ip masquerading script for dynamic IP
C Hamel
yogich at sc2000.net
Fri Oct 20 18:15:52 UTC 2006
On Friday 20 October 2006 11:31, Felipe Figueiredo wrote:
> Em Friday 20 October 2006 09:49, C Hamel escreveu:
> > On Thursday 19 October 2006 13:12, Noah wrote:
> > > Hi
> > >
> > > I am wondering if somebody knows where I can find a script that handles
> > > ip masquerading for dynamically assigned IPs from my upