Ich würd einfach gern mal wissen: Hab ich sensible Ports offen?

Deswegen hier mei Script:

Code: Alles auswählenAufklappen

ATTFilter

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -p tcp -s 192.168.XXX.XXX -j ACCEPT #ausgehend
iptables -A FORWARD -p tcp -s 192.168.XXX.YYY -j ACCEPT #ausgehend

## GAMES
#Battle.net
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6112 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6113 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6114 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6115 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6116 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6117 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6118 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6119 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 4000 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6112 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6113 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6114 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6115 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6116 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6117 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6118 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6119 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 4000 -j DNAT --to-destination 192.168.XXX.XXX

#GameSpy
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 3783 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6500 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6515 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 13139 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 27900 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 28900 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 29900 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 29901 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6515 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 3783 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6500 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6515 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 13139 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 27900 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 28900 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 29900 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 29901 -j DNAT --to-destination 192.168.XXX.XXX

##IRC
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 60 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 120 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 4000 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 4001 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6666 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6667 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6668 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 7000 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 20003 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 60 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 120 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 4000 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 4001 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6666 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6667 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6668 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 7000 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 20003 -j DNAT --to-destination 192.168.XXX.XXX

## INSTANT MESSENGERS
#ICQ
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 24500 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 24501 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 24502 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 24503 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 24504 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 24505 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 24500 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 24501 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 24502 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 24503 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 24504 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 24505 -j DNAT --to-destination 192.168.XXX.XXX

#Skype
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 48887 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 48887 -j DNAT --to-destination 192.168.XXX.XXX
         

Danke schonmal fuer die Muehen

blacker lotus

Hallo,

Ist der Rechner auf dem das IpTables-Skript läuft eine Workstation oder fungiert der Rechner als Router oder Server? Für eine Workstation forwardest Du viel zu viel.

Um zu schauen was für Ports auf dem Rechner geöffnet werden, ist das die falsche Rangehensweise.

Stell doch erstmal mit

Code: Alles auswählenAufklappen

ATTFilter

# lsof -Pni | grep LISTEN
         

fest was so alles auf dem Rechner lauscht.

piet