AdminSysGNULinux

Outils pour utilisateurs

Outils du site

Piste : notes_git_-_convention_commit_-_bien_nommer_ses_commits notes_gnu_linux_compte_utilisateurs_-_users_accounts cluster_script_de_test_stonith_fencing notes_redhat_9 notes_gpg_-_two_cards_with_same_subkeys notes_supervision_-_plugin_nagios_-_centreon_plugins.pl android_adb_-_transfert_d_application_apk_split pb_encodage_charset_apache_php notes_ipv6 routage_sous_gnu_linux
tech:routage_sous_gnu_linux
,

Routage sous GNU/Linux

echo 1 > /proc/sys/net/ipv4/ip_forward

Autoriser tout 

iptables -P FORWARD ACCEPT

Autoriser eth0 à accéder à Internet 

iptables -A FORWARD -i eth0 -o ppp0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

Exemple de conf 

-A INPUT -i virbr4 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr4 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr4 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr4 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.2.0/24 -i enp130s0 -o virbr4 -j ACCEPT
-A FORWARD -s 192.168.2.0/24 -i virbr4 -o enp130s0 -j ACCEPT
-A FORWARD -i virbr4 -o virbr4 -j ACCEPT
-A FORWARD -o virbr4 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr4 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o virbr4 -p udp -m udp --dport 68 -j ACCEPT
tech/routage_sous_gnu_linux.txt · Dernière modification : de Jean-Baptiste
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki