Orga, Bürokraten, Administratoren
792
Bearbeitungen
Potsdam-VPN: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
→Routing und Firewall
Seth0r (Diskussion | Beiträge) Keine Bearbeitungszusammenfassung |
Seth0r (Diskussion | Beiträge) |
||
| Zeile 133: | Zeile 133: | ||
} | } | ||
=== Routing und Firewall === | === Routing und Firewall === | ||
* apt-get install iproute iptables-persistent | |||
* vim /etc/iproute2/rt_tables | |||
110 pdmvpn | |||
111 olsr | |||
112 olsr-default | |||
113 olsr-tunnel | |||
* Forwarding aktivieren (wird nach Neustart aktiv)<br>vim /etc/sysctl.conf | |||
net.ipv4.conf.default.rp_filter=1 | |||
net.ipv4.conf.all.rp_filter=1 | |||
net.ipv4.tcp_syncookies=1 | |||
net.ipv4.ip_forward=1 | |||
* iptables chans anlegen | |||
iptabels -N INFF | |||
iptables -N FF | |||
* iptables rules einrichten | |||
iptables -A INPUT -i tap0 -j INFF | |||
iptables -A INPUT -i n2n0 -j INFF | |||
iptables -A INFF -p udp -m udp --dport 698 -j ACCEPT | |||
iptables -A INFF -p icmp -j ACCEPT | |||
iptables -A INFF -j LOG | |||
iptables -A INFF -j DROP | |||
iptables -A FORWARD -i tap0 -j FF | |||
iptables -A FORWARD -i n2n0 -j FF | |||
iptables -A FF -o tap0 -j ACCEPT | |||
iptables -A FF -o n2n0 -j ACCEPT | |||
iptables -A INPUT -i eth0 -p udp -m udp --dport 1195 -j ACCEPT | |||
iptables -A INPUT -i eth0 -p udp -m udp --dport 7654 -j ACCEPT | |||