- CLEAR -- 01-ipt-clear.sh
#!/bin/bash
#
# dit wordt het iptables script
#
#
###################################
echo "den iptables"
# general
echo "clear general:"
iptables -vX
iptables -vF
# nat and masquerading -t refers to table
echo "clear nat, masq:"
iptables -vt nat -F
iptables -vt nat -X
# mangling TCP header
echo "clear mangle ... :"
iptables -vt mangle -F
iptables -vt mangle -X
# reset policies -P refers to policies
echo "reset policies"
iptables -vP INPUT ACCEPT
iptables -vP OUTPUT ACCEPT
iptables -vP FORWARD ACCEPT
# turn off routing
echo "now turning off routing ..."
echo 0 > /proc/sys/net/ipv4/ip_forward
- CLEAR/PRINT -- 02-ipt-clr-prt.sh
#!/bin/bash
#
# dit is het iptables script
#
#
###################################
#echo "den iptables"
# general
echo "clear general:"
iptables -vX
iptables -vF
# nat and masquerading -t refers to table
echo "clear nat, masq:"
iptables -vt nat -F
iptables -vt nat -X
# mangling TCP header
echo "clear mangle ... :"
iptables -vt mangle -F
iptables -vt mangle -X
# reset policies -P refers to policies
echo "reset policies"
iptables -vP INPUT ACCEPT
iptables -vP OUTPUT ACCEPT
iptables -vP FORWARD ACCEPT
# turn off routing
echo "now turning off routing ..."
echo 0 > /proc/sys/net/ipv4/ip_forward
# --------------
# hier tussenin gebeurt het
# --------------
### PRINT iptables configuration
###
#
echo ">>>>> iptables -n -L"
iptables -n -L
echo "--------------"
echo ">>>>> iptables -S"
iptables -S
echo "--------------"
echo ">>>>> iptables -t nat -L"
iptables -t nat -L
echo "--------------"
echo ">>>>> iptables -t mangle -L"
iptables -t mangle -L
echo "--------------"
echo "routing set: " `cat /proc/sys/net/ipv4/ip_forward`
echo "=============="
- NAT -- 03-ipt-nat.sh
#!/bin/bash
#
# dit is het iptables script
#
#
###################################
#echo "den iptables"
# general
echo "clear general:"
iptables -vX
iptables -vF
# nat and masquerading -t refers to table
echo "clear nat, masq:"
iptables -vt nat -F
iptables -vt nat -X
# mangling TCP header
echo "clear mangle ... :"
iptables -vt mangle -F
iptables -vt mangle -X
# reset policies -P refers to policies
echo "reset policies"
iptables -vP INPUT ACCEPT
iptables -vP OUTPUT ACCEPT
iptables -vP FORWARD ACCEPT
# turn off routing -- niet nodig, want dit is een router
#echo "now turning off routing ..."
#echo 0 > /proc/sys/net/ipv4/ip_forward
# --------------
# turn on routing:
echo 1 > /proc/sys/net/ipv4/ip_forward
# we doen NAT
iptables -vt nat -A POSTROUTING -o enp0s3 -j SNAT --to 192.168.149.101
# --------------
### PRINT iptables configuration
###
#
echo ">>>>> iptables -n -L"
iptables -n -L
echo "--------------"
echo ">>>>> iptables -S"
iptables -S
echo "--------------"
echo ">>>>> iptables -t nat -L"
iptables -t nat -L
echo "--------------"
echo ">>>>> iptables -t mangle -L"
iptables -t mangle -L
echo "--------------"
echo "routing set: " `cat /proc/sys/net/ipv4/ip_forward`
echo "=============="
- input chain -- 04-ipt-input.sh
#!/bin/bash
#
# dit is het iptables script
#
#
###################################
#echo "den iptables"
# general
echo "clear general:"
iptables -vX
iptables -vF
# nat and masquerading -t refers to table
echo "clear nat, masq:"
iptables -vt nat -F
iptables -vt nat -X
# mangling TCP header
echo "clear mangle ... :"
iptables -vt mangle -F
iptables -vt mangle -X
# reset policies -P refers to policies
echo "reset policies"
iptables -vP INPUT ACCEPT
iptables -vP OUTPUT ACCEPT
iptables -vP FORWARD ACCEPT
# turn off routing -- niet nodig, want dit is een router
#echo "now turning off routing ..."
