In this post i will share useful iptables rules.
Below iptables rules will configure Linux system as simple router.
This will forward all packets to internal and external network.
LAN Ethernet - eth0
WAN Ethernet - eth1
Enable IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Forward all LAN request to external network
#iptables -I FORWARD -i eth0 -o eth1 -j ACCEPT
Forward all ESTABLISHED connections from external network to internal network.
#iptables -I FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
Append external IP to all outgoing packets to hide internal Network IPs.
#iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Above configuration is not recommended to production servers or Linux system connected to internet. This configuration is useful for internal dev or lab network only.
Free version of ShowMyPC usages p2p connections and do not support proxy connections.
In this post, we will see how you can use free version of ShowMyPC behind Linux firewall.
first make sure your Linux system is configured to forward ports and iptables rules are configured to act as router.
ShowMyPC has many servers, for each new connection its connects to random servers.
So you need to find all ShowMyPC servers IP and add it in iptables rules.
You can start ShowMyPC application and run TCPview from Microsoft sysinternal tools to find out to which IP ShowMyPC is trying to connect.
Find all ShowMyPC IPs and add forward rule as above for each IP
Below is example iptables rule to forward all connections from LAN to ShowMyPC servers.
#iptables -A FORWARD -s 192.168.2.0/24 -d x.x.x.x -i eth0 -o eth1 -j ACCEPT
Find all IPs of ShowMyPC and configure rules like above for each IP.
Free version of ShowMyPC usages p2p connections for desktop sharing, so I just allowed everything to ShowMyPC from my lan Network.
See my previous post for detailed configuration about iptables rules for Squid and make Linux system as router for rest of the LAN for specific protocol.
-
vPRH
Linux Router configuration using iptables
Below iptables rules will configure Linux system as simple router.
This will forward all packets to internal and external network.
LAN Ethernet - eth0
WAN Ethernet - eth1
Enable IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Forward all LAN request to external network
#iptables -I FORWARD -i eth0 -o eth1 -j ACCEPT
Forward all ESTABLISHED connections from external network to internal network.
#iptables -I FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
Append external IP to all outgoing packets to hide internal Network IPs.
#iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Above configuration is not recommended to production servers or Linux system connected to internet. This configuration is useful for internal dev or lab network only.
Iptables rules for ShowMyPc
Free version of ShowMyPC usages p2p connections and do not support proxy connections.
In this post, we will see how you can use free version of ShowMyPC behind Linux firewall.
first make sure your Linux system is configured to forward ports and iptables rules are configured to act as router.
ShowMyPC has many servers, for each new connection its connects to random servers.
So you need to find all ShowMyPC servers IP and add it in iptables rules.
How to find which Servers or IPs used by ShowMyPC?
You can start ShowMyPC application and run TCPview from Microsoft sysinternal tools to find out to which IP ShowMyPC is trying to connect.
Find all ShowMyPC IPs and add forward rule as above for each IP
Below is example iptables rule to forward all connections from LAN to ShowMyPC servers.
#iptables -A FORWARD -s 192.168.2.0/24 -d x.x.x.x -i eth0 -o eth1 -j ACCEPT
Find all IPs of ShowMyPC and configure rules like above for each IP.
Free version of ShowMyPC usages p2p connections for desktop sharing, so I just allowed everything to ShowMyPC from my lan Network.
See my previous post for detailed configuration about iptables rules for Squid and make Linux system as router for rest of the LAN for specific protocol.
-
vPRH
No comments:
Post a Comment