG LOG # Add target.
$MODPROBE ipt_REJECT # Add REJECT target. $ MODPROBE ipt_REJECT # Add REJECT target.
$MODPROBE ipt_MASQUERADE # Add MASQUERADE target. $ MODPROBE ipt_MASQUERADE # Add MASQUERADE target.
$MODPROBE ipt_owner # Allows you to match for the owner. $ MODPROBE ipt_owner # Allows you to match for the owner.
$MODPROBE ip_conntrack_ftp # Connection tracking for FTP. $ MODPROBE ip_conntrack_ftp # Connection tracking for FTP.
$MODPROBE ip_conntrack_irc # Connection tracking for IRC. $ MODPROBE ip_conntrack_irc # Connection tracking for IRC.
$MODPROBE ip_nat_ftp # Active FTP $ MODPROBE ip_nat_ftp # Active FTP
$MODPROBE ip_nat_irc # IRC stuff $ MODPROBE ip_nat_irc # IRC stuff

# PPTP and dependencies don't always auto-load... # PPTP and dependencies do not always auto-load ...
# Office Edition only. # Office Edition only.
$MODPROBE ppp_generic > /dev/null 2>&1 $ MODPROBE ppp_generic> / dev / null 2> & 1
$MODPROBE ppp_mppe > /dev/null 2>&1 $ MODPROBE ppp_mppe> / dev / null 2> & 1
$MODPROBE ip_conntrack_proto_gre > /dev/null 2>&1 $ MODPROBE ip_conntrack_proto_gre> / dev / null 2> & 1
$MODPROBE ip_conntrack_pptp > /dev/null 2>&1 $ MODPROBE ip_conntrack_pptp> / dev / null 2> & 1
$MODPROBE ip_nat_proto_gre > /dev/null 2>&1 $ MODPROBE ip_nat_proto_gre> / dev / null 2> & 1
} )

########################################################## ################################################## ########
# COMMON RULES (All firewall) # COMMON RULES (All firewall)
########################################################## ################################################## ########

RunCommonRules() { RunCommonRules () (
[ $DEBUG ] && $LOGGER "Running common rules" [$ DEBUG] & & $ LOGGER "Running common rules"
echo " [Running common rules]" Echo "[Running common rules]"

# Allow everything on the loopback # Allow everything on the loopback
#---------------------------------

$IPTABLES -A INPUT -i lo -j ACCEPT $ IPTABLES-A INPUT-i lo-j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT $ IPTABLES-A OUTPUT-o lo-j ACCEPT

# Allow everything on LAN network # Allow everything on LAN network
#--------------------------------

$IPTABLES -A INPUT -i $LANIF -j ACCEPT $ IPTABLES-A INPUT-i $ LANIF-j ACCEPT
$IPTABLES -A OUTPUT -o $LANIF -j ACCEPT $ IPTABLES-A OUTPUT-o $ LANIF-j ACCEPT
$IPTABLES -A FORWARD -i $LANIF -j ACCEPT $ IPTABLES-A FORWARD-i $ LANIF-j ACCEPT

# Block IPs that should never show up on our external interface # Block IPs that should never show up on our external interface
#-------------------------------------------------------------- #------------------------------------------------- -------------

$IPTABLES -A INPUT -i $EXTIF1 -s 127.0.0.0/8 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF1 $ 127.0.0.0 / 8-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF1 -s 1.0.0.0/8 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF1 $ 1.0.0.0 / 8-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF1 -s 23.0.0.0/8 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF1 $ 23.0.0.0 / 8-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF1 -s 31.0.0.0/8 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF1 $ 31.0.0.0 / 8-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF1 -s 96.0.0.0/3 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF1 $ 96.0.0.0 / 3-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF1 -s 128.0.0.0/16 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF1 $ 128.0.0.0/16-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF1 -s 128.9.64.26/32 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF1 $ 128.9.64.26/32-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF1 -s 128.66.0.0/16 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF1 $ 128.66.0.0/16-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF1 -s 191.255.0.0/16 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF1 $ 191.255.0.0/16-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF1 -s 197.0.0.0/16 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF1 $ 197.0.0.0/16-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF1 -s 201.0.0.0/8 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF1 $ 201.0.0.0 / 8-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF1 -s 223.255.255.0/24 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF1 $ 223.255.255.0/24-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF1 -s 240.0.0.0/5 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF1 $ 240.0.0.0 / 5-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF1 -s 248.0.0.0/5 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF1 $ 248.0.0.0 / 5-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF1 -s 192.168.0.0/16 -j DROP $ IPTABLES-A INPUT-i-s EXTIF1 $ 192.168.0.0/16-j DROP
$IPTABLES -A INPUT -i $EXTIF1 -s 172.16.0.0/12 -j DROP $ IPTABLES-A INPUT-i-s EXTIF1 $ 172.16.0.0/12-j DROP