#echo 0 > /proc/sys/net/ipv4/ip_forward
# --------------
# turn on routing:
echo 1 > /proc/sys/net/ipv4/ip_forward
# we doen NAT
iptables -vt nat -A POSTROUTING -o enp0s3 -j SNAT --to 192.168.149.101
# --------------
# ---------- input chain ----
iptables -vP INPUT DROP
iptables -vA INPUT -i lo -j ACCEPT
iptables -vA INPUT -p TCP --dport 10022 -j ACCEPT
#iptables -vA INPUT -p TCP --dport 80 -j ACCEPT
iptables -vA INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
### PRINT iptables configuration
###
#
echo ">>>>> iptables -n -L"
iptables -n -L
echo "--------------"
echo ">>>>> iptables -S"
iptables -S
echo "--------------"
echo ">>>>> iptables -t nat -L"
iptables -t nat -L
echo "--------------"
echo ">>>>> iptables -t mangle -L"
iptables -t mangle -L
echo "--------------"
echo "routing set: " `cat /proc/sys/net/ipv4/ip_forward`
echo "=============="
- DNAT -- 05-ipt-dnat.sh
#!/bin/bash
#
# dit is het iptables script
#
#
###################################
#echo "den iptables"
# general
echo "clear general:"
iptables -vX
iptables -vF
# nat and masquerading -t refers to table
echo "clear nat, masq:"
iptables -vt nat -F
iptables -vt nat -X
# mangling TCP header
echo "clear mangle ... :"
iptables -vt mangle -F
iptables -vt mangle -X
# reset policies -P refers to policies
echo "reset policies"
iptables -vP INPUT ACCEPT
iptables -vP OUTPUT ACCEPT
iptables -vP FORWARD ACCEPT
# turn off routing -- niet nodig, want dit is een router
#echo "now turning off routing ..."
#echo 0 > /proc/sys/net/ipv4/ip_forward
# --------------
# turn on routing:
echo 1 > /proc/sys/net/ipv4/ip_forward
# we doen NAT
iptables -vt nat -A POSTROUTING -o enp0s3 -j SNAT --to 192.168.149.101
# --------------
##### ---------------------------------
###### DNAT to www1 (10.0.0.80- port 80)
##### ---------------------------------
### webserver 1: 10.0.0.80 http op port 80 --> 12380
### ssh op port 22 --> 8022
###
### webserver 2: 10.0.0.81 http op port 80 --> 12381
### ssh op port 22 --> 8122
iptables -vP FORWARD DROP
iptables -vA FORWARD -p TCP --dport 80 -j ACCEPT
iptables -vA FORWARD -p TCP --dport 22 -j ACCEPT
iptables -vA FORWARD -p TCP --dport 8022 -j ACCEPT
iptables -vA FORWARD -p TCP --dport 8122 -j ACCEPT
iptables -vA FORWARD -p TCP --dport 12380 -j ACCEPT
iptables -vA FORWARD -p TCP --dport 12381 -j ACCEPT
### webserver 1: 10.0.0.80 http op port 80 --> 12380
iptables -vt nat -A PREROUTING -p TCP --dport 12380 -j DNAT --to 10.0.0.80:80
iptables -vt nat -A PREROUTING -p TCP --dport 8022 -j DNAT --to 10.0.0.80:22
### webserver 2: 10.0.0.81 http op port 80 --> 12381
iptables -vt nat -A PREROUTING -p TCP --dport 12381 -j DNAT --to 10.0.0.81:80
iptables -vt nat -A PREROUTING -p TCP --dport 8122 -j DNAT --to 10.0.0.81:22
#iptables -vA FORWARD -p TCP --dport 80 -j ACCEPT
iptables -vA FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# ---------- input chain ----
iptables -vP INPUT DROP
iptables -vA INPUT -i lo -j ACCEPT
iptables -vA INPUT -p TCP --dport 10022 -j ACCEPT
#iptables -vA INPUT -p TCP --dport 80 -j ACCEPT
iptables -vA INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
### PRINT iptables configuration
###
#
echo ">>>>> iptables -n -L"
iptables -n -L
echo "--------------"
echo ">>>>> iptables -S"
iptables -S
echo "--------------"
echo ">>>>> iptables -t nat -L"
iptables -t nat -L
echo "--------------"
echo ">>>>> iptables -t mangle -L"
iptables -t mangle -L
echo "--------------"
echo "routing set: " `cat /proc/sys/net/ipv4/ip_forward`
echo "=============="
- DNS en PING toegevoegd -- 06-ipt-dns-ping.sh
#!/bin/bash
#
# dit is het iptables script
#
#
###################################
#echo "den iptables"
# general
echo "clear general:"
iptables -vX
iptables -vF
# nat and masquerading -t refers to table
echo "clear nat, masq:"
iptables -vt nat -F
iptables -vt nat -X
# mangling TCP header
echo "clear mangle ... :"
iptables -vt mangle -F
iptables -vt mangle -X
# reset policies -P refers to policies
echo "reset policies"
iptables -vP INPUT ACCEPT
iptables -vP OUTPUT ACCEPT
iptables -vP FORWARD ACCEPT
# turn off routing -- niet nodig, want dit is een router
#echo "now turning off routing ..."
