ip masquerading script for dynamic IP
Felipe Figueiredo
philsf at ufrj.br
Fri Oct 20 16:31:22 UTC 2006
Em Friday 20 October 2006 09:49, C Hamel escreveu:
> On Thursday 19 October 2006 13:12, Noah wrote:
> > Hi
> >
> > I am wondering if somebody knows where I can find a script that handles
> > ip masquerading for dynamically assigned IPs from my upstream?
> >
> > cheers,
> >
> > Noah
> You might start here, though I use static, myself...
>
[...]
> #Drop TCP / UDP packets to privileged ports
> iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP
> iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP
This is very harsh. It will disrupt some protocols that use ports in this
range for output. Some of which include NTP and DHCP. Also note you didn't
issue a stateful,established rule before dropping everything, so it is
virtually impossible to even get an IP address dynamically.
This may be well suited for your case, but it's definitely not a starting
point. One should begin accepting known needed ports, then drop everything
else, and not the other way around.
More information about the ubuntu-users
mailing list