$IPTABLES -A INPUT -i $EXTIF2 -s 127.0.0.0/8 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF2 $ 127.0.0.0 / 8-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF2 -s 1.0.0.0/8 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF2 $ 1.0.0.0 / 8-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF2 -s 23.0.0.0/8 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF2 $ 23.0.0.0 / 8-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF2 -s 31.0.0.0/8 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF2 $ 31.0.0.0 / 8-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF2 -s 96.0.0.0/3 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF2 $ 96.0.0.0 / 3-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF2 -s 128.0.0.0/16 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF2 $ 128.0.0.0/16-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF2 -s 128.9.64.26/32 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF2 $ 128.9.64.26/32-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF2 -s 128.66.0.0/16 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF2 $ 128.66.0.0/16-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF2 -s 191.255.0.0/16 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF2 $ 191.255.0.0/16-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF2 -s 197.0.0.0/16 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF2 $ 197.0.0.0/16-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF2 -s 201.0.0.0/8 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF2 $ 201.0.0.0 / 8-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF2 -s 223.255.255.0/24 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF2 $ 223.255.255.0/24-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF2 -s 240.0.0.0/5 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF2 $ 240.0.0.0 / 5-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF2 -s 248.0.0.0/5 -j drop-reserved $ IPTABLES-A INPUT-i-s EXTIF2 $ 248.0.0.0 / 5-j drop-reserved
$IPTABLES -A INPUT -i $EXTIF2 -s 172.16.0.0/12 -j DROP $ IPTABLES-A INPUT-i-s EXTIF2 $ 172.16.0.0/12-j DROP

# Allow some ICMP (ping) # Allow some ICMP (ping)
#-----------------------
# ICMP can be used for attacks.. # ICMP can be used for attacks .. we allow as little as possible. We allow as little as possible.
# The following are necessary ports we *can't* do without: # The following are necessary ports * we * can not do without:
# 0 Needed to ping hosts outside the network. # 0 Needed to ping hosts outside the network.
# 3 Needed by all networks. # 3 Needed by all networks.
# 11 Needed by the traceroute program. # 11 Needed by the traceroute program.

$IPTABLES -A INPUT -i $EXTIF1 -d $EXTIP1 -p icmp --icmp-type 0 -j ACCEPT $ IPTABLES-A INPUT-i-d $ EXTIF1 $ EXTIP1 icmp-p - icmp-type 0-j ACCEPT
$IPTABLES -A INPUT -i $EXTIF1 -d $EXTIP1 -p icmp --icmp-type 3 -j ACCEPT $ IPTABLES-A INPUT-i-d $ EXTIF1 $ EXTIP1 icmp-p - icmp-type 3-j ACCEPT
$IPTABLES -A INPUT -i $EXTIF1 -d $EXTIP1 -p icmp --icmp-type 11 -j ACCEPT $ IPTABLES-A INPUT-i-d $ EXTIF1 $ EXTIP1 icmp-p - icmp-type 11-j ACCEPT
# This allows other hosts to ping you. # This allows other hosts to ping you. You should keep this rule. You should keep this rule.
$IPTABLES -A INPUT -i $EXTIF1 -d $EXTIP1 -p icmp --icmp-type 8 -j ACCEPT $ IPTABLES-A INPUT-i-d $ EXTIF1 $ EXTIP1 icmp-p - icmp-type 8-j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF1 -s $EXTIP1 -p icmp -j ACCEPT $ IPTABLES-A OUTPUT $ EXTIF1-o-s-p $ EXTIP1 icmp-j ACCEPT

$IPTABLES -A INPUT -i $EXTIF2 -d $EXTIP2 -p icmp --icmp-type 0 -j ACCEPT $ IPTABLES-A INPUT-i-d $ EXTIF2 $ EXTIP2 icmp-p - icmp-type 0-j ACCEPT
$IPTABLES -A INPUT -i $EXTIF2 -d $EXTIP2 -p icmp --icmp-type 3 -j ACCEPT $ IPTABLES-A INPUT-i-d $ EXTIF2 $ EXTIP2 icmp-p - icmp-type 3-j ACCEPT
$IPTABLES -A INPUT -i $EXTIF2 -d $EXTIP2 -p icmp --icmp-type 11 -j ACCEPT $ IPTABLES-A INPUT-i-d $ EXTIF2 $ EXTIP2 icmp-p - icmp-type 11-j ACCEPT
# This allows other hosts to ping you. # This allows other hosts to ping you. You should keep this rule. You should keep this rule.
$IPTABLES -A INPUT -i $EXTIF2 -d $EXTIP2 -p icmp --icmp-type 8 -j ACCEPT $ IPTABLES-A INPUT-i-d $ EXTIF2 $ EXTIP2 icmp-p - icmp-type 8-j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF2 -s $EXTIP2 -p icmp -j ACCEPT $ IPTABLES-A OUTPUT $ EXTIF2-o-s-p $ EXTIP2 icmp-j ACCEPT
} )

########################################################## ################################################## ########
# INCOMING ALLOWED DEFAULT INCOMING ALLOWED # DEFAULT
########################################################## ################################################## ########

RunIncomingAllowedDefaults() { RunIncomingAllowedDefaults () (
[ $DEBUG ] && $LOGGER "Running default incoming rules" [$ DEBUG] & & $ LOGGER "Running incoming default rules"
echo " [Running default incoming rules]" Echo "[Running default incoming rules]"

# Allow high ports # Allow high ports
#-----------------
$IPTABLES -A OUTPUT -o $EXTIF1 -s $EXTIP1 -p tcp --sport 1024:65535 -j ACCEPT $ IPTABLES-A OUTPUT-o $ EXTIF1 $ EXTIP1-s-p tcp - sport 1024:65535-j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF1 -s $EXTIP1 -p udp --sport 1024:65535 -j ACCEPT $ IPTABLES-A OUTPUT $ EXTIF1-o-s-p $ EXTIP1 udp - sport 1024:65535-j ACCEPT
$IPTABLES -A INPUT -i $EXTIF1 -d $EXTIP1 -p udp --dport 1024:65535 -j ACCEPT $ IPTABLES-A INPUT-i-d $ EXTIF1 $ EXTIP1-p udp - dport 1024:65535-j ACCEPT
$IPTABLES -A INPUT -i $EXTIF1 -d $EXTIP1 -p tcp --dport 1024:65535 $ IPTABLES-A INPUT-i-d $ EXTIF1 $ EXTIP1-p tcp - dport 1024:65535
-m state --state ESTABLISHED,RELATED -j ACCEPT - M state - state ESTABLISHED, RELATED-j ACCEPT

