Last active
November 25, 2020 18:47
-
-
Save ibakhtin/f8062b753e8788b7496510d328fbf362 to your computer and use it in GitHub Desktop.
Revisions
-
ibakhtin revised this gist
Nov 25, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -54,6 +54,6 @@ sudo iptables -t nat -A PREROUTING -d $HOST_PRIVATE_IP/32 -p tcp --dport 443 -j sudo iptables -A FORWARD -p tcp -d $PROXY_IP --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT sudo iptables -A FORWARD -p tcp -d $PROXY_IP --dport 443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.2:8080 iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 8080 -j ACCEPT -
Nov 25, 2020 . 1 changed file with 5 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -46,9 +46,14 @@ iptables -A FORWARD -p udp -m conntrack --ctstate NEW -m udp --dport 53 -j ACCEP # PORT FORWARDING # Reroute packets destined for $HOST_PRIVATE_IP on ports 80 and 443 to go to $PROXY_IP instead. sudo iptables -t nat -A PREROUTING -d $HOST_PRIVATE_IP/32 -p tcp --dport 80 -j DNAT --to-destination $PROXY_IP sudo iptables -t nat -A PREROUTING -d $HOST_PRIVATE_IP/32 -p tcp --dport 443 -j DNAT --to-destination $PROXY_IP # Accept forwarding on port 80 and 443 sudo iptables -A FORWARD -p tcp -d $PROXY_IP --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT sudo iptables -A FORWARD -p tcp -d $PROXY_IP --dport 443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # 80 port on iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.2:8080 iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 8080 -j ACCEPT -
Nov 25, 2020 . 1 changed file with 16 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,11 +1,15 @@ # Flushing all rules /sbin/iptables -F /sbin/iptables -X # allow all loopback connections iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # allow all outgoing connections to wan iptables -A OUTPUT -o eth0 -j ACCEPT # allow incomming and outgoing icmp connections iptables -A INPUT -p icmp -j ACCEPT iptables -A OUTPUT -p icmp -j ACCEPT @@ -37,4 +41,14 @@ iptables -A FORWARD -s 192.168.252.0/24 -p tcp -m conntrack --ctstate NEW -m mul # allow forwarding all dns connections iptables -A FORWARD -p tcp -m conntrack --ctstate NEW -m tcp --dport 53 -j ACCEPT iptables -A FORWARD -p udp -m conntrack --ctstate NEW -m udp --dport 53 -j ACCEPT # PORT FORWARDING # Reroute packets destined for $HOST_PRIVATE_IP on ports 80 and 443 to go to $PROXY_IP instead. sudo iptables -t nat -A PREROUTING -d $HOST_PRIVATE_IP/32 -p tcp --dport 80 -j DNAT --to-destination $PROXY_IP sudo iptables -t nat -A PREROUTING -d $HOST_PRIVATE_IP/32 -p tcp --dport 443 -j DNAT --to-destination $PROXY_IP # Accept forwarding on port 80 and 443 sudo iptables -A FORWARD -p tcp -d $PROXY_IP --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT sudo iptables -A FORWARD -p tcp -d $PROXY_IP --dport 443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -
Nov 22, 2020 . 1 changed file with 3 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,8 +1,11 @@ # allow all loopback connections iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # allow all outgoing connections to wan iptables -A OUTPUT -o eth0 -j ACCEPT # allow all icmp connections iptables -A INPUT -p icmp -j ACCEPT iptables -A OUTPUT -p icmp -j ACCEPT -
Nov 22, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,37 @@ iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A OUTPUT -o eth0 -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A OUTPUT -p icmp -j ACCEPT # allow all incoming related and established connections iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # allow all outgoing related and established connections iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # allow ssh connections from all interfaces iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 22 -j ACCEPT # drop all other iptables -P OUTPUT DROP iptables -P INPUT DROP iptables -P FORWARD DROP # NAT iptables -t nat -A POSTROUTING -o eth0 -s 192.168.252.0/24 -j MASQUERADE # allow forwarding all icmp iptables -A FORWARD -p icmp -j ACCEPT # allow forwarding all related and established connections iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # allow forwarding new connections from local network iptables -A FORWARD -s 192.168.252.0/24 -p tcp -m conntrack --ctstate NEW -m multiport --dports 80,443 -j ACCEPT # allow forwarding all dns connections iptables -A FORWARD -p tcp -m conntrack --ctstate NEW -m tcp --dport 53 -j ACCEPT iptables -A FORWARD -p udp -m conntrack --ctstate NEW -m udp --dport 53 -j ACCEPT