LinuxVPNtoPfsense-Linux-Firewall: Unterschied zwischen den Versionen

@@ Zeile 1: / Zeile 1: @@
-=Interface=
-*cat /etc/network/interfaces
-<syntaxhighlight lang="bash">
-auto lo
-iface lo inet loopback
-auto ens160
-iface ens160 inet static
-	address 10.66.252.40
-	netmask	255.255.255.0
-	gateway 10.66.252.1
-auto ens192
-iface ens192 inet static
-	address 10.66.254.1
-	netmask 255.255.255.0
-auto ens224
-iface ens224 inet static
-	address 10.66.248.1
-	netmask 255.255.255.0
-</syntaxhighlight>
-=VPN=
-* cat /etc/ipsec.conf
-<syntaxhighlight lang="bash">
-conn linux2pfsense
-     authby=secret
-     keyexchange=ikev1
-     left=10.66.252.40
-     leftsubnet=10.66.254.0/24
-     right=10.66.252.10
-     rightsubnet=10.66.253.0/24
-     ike=aes256-sha512-modp4096
-     esp=aes256-sha512-modp4096
-     ikelifetime=28800
-     keylife=3600
-     auto=start
-</syntaxhighlight>
-* cat /etc/ipsec.conf
-<syntaxhighlight lang="bash">
-.66.252.40 10.66.252.10 : PSK "sysadm"
-</syntaxhighlight>
-=Firewall=
-<syntaxhighlight lang="bash">
-#!/bin/bash
-WANIP=10.66.252.40
-WANDEV=ens160
-LANDEV=ens192
-DMZDEV=ens224
-SERVER_DMZ_1=10.66.248.100
-COMPUTER_LAN_1=10.66.254.100
-LAN=10.66.254.0/24
-OTH=10.66.253.0/24
-VPNDEV=tun0
-case $1 in
-  start)
-   echo "starte firewall"
-   echo flushen der Regeln
-   iptables -F
-   iptables -F -t nat
-   echo "setzen der Default Policy"
-   iptables -P INPUT DROP
-   iptables -P OUTPUT DROP
-   iptables -P FORWARD DROP
-   iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-   iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-   iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-   iptables -A OUTPUT -m state --state NEW -j ACCEPT
-   iptables -A INPUT -i lo -m state --state NEW -j ACCEPT
-   iptables -A INPUT  -p tcp --dport 8472 -m state --state NEW -j ACCEPT
-   iptables -A INPUT  -p udp -m multiport --dport 500,4500,5000 -m state --state NEW -j ACCEPT
-   iptables -A INPUT  -p esp -m state --state NEW -j ACCEPT
-   iptables -A INPUT  -p icmp -m state --state NEW -j ACCEPT
-   iptables -A FORWARD -i $VPNDEV -m state --state NEW -j ACCEPT
-   iptables -A FORWARD -o $WANDEV -p tcp -d 8.8.8.8 --dport 53 -m state --state NEW -j ACCEPT
-   iptables -A FORWARD -o $WANDEV -p udp -d 8.8.8.8  --dport 53 -m state --state NEW -j ACCEPT
-   iptables -A FORWARD -o $WANDEV -p icmp -m state --state NEW -j ACCEPT
-   iptables -A FORWARD -o $WANDEV -p tcp -m multiport  --dport 80,443 -m state --state NEW -j ACCEPT
-   iptables -A FORWARD -i $WANDEV -o $DMZDEV -p tcp -m multiport  --dport 80,443 -m state --state NEW -j ACCEPT
-   iptables -A FORWARD -i $WANDEV -o $LANDEV -p tcp -m multiport  --dport 80,443 -d $COMPUTER_LAN_1  -m state --state NEW -j ACCEPT
-#   iptables -A FORWARD  -j ACCEPT
-   iptables -A FORWARD -i $LANDEV -o $WANDEV  -s $LAN -d $OTH -m policy --dir out --pol ipsec  -m state --state NEW -j ACCEPT
-   iptables -A FORWARD -i $WANDEV -o $LANDEV  -s $OTH -d $LAN -m policy --dir in  --pol ipsec  -m state --state NEW -j ACCEPT
-   iptables -t nat -A POSTROUTING -o $WANDEV -s $LAN -d $OTH -j RETURN
-   iptables -t nat -A POSTROUTING -o $WANDEV -j SNAT --to-source $WANIP
-   iptables -t nat -A PREROUTING -i $WANDEV -j DNAT -p tcp --dport 80 --to $COMPUTER_LAN_1
-   iptables -t nat -A PREROUTING -i $WANDEV -j DNAT -p tcp --dport 443 --to $COMPUTER_LAN_1
-   iptables -A INPUT  -j LOG  --log-prefix "--iptables-in--"
-   iptables -A OUTPUT -j LOG  --log-prefix "--iptables-out--"
-   iptables -A FORWARD -j LOG --log-prefix "--iptables-for--"
-   ;;
-  stop)
-   echo "stoppe firewall"
-   echo flushen der Regeln
-   iptables -F
-   iptables -F -t nat
-   echo "setzen der Default Policy"
-   iptables -P INPUT ACCEPT
-   iptables -P OUTPUT ACCEPT
-   iptables -P FORWARD ACCEPT
-   ;;
-  *)
-   echo "usage: $0 start|stop"
-  ;;
- esac
-</syntaxhighlight>
-=Ip forward=
-*cat /proc/sys/net/ipv4/ip_forward
-<syntaxhighlight lang="bash">
-</syntaxhighlight>

LinuxVPNtoPfsense-Linux-Firewall: Unterschied zwischen den Versionen

Aktuelle Version vom 8. Februar 2022, 10:46 Uhr

Navigationsmenü

Suche