Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Mac OSX & Linux (https://www.trojaner-board.de/alles-rund-um-mac-osx-linux/)
-   -   IPtables - sensible Ports... (https://www.trojaner-board.de/19596-iptables-sensible-ports.html)

BlackerLotus 06.07.2005 20:10
IPtables - sensible Ports...
 
Ich würd einfach gern mal wissen: Hab ich sensible Ports offen?

Deswegen hier mei Script:

Code:
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -p tcp -s 192.168.XXX.XXX -j ACCEPT #ausgehend
iptables -A FORWARD -p tcp -s 192.168.XXX.YYY -j ACCEPT #ausgehend

## GAMES
#Battle.net
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6112 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6113 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6114 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6115 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6116 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6117 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6118 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6119 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 4000 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6112 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6113 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6114 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6115 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6116 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6117 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6118 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6119 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 4000 -j DNAT --to-destination 192.168.XXX.XXX

#GameSpy
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 3783 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6500 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6515 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 13139 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 27900 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 28900 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 29900 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 29901 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6515 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 3783 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6500 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6515 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 13139 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 27900 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 28900 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 29900 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 29901 -j DNAT --to-destination 192.168.XXX.XXX

##IRC
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 60 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 120 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 4000 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 4001 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6666 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6667 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 6668 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 7000 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 20003 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 60 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 120 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 4000 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 4001 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6666 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6667 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 6668 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 7000 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 20003 -j DNAT --to-destination 192.168.XXX.XXX

## INSTANT MESSENGERS
#ICQ
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 24500 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 24501 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 24502 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 24503 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 24504 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 24505 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 24500 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 24501 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 24502 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 24503 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 24504 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 24505 -j DNAT --to-destination 192.168.XXX.XXX

#Skype
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 48887 -j DNAT --to-destination 192.168.XXX.XXX
iptables -A PREROUTING -t nat -p udp -i ppp0 --dport 48887 -j DNAT --to-destination 192.168.XXX.XXX

Danke schonmal fuer die Muehen :)

blacker lotus

piet 06.07.2005 20:43
Hallo,

Ist der Rechner auf dem das IpTables-Skript läuft eine Workstation oder fungiert der Rechner als Router oder Server? Für eine Workstation forwardest Du viel zu viel.

Um zu schauen was für Ports auf dem Rechner geöffnet werden, ist das die falsche Rangehensweise.

Stell doch erstmal mit

Code:
# lsof -Pni | grep LISTEN
fest was so alles auf dem Rechner lauscht.

piet


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55