$IPTABLES -A OUTPUT -o $EXTIF2 -s $EXTIP2 -p tcp --sport 1024:65535 -j ACCEPT $ IPTABLES-A OUTPUT-o $ EXTIF2 $ EXTIP2-s-p tcp - sport 1024:65535-j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF2 -s $EXTIP2 -p udp --sport 1024:65535 -j ACCEPT $ IPTABLES-A OUTPUT $ EXTIF2-o-s-p $ EXTIP2 udp - sport 1024:65535-j ACCEPT
$IPTABLES -A INPUT -i $EXTIF2 -d $EXTIP2 -p udp --dport 1024:65535 -j ACCEPT $ IPTABLES-A INPUT-i-d $ EXTIF2 $ EXTIP2-p udp - dport 1024:65535-j ACCEPT
$IPTABLES -A INPUT -i $EXTIF2 -d $EXTIP2 -p tcp --dport 1024:65535 $ IPTABLES-A INPUT-i-d $ EXTIF2 $ EXTIP2-p tcp - dport 1024:65535
-m state --state ESTABLISHED,RELATED -j ACCEPT - M state - state ESTABLISHED, RELATED-j ACCEPT
} )

########################################################## ################################################## ########
# INCOMING ALLOWED USER INCOMING ALLOWED # USER
########################################################## ################################################## ########

RunIncomingAllowed() { RunIncomingAllowed () (
[ $DEBUG ] && $LOGGER "Running user-defined incoming rules" [$ DEBUG] & & $ LOGGER "Running incoming user-defined rules"
echo " [Running user-defined incoming rules]" Echo "[Running incoming user-defined rules]"

# Standard ports and port ranges # Standard ports and port ranges
#-------------------------------
for RULE in $INCOMING_ALLOW; do RULE in for $ INCOMING_ALLOW; do
PROTOCOL=`echo $RULE | cut -d '|' -f1` PROTOCOL = `echo $ RULE | cut-d '|'-f1`
PORT=`echo $RULE | cut -d '|' -f2` PORT = `echo $ RULE | cut-d '|'-f2`
$LOGGER "Allowing incoming $PROTOCOL port $PORT" $ LOGGER "Allowing incoming PROTOCOL $ port $ PORT"
$IPTABLES -A INPUT -i $EXTIF1 -d $EXTIP1 -p $PROTOCOL --dport $PORT -j ACCEPT $ IPTABLES-A INPUT-$ EXTIF1 i-d-p $ $ EXTIP1 PROTOCOL - dport $ PORT-j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF1 -s $EXTIP1 -p $PROTOCOL --sport $PORT -j ACCEPT $ IPTABLES-A OUTPUT $ EXTIF1-o-s-p $ $ EXTIP1 PROTOCOL - $ sport PORT-j ACCEPT
$IPTABLES -A INPUT -i $EXTIF2 -d $EXTIP2 -p $PROTOCOL --dport $PORT -j ACCEPT $ IPTABLES-A INPUT-$ EXTIF2 i-d-p $ $ EXTIP2 PROTOCOL - dport $ PORT-j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF2 -s $EXTIP2 -p $PROTOCOL --sport $PORT -j ACCEPT $ IPTABLES-A OUTPUT $ EXTIF2-o-s-p $ $ EXTIP2 PROTOCOL - $ sport PORT-j ACCEPT
done Done
for RULE in $INCOMING_ALLOW_RANGE; do RULE in for $ INCOMING_ALLOW_RANGE; do
PROTOCOL=`echo $RULE | cut -d '|' -f1` PROTOCOL = `echo $ RULE | cut-d '|'-f1`
RANGE=`echo $RULE | cut -d '|' -f2` RANGE = `echo $ RULE | cut-d '|'-f2`
$LOGGER "Allowing incoming $PROTOCOL port $RANGE" $ LOGGER "Allowing incoming PROTOCOL $ port $ RANGE"
$IPTABLES -A INPUT -i $EXTIF1 -d $EXTIP1 -p $PROTOCOL --dport $RANGE -j ACCEPT $ IPTABLES-A INPUT-$ EXTIF1 i-d-p $ $ EXTIP1 PROTOCOL - dport $ RANGE-j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF1 -s $EXTIP1 -p $PROTOCOL --sport $RANGE -j ACCEPT $ IPTABLES-A OUTPUT $ EXTIF1-o-s-p $ $ EXTIP1 PROTOCOL - $ RANGE sport-j ACCEPT
$IPTABLES -A INPUT -i $EXTIF2 -d $EXTIP2 -p $PROTOCOL --dport $RANGE -j ACCEPT $ IPTABLES-A INPUT-$ EXTIF2 i-d-p $ $ EXTIP2 PROTOCOL - dport $ RANGE-j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF1 -s $EXTIP2 -p $PROTOCOL --sport $RANGE -j ACCEPT $ IPTABLES-A OUTPUT $ EXTIF1-o-s-p $ $ EXTIP2 PROTOCOL - $ RANGE sport-j ACCEPT
done Done
} )