#echo 0 > /proc/sys/net/ipv4/ip_forward
# --------------
# turn on routing:
echo 1 > /proc/sys/net/ipv4/ip_forward
# we doen NAT
iptables -vt nat -A POSTROUTING -o enp0s3 -j SNAT --to 192.168.149.101
# --------------
##### ---------------------------------
###### DNAT to www1 (10.0.0.80- port 80)
##### ---------------------------------
### webserver 1: 10.0.0.80 http op port 80 --> 12380
### ssh op port 22 --> 8022
###
### webserver 2: 10.0.0.81 http op port 80 --> 12381
### ssh op port 22 --> 8122
iptables -vP FORWARD DROP
iptables -vA FORWARD -p TCP --dport 80 -j ACCEPT
iptables -vA FORWARD -p TCP --dport 22 -j ACCEPT
iptables -vA FORWARD -p TCP --dport 8022 -j ACCEPT
iptables -vA FORWARD -p TCP --dport 8122 -j ACCEPT
iptables -vA FORWARD -p TCP --dport 12380 -j ACCEPT
iptables -vA FORWARD -p TCP --dport 12381 -j ACCEPT
###
### internet use inside dmz and beyond
#### ping
iptables -vA FORWARD -p ICMP -j ACCEPT
#### dns
iptables -vA FORWARD -p UDP --dport 53 -j ACCEPT
#### https
iptables -vA FORWARD -p TCP --dport 443 -j ACCEPT
### webserver 1: 10.0.0.80 http op port 80 --> 12380
iptables -vt nat -A PREROUTING -p TCP --dport 12380 -j DNAT --to 10.0.0.80:80
iptables -vt nat -A PREROUTING -p TCP --dport 8022 -j DNAT --to 10.0.0.80:22
### webserver 2: 10.0.0.81 http op port 80 --> 12381
iptables -vt nat -A PREROUTING -p TCP --dport 12381 -j DNAT --to 10.0.0.81:80
iptables -vt nat -A PREROUTING -p TCP --dport 8122 -j DNAT --to 10.0.0.81:22
#iptables -vA FORWARD -p TCP --dport 80 -j ACCEPT
iptables -vA FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# ---------- input chain ----
iptables -vP INPUT DROP
iptables -vA INPUT -i lo -j ACCEPT
iptables -vA INPUT -p TCP --dport 10022 -j ACCEPT
#iptables -vA INPUT -p TCP --dport 80 -j ACCEPT
iptables -vA INPUT -p ICMP -j ACCEPT
iptables -vA INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
### PRINT iptables configuration
###
#
echo ">>>>> iptables -n -L"
iptables -n -L
echo "--------------"
echo ">>>>> iptables -S"
iptables -S
echo "--------------"
echo ">>>>> iptables -t nat -L"
iptables -t nat -L
echo "--------------"
echo ">>>>> iptables -t mangle -L"
iptables -t mangle -L
echo "--------------"
echo "routing set: " `cat /proc/sys/net/ipv4/ip_forward`
echo "=============="