아래링크의 문서를 읽어보시거나 적수네동네 팁란에 검색해보시면 좋은글이 있습니다.
http://kltp.kldp.org/stories.php?story=01/01/10/8519823

아래는 제가 쓰는 예제이고 소리바다를 사용하기위함입니다.
############################################################################
#Custom firewall rules...
############################################################################

############################################################
#for kernel2.4 MASQUERADING #
############################################################
#default gateway is eth0 #
#/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE#
#echo 1 > /proc/sys/net/ipv4/ip_forward #
#default gateway is ppp0 for ADSL #
#/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE#
############################################################

######################################################################################
#soribada port forwording.. for kernel 2.4
#/sbin/iptables -A PREROUTING -t nat -p udp --dport 9049:9052 -j DNAT --to 192.168.0.2:9052
#/sbin/iptables -A PREROUTING -t nat -p udp --dport 9051 -j DNAT --to 192.168.0.2:9051
#/sbin/iptables -A PREROUTING -t nat -p udp --dport 9050 -j DNAT --to 192.168.0.2:9050
#/sbin/iptables -A PREROUTING -t nat -p udp --dport 9049 -j DNAT --to 192.168.0.2:9049
#iptables -t nat -A PREROUTING -i ppp0 -p udp --dport 9017:9020 -j DNAT --to 192.168.0.2:9020
#iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 9017:9020 -j DNAT --to 192.168.0.2:9020
################################################################################

#아래의 설정들은 보안에 관련되거나 성능향상을 위해 사용합니다.
for pfile in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo "1" > $pfile
done
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
#deny pinging broadcast
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "2" > /proc/sys/net/ipv4/tcp_retries1
echo "8192" > /proc/sys/net/ipv4/tcp_max_syn_backlog
##############################################################################
rc.local파일이나 rc.firewall파일에 넣으시고 시스템시작시 실행되게(rc.local마지막부분에 ./rc.firewall을 넣으시면 됩니다)하시고 소리바다설정에서 랜덤포트를 9049~9052로 변경후 온라인상태 자동감지를 끄시면됩니다.
adsl인경우는 adsl접속이 끊어지면 위의 상태가 변경되기 때문에 /etc/ppp/ip-up.local파일에 /etc/rc.firewalld르 넣으시던지 아니면 일정시간마다 다시 방화벽설정을 갱신하게 해주시면 되겠습니다.

http://netfilter.kernelnotes.org/unreliable-guides/packet-filtering-HOWT...

http://kltp.kldp.org

'Security' 카테고리의 다른 글

portsentry 사용법  (0) 2001.08.08
특정 아이피에게만 텔넷허용  (0) 2001.08.08
로그파일 관리  (0) 2001.08.08
last, lastlog, lastcomm  (0) 2001.08.08
메세지의 실시간 추적  (0) 2001.08.08
iptables 사용예제  (0) 2001.08.08

+ Recent posts