########################################################## ################################################## ########
# INCOMING DENIED DEFAULT INCOMING DENIED # DEFAULT
########################################################## ################################################## ########

RunIncomingDeniedDefaults() { RunIncomingDeniedDefaults () (
echo " [RunIncomingDeniedDefaults]" Echo "[RunIncomingDeniedDefaults]"

$IPTABLES -A INPUT -i $EXTIF1 -s $ALLIP -d $ALLIP -j DROP $ IPTABLES-A INPUT-i-s $ EXTIF1 $ ALLIP-d $ ALLIP-j DROP
$IPTABLES -A OUTPUT -o $EXTIF1 -s $ALLIP -d $ALLIP -j DROP $ IPTABLES-A OUTPUT $ EXTIF1-o-s-d $ ALLIP $ ALLIP-j DROP
$IPTABLES -A INPUT -i $EXTIF2 -s $ALLIP -d $ALLIP -j DROP $ IPTABLES-A INPUT-i-s $ EXTIF2 $ ALLIP-d $ ALLIP-j DROP
$IPTABLES -A OUTPUT -o $EXTIF2 -s $ALLIP -d $ALLIP -j DROP $ IPTABLES-A OUTPUT $ EXTIF2-o-s-d $ ALLIP $ ALLIP-j DROP
} )

########################################################## ################################################## ########
# OUTGOING ALLOWED DEFAULT (LAN Network to Internet) OUTGOING ALLOWED # DEFAULT (LAN Network to the Internet)
########################################################## ################################################## ########

RunOutgoingAllowed() { RunOutgoingAllowed () (

echo " [RunOutgoingAllowed]" Echo "[RunOutgoingAllowed]"

#TCP Ports # TCP Ports
$IPTABLES -A INPUT -i $EXTIF1 -p tcp -m multiport --sport 20,21,53,80,110,25,443,143,123,119,220 -m state --state ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A INPUT-$ EXTIF1 i-p tcp-m multiport - sport 20,21,53,80110,25443143123119220-m state - state ESTABLISHED, RELATED-j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF1 -p tcp -m multiport --dport 20,21,53,80,110,25,443,143,123,119,220 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A OUTPUT-o $ EXTIF1-p tcp-m multiport - dport 20,21,53,80110,25443143123119220-m state - state NEW, ESTABLISHED, RELATED-j ACCEPT
$IPTABLES -A INPUT -i $EXTIF2 -p tcp -m multiport --sport 20,21,53,80,110,25,443,143,123,119,220 -m state --state ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A INPUT-$ EXTIF2 i-p tcp-m multiport - sport 20,21,53,80110,25443143123119220-m state - state ESTABLISHED, RELATED-j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF2 -p tcp -m multiport --dport 20,21,53,80,110,25,443,143,123,119,220 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A OUTPUT-o $ EXTIF2-p tcp-m multiport - dport 20,21,53,80110,25443143123119220-m state - state NEW, ESTABLISHED, RELATED-j ACCEPT

#UDP Ports # UDP Ports
$IPTABLES -A INPUT -i $EXTIF1 -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A INPUT-i-p $ EXTIF1 udp - sport 53-m state - state ESTABLISHED, RELATED-j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF1 -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A OUTPUT-o-p $ EXTIF1 udp - dport 53-m state - state NEW, ESTABLISHED, RELATED-j ACCEPT
$IPTABLES -A INPUT -i $EXTIF2 -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A INPUT-i-p $ EXTIF2 udp - sport 53-m state - state ESTABLISHED, RELATED-j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF2 -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A OUTPUT-o-p $ EXTIF2 udp - dport 53-m state - state NEW, ESTABLISHED, RELATED-j ACCEPT

#Emule / EDonkey # Emule / EDonkey
$IPTABLES -A INPUT -i $EXTIF1 -p tcp --sport 4662 -m state --state ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A INPUT-$ EXTIF1 i-p tcp - Sport 4662-m state - state ESTABLISHED, RELATED-j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF1 -p tcp --dport 4662 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A OUTPUT-o $ EXTIF1-p tcp - dport 4662-m state - state NEW, ESTABLISHED, RELATED-j ACCEPT
$IPTABLES -A INPUT -i $EXTIF2 -p tcp --sport 4662 -m state --state ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A INPUT-$ EXTIF2 i-p tcp - Sport 4662-m state - state ESTABLISHED, RELATED-j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF2 -p tcp --dport 4662 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A OUTPUT-o $ EXTIF2-p tcp - dport 4662-m state - state NEW, ESTABLISHED, RELATED-j ACCEPT

$IPTABLES -A INPUT -i $EXTIF1 -p udp --sport 4672 -m state --state ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A INPUT-i-p $ EXTIF1 udp - Sport 4672-m state - state ESTABLISHED, RELATED-j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF1 -p udp --dport 4672 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A OUTPUT-o-p $ EXTIF1 udp - dport 4672-m state - state NEW, ESTABLISHED, RELATED-j ACCEPT
$IPTABLES -A INPUT -i $EXTIF2 -p udp --sport 4672 -m state --state ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A INPUT-i-p $ EXTIF2 udp - Sport 4672-m state - state ESTABLISHED, RELATED-j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF2 -p udp --dport 4672 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A OUTPUT-o-p $ EXTIF2 udp - dport 4672-m state - state NEW, ESTABLISHED, RELATED-j ACCEPT

} )

########################################################## ################################################## ########
# OUTGOING DENIED DEFAULT OUTGOING DENIED # DEFAULT
########################################################## ################################################## ########

RunOutgoingDeniedDefaults() { RunOutgoingDeniedDefaults () (
[ $DEBUG ] && $LOGGER "Running default block outgoing rules" [$ DEBUG] & & $ LOGGER "Running block outgoing default rules"
echo " [Running default block outgoing rules]" Echo "[Running default block outgoing rules]"

# Block services from leaving the LAN (low port numbers) # Block services from leaving the LAN (low port numbers)
# Snort will log suspicious traffic in high port ranges # Snort will log suspicious traffic in high port ranges
#------------------------------------------------------- #------------------------------------------------- ------
$IPTABLES -A FORWARD -j drop-lan -o $EXTIF1 -p tcp --dport 111 # RPC stuff $ IPTABLES-A FORWARD-j drop-lan-o $ EXTIF1-p tcp - dport # 111 RPC stuff
$IPTABLES -A FORWARD -j drop-lan -o $EXTIF1 -p udp --dport 111 # RPC stuff $ IPTABLES-A FORWARD-j drop-lan-o-p $ EXTIF1 udp - dport # 111 RPC stuff
$IPTABLES -A FORWARD -j drop-lan -o $EXTIF1 -p tcp --dport 137:139 # Samba $ IPTABLES-A FORWARD-j drop-lan-o $ EXTIF1-p tcp - dport 137:139 # Samba
$IPTABLES -A FORWARD -j drop-lan -o $EXTIF1 -p udp --dport 137:139 # Samba $ IPTABLES-A FORWARD-j drop-lan-o-p $ EXTIF1 udp - dport 137:139 # Samba
$IPTABLES -A FORWARD -j drop-lan -o $EXTIF1 -p tcp --dport 635 # Mountd $ IPTABLES-A FORWARD-j drop-lan-o $ EXTIF1-p tcp - dport 635 # Mountd
$IPTABLES -A FORWARD -j drop-lan -o $EXTIF1 -p udp --dport 635 # Mountd $ IPTABLES-A FORWARD-j drop-lan-o-p $ EXTIF1 udp - dport 635 # Mountd

$IPTABLES -A FORWARD -j drop-lan -o $EXTIF2 -p tcp --dport 111 # RPC stuff $ IPTABLES-A FORWARD-j drop-lan-o $ EXTIF2-p tcp - dport # 111 RPC stuff
$IPTABLES -A FORWARD -j drop-lan -o $EXTIF2 -p udp --dport 111 # RPC stuff $ IPTABLES-A FORWARD-j drop-lan-o-p $ EXTIF2 udp - dport # 111 RPC stuff
$IPTABLES -A FORWARD -j drop-lan -o $EXTIF2 -p tcp --dport 137:139 # Samba $ IPTABLES-A FORWARD-j drop-lan-o $ EXTIF2-p tcp - dport 137:139 # Samba
$IPTABLES -A FORWARD -j drop-lan -o $EXTIF2 -p udp --dport 137:139 # Samba $ IPTABLES-A FORWARD-j drop-lan-o-p $ EXTIF2 udp - dport 137:139 # Samba
$IPTABLES -A FORWARD -j drop-lan -o $EXTIF2 -p tcp --dport 635 # Mountd $ IPTABLES-A FORWARD-j drop-lan-o $ EXTIF2-p tcp - dport 635 # Mountd
$IPTABLES -A FORWARD -j drop-lan -o $EXTIF2 -p udp --dport 635 # Mountd $ IPTABLES-A FORWARD-j drop-lan-o-p $ EXTIF2 udp - dport 635 # Mountd
} )

########################################################## ################################################## ########
# OUTGOING DENIED USER RULES OUTGOING DENIED # USER RULES
########################################################## ################################################## ########

RunOutgoingDenied() { RunOutgoingDenied () (
[ $DEBUG ] && $LOGGER "Running user-defined block outgoing rules" [$ DEBUG] & & $ LOGGER "Running user-defined block outgoing rules"
echo " [Running user-defined block outgoing rules]" Echo "[Running user-defined block outgoing rules]"

for RULE in $OUTGOING_BLOCK; do RULE in for $ OUTGOING_BLOCK; do
PROTOCOL=`echo $RULE | cut -d '|' -f1` PROTOCOL = `echo $ RULE | cut-d '|'-f1`
PORT=`echo $RULE | cut -d '|' -f2` PORT = `echo $ RULE | cut-d '|'-f2`
$LOGGER "Blocking outgoing $PROTOCOL port $PORT" $ LOGGER "Blocking outgoing PROTOCOL $ port $ PORT"
$IPTABLES -A FORWARD -s $NWI/$NMI -d 0/0 -p $PROTOCOL --dport $PORT -j DROP $ IPTABLES-A FORWARD-s $ NWI / $ NMI-d 0 / 0-p $ PROTOCOL - dport $ PORT-j DROP
done Done
for RULE in $OUTGOING_BLOCK_RANGE; do RULE in for $ OUTGOING_BLOCK_RANGE; do
PROTOCOL=`echo $RULE | cut -d '|' -f1` PROTOCOL = `echo $ RULE | cut-d '|'-f1`
RANGE=`echo $RULE | cut -d '|' -f2` RANGE = `echo $ RULE | cut-d '|'-f2`
$LOGGER "Blocking outgoing $PROTOCOL port $PORT" $ LOGGER "Blocking outgoing PROTOCOL $ port $ PORT"
$IPTABLES -A FORWARD -s $NWI/$NMI -d 0/0 -p $PROTOCOL --dport $PORT -j DROP $ IPTABLES-A FORWARD-s $ NWI / $ NMI-d 0 / 0-p $ PROTOCOL - dport $ PORT-j DROP
done Done
for HOST in $OUTGOING_BLOCK_DESTS; do For HOST in $ OUTGOING_BLOCK_DESTS; do
$LOGGER "Blocking traffic to $HOST" $ LOGGER "Blocking traffic to $ HOST"
$IPTABLES -A FORWARD -s $NWI/$NMI -d $HOST -j DROP $ IPTABLES-A FORWARD-s $ NWI / d $ $ NMI-HOST-j DROP
done Done
} )

########################################################## ################################################## ########
# PORT FORWARD USER RULES PORT FORWARD # USER RULES
########################################################## ################################################## ########

RunPortForwardRules() { RunPortForwardRules () (
[ $DEBUG ] && $LOGGER "Running user-defined port forward rules" [$ DEBUG] & & $ LOGGER "Running user-defined port forward rules"
echo " [Running user-defined port forward rules]" Echo "[Running user-defined rules forward port]"

for RULE in $FORWARD; do RULE in for $ FORWARD; do
PROTOCOL=`echo $RULE | cut -d '|' -f1` PROTOCOL = `echo $ RULE | cut-d '|'-f1`
SOURCE=`echo $RULE | cut -d '|' -f3` SOURCE = `echo $ RULE | cut-d '|'-f3`
DEST=`echo $RULE | cut -d '|' -f4` DEST = `echo $ RULE | cut-d '|'-` f4
NATTRICK=`echo $DEST | cut -d ':' -f1` NATTRICK = `echo $ DEST | cut-d ':'`-f1
$LOGGER "Port forwarding TCP $SOURCE to $DEST" $ LOGGER "TCP Port forwarding to $ SOURCE $ DEST"
$IPTABLES -t nat -A PREROUTING -d $EXTIP1 -p $PROTOCOL --dport $SOURCE -j DNAT --to $DEST $ IPTABLES-t nat-A PREROUTING-d-p $ $ EXTIP1 PROTOCOL - dport $ SOURCE-j DNAT - to $ DEST
$IPTABLES -t nat -A PREROUTING -d $EXTIP2 -p $PROTOCOL --dport $SOURCE -j DNAT --to $DEST $ IPTABLES-t nat-A PREROUTING-d-p $ $ EXTIP2 PROTOCOL - dport $ SOURCE-j DNAT - to $ DEST
$IPTABLES -t nat -A POSTROUTING -d $NATTRICK -p $PROTOCOL -s $NWI/$NMI --dport $SOURCE -j SNAT --to $LANIP $ IPTABLES-t nat-A POSTROUTING NATTRICK-d-p $ $ $ s-PROTOCOL NWI / $ NMI - dport $ SOURCE-j SNAT - to $ LANIP
done Done
for RULE in $FORWARD_RANGE; do RULE in for $ FORWARD_RANGE; do
PROTOCOL=`echo $RULE | cut -d '|' -f1` PROTOCOL = `echo $ RULE | cut-d '|'-f1`
RANGE=`echo $RULE | cut -d '|' -f3` RANGE = `echo $ RULE | cut-d '|'-f3`
DEST=`echo $RULE | cut -d '|' -f4` DEST = `echo $ RULE | cut-d '|'-` f4
$LOGGER "Port forwarding range $PROTOCOL $RANGE to $DEST" $ LOGGER "port forwarding range $ PROTOCOL $ RANGE to $ DEST"
$IPTABLES -t nat -A PREROUTING -d $EXTIP1 -p $PROTOCOL --dport $RANGE -j DNAT --to $DEST $ IPTABLES-t nat-A PREROUTING-d-p $ $ EXTIP1 PROTOCOL - dport $ RANGE-j DNAT - to $ DEST
$IPTABLES -t nat -A PREROUTING -d $EXTIP2 -p $PROTOCOL --dport $RANGE -j DNAT --to $DEST $ IPTABLES-t nat-A PREROUTING-d-p $ $ EXTIP2 PROTOCOL - dport $ RANGE-j DNAT - to $ DEST
$IPTABLES -t nat -A POSTROUTING -d $DEST -p $PROTOCOL -s $NWI/$NMI --dport $RANGE -j SNAT --to $LANIP $ IPTABLES-t nat-A POSTROUTING-d $ $ DEST PROTOCOL-p-s $ NWI / $ NMI - dport $ RANGE-j SNAT - to $ LANIP
done Done
} )

########################################################## ################################################## ########
# REMAP PORTS USER DEFINED IF SQUID TRANSPARENT # PORTS REMAP IF USER DEFINED SQUID TRANSPARENT
########################################################## ################################################## ########

RunRemapPorts() { RunRemapPorts () (
[ $DEBUG ] && $LOGGER "Running user-defined port re-map rules" [$ DEBUG] & & $ LOGGER "Running user-defined port re-map rules"
echo " [Running user-defined port re-map rules]" Echo "[Running user-defined port re-map rules]"

if [ "$SQUID_TRANSPARENT" == "on" ]; then If [ "$ SQUID_TRANSPARENT" == "on"]; then
# Is a content filter in transparent mode too? # Is a content filter in transparent mode too?
if [ ! If [! -z "$SQUID_FILTER_TRANSPARENT" ]; then - Z "$ SQUID_FILTER_TRANSPARENT"]; then
$LOGGER "Squid+Filter transparent mode enabled for filter port $SQUID_FILTER_TRANSPARENT" $ LOGGER "Squid + Filter transparent mode filter port enabled for $ SQUID_FILTER_TRANSPARENT"
$IPTABLES -t nat -A PREROUTING -i ! $ IPTABLES-t nat-A PREROUTING-i! $EXTIF1 -p tcp --dport 80 -j REDIRECT --to-port $SQUID_FILTER_TRANSPARENT $ EXTIF1-p tcp - dport 80-j REDIRECT - to-port $ SQUID_FILTER_TRANSPARENT
$IPTABLES -t nat -A PREROUTING -i ! $ IPTABLES-t nat-A PREROUTING-i! $EXTIF2 -p tcp --dport 80 -j REDIRECT --to-port $SQUID_FILTER_TRANSPARENT $ EXTIF2-p tcp - dport 80-j REDIRECT - to-port $ SQUID_FILTER_TRANSPARENT

$LOGGER "Squid+Filter transparent mode is now blocking the regular proxy port 3128" $ LOGGER "Squid + Filter transparent mode is now blocking the regular proxy port 3128"
$IPTABLES -t nat -I PREROUTING -p tcp -s ! $ IPTABLES-t nat-I PREROUTING-p tcp-s! 127.0.0.1 --dport 3128 -j DROP 127.0.0.1 - dport 3128-j DROP
else Else
$LOGGER "Squid transparent mode enabled" $ LOGGER "Squid transparent mode enabled"
$IPTABLES -t nat -A PREROUTING -i ! $ IPTABLES-t nat-A PREROUTING-i! $EXTIF1 -p tcp --dport 80 -j REDIRECT --to-port 3128 $ EXTIF1-p tcp - dport 80-j REDIRECT - to-port 3128
$IPTABLES -t nat -A PREROUTING -i ! $ IPTABLES-t nat-A PREROUTING-i! $EXTIF2 -p tcp --dport 80 -j REDIRECT --to-port 3128 $ EXTIF2-p tcp - dport 80-j REDIRECT - to-port 3128
fi Fi
fi Fi
} )

########################################################## ################################################## ########
# ENABLE MASQUERADING # ENABLE MASQUERADING
########################################################## ################################################## ########

RunMasquerading() { RunMasquerading () (
echo " [RunMasquerading]" Echo "[RunMasquerading]"

# $IPTABLES -t nat -A POSTROUTING -o $EXTIF1 -s $NWI/$NMI -j SNAT --to $EXTIP1 # $ IPTABLES-t nat-A POSTROUTING-o-s $ EXTIF1 $ NWI / $ NMI-j SNAT - to $ EXTIP1
# $IPTABLES -t nat -A POSTROUTING -o $EXTIF2 -s $NWI/$NMI -j SNAT --to $EXTIP2 # $ IPTABLES-t nat-A POSTROUTING-o-s $ EXTIF2 $ NWI / $ NMI-j SNAT - to $ EXTIP2
$IPTABLES -t nat -A POSTROUTING -o $EXTIF1 -s $NWI/$NMI -j MASQUERADE $ IPTABLES-t nat-A POSTROUTING-o-s $ EXTIF1 $ NWI / $ NMI-j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF2 -s $NWI/$NMI -j MASQUERADE $ IPTABLES-t nat-A POSTROUTING-o-s $ EXTIF2 $ NWI / $ NMI-j MASQUERADE
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT $ IPTABLES-A FORWARD-m state - state ESTABLISHED, RELATED-j ACCEPT
} )

########################################################## ################################################## ########
# GATEWAYFIREWALL # GATEWAYFIREWALL
########################################################## ################################################## ########

gateway() { Gateway () (
$LOGGER "Using gateway mode" $ LOGGER "Using gateway mode"
echo " [Run Gateway]" Echo "[Gateway Run]"

SetKernelSettings
SetPolicyToDrop
LoadKernelModules
DefineChains
RunCommonRules
SetConfigurationStatefull
RunRemapPorts
RunIncomingAllowed
RunIncomingAllowedDefaults
RunIncomingDeniedDefaults
# RunOutgoingAllowed # RunOutgoingAllowed
RunPortForwardRules
RunOutgoingDenied
RunOutgoingDeniedDefaults
RunMasquerading

# Log other forwarding # Log other Forwarding
#---------------------
$IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 $ IPTABLES-A FORWARD-m limit - limit 3/minute - limit-burst 3
-j LOG --log-level DEBUG --log-prefix "Stray FORWARD packet: " LOG-j - log-level DEBUG - log-prefix "Stray FORWARD packet"
$IPTABLES -A FORWARD -j ACCEPT $ IPTABLES-A FORWARD-j ACCEPT
} )

######################################################### ################################################## #######
# MAIN MAIN #
######################################################### ################################################## #######

$LOGGER "Starting firewall..." $ LOGGER "Starting firewall ..."

# Read configuration file # Read configuration file
#------------------------

[ -f /etc/firewall ] && . [-F / etc / firewall] & &. /etc/firewall / Etc / firewall

DEFAULTMODE="gateway" DEFAULTMODE = "gateway"

if [ "$MODE" == "gateway" ]; then If [ "$ MODE" == "gateway"]; then
gateway Gateway
elif [ "$MODE" == "trustedgateway" ]; then Elif [ "$ MODE" == "trustedgateway"]; then
gateway Gateway
elif [ "$MODE" == "standalone" ]; then Elif [ "$ MODE" == "standalone"]; then
gateway Gateway
elif [ "$MODE" == "trustedstandalone" ]; then Elif [ "$ MODE" == "trustedstandalone"]; then
gateway Gateway
else Else
$LOGGER "Invalid mode in /etc/firewall... using standalone mode" $ LOGGER "Invalid mode in / etc / firewall using standalone mode ..."
gateway Gateway
fi Fi



Ce fichier est loin d'être parfait et il peut être amélioré. This file is far from perfect and it can be improved. J'attends vos suggestions. I await your suggestions.

On redemare le firewall : service firewall restart On redemare firewall service firewall restart

4- Nettoyage 4 - Cleaning
---------------

Afin que le fichier iproute.sh s'execute dans les meilleurs conditions on va nettoyer un peu avec le fichier flush-iproute.sh In order that the file iproute.sh run in the best conditions we will clean up a bit flush with the file-iproute.sh

En réponse à: In response to:

#!/bin/sh #! / Bin / sh
#
# Network and routing table flush script # Network and routing table flush script
# Author: Cyrille # Author: Cyrille
#

########################################################## ################################################## ########
# SETTINGS # SETTINGS
########################################################## ################################################## ########

# Read Network Settings File # Read Network File Settings
[ -f /etc/rc.d/network-settings ] && . [-F / etc / rc.d / network-settings] & &. /etc/rc.d/network-settings / Etc / rc.d / network-settings

########################################################## ################################################## ########
# FUNCTIONS # FUNCTIONS
########################################################## ################################################## ########

# Cleaning NICs # Cleaning NICs

ip addr flush dev lo Ip addr flush Dev lo
ip addr flush dev eth0 Ip addr flush dev eth0
ip addr flush dev eth1 Ip addr flush Dev eth1
ip addr flush dev eth2 Ip addr flush Dev eth2

# Routing table cleaning Routing table # Cleaning

ip route del default table main Ip route del default main table
ip route flush table main Ip route table flush main
ip route flush table 10 Ip route flush table 10
ip route flush table 20 Ip route flush table 20
ip route flush table 30 Ip route flush table 30
ip route flush table 100 Ip route flush table 100
ip route flush table 200 Ip route flush table 200
ip route flush table 201 Ip route flush table 201
ip route flush table 202 Ip route flush table 202
ip route flush table 222 Ip route flush table 222

# Rules cleaning # Rules Cleaning

ip rule del prio 50 table main Ip rule del prio 50 main table
ip rule del prio 10 table main Ip rule del prio 10 main table
ip rule del prio 200 Ip rule del prio 200
ip rule del from $NWE1/$NME1 table 201 Ip rule del NWE1 from $ / $ 201 table NME1
ip rule del from $NWE2/$NME2 table 202 Ip rule del NWE2 from $ / $ 202 table NME2
ip rule del from $NWE1/$NME1 table 20 Ip rule from $ del NWE1 / $ 20 table NME1
ip rule del from $NWE2/$NME2 table 30 Ip rule from $ del NWE2 / $ 30 table NME2
ip rule del from $NWI/$NMI table 100 Ip rule from $ del NWI / $ 100 table NMI
ip rule del prio 222 Ip rule del prio 222

# Cache cleaning # Cache Cleaning
ip route flush cache Ip route cache flush



On place ce fichier dans /etc/rc.d et on le rend executable Place this file in / etc / rc.d, and it makes executable

5- Mise en place de la nouvelle table de routage dans le démarage : 5 - Implementation of the new routing table in the startup:
--------------------------------------------------------------------------- -------------------------------------------------- -------------------------

Pour que les modifs apparaissent des le démarage on rajoute a la fin du script /etc/rc.d/rc.local If modifs appear on the startup adds at the end of the script / etc / rc.d / rc.local

En réponse à: In response to:

. /etc/rc.d/flush-iproute.sh / Etc / rc.d / flush-iproute.sh
. /etc/rc.d/iproute.sh / Etc / rc.d / iproute.sh


6- Fin: 6 - End:
------

Normalement tout devrai fonctionner proprement. Normally everything will operate properly.
On peut vérifier que les deux connections fonctionent avec la commande tcpdump -i ethX où X est le n° d'interface. It can be verified that both fonctionent connections with the command tcpdump i-ethX where X is the No. interface.
Sinon bien lire le fichier nano.txt surtout la fin pour faire les tests. Otherwise read the file nano.txt especially the end to the tests.

J'espere que cela vous aura aidé. I hope that you will be helped. Ce n'est qu'un premier jet pouvant (devant) être améliorer. This is only the first jet (front) could be improved.

Liens Links
------

Voici les sites sur lesquels je me suis appuyés pour faire ce HOWTO Here are the sites where I have supported for this HOWTO
http://www.docum.org/ Http://www.docum.org/
http://www.lartc.org/ Http://www.lartc.org/
http://www.ssi.bg/~ja/ Http://www.ssi.bg/ JA ~ /
Et notament And especially
http://www.ssi.bg/~ja/nano.txt Http://www.ssi.bg/ JA ~ / nano.txt
http://www.ssi.bg/~ja/dgd-usage.txt Http://www.ssi.bg/ ~ ja / dgd-usage.txt
http://www.linux-france.org/prj/inetdoc/guides/lartc/ Http://www.linux-france.org/prj/inetdoc/guides/lartc/

A+ A +
Cyrille
Revenir en haut Back to top
Voir le profil de l'utilisateur Envoyer un message privé  
1 Comments
Previous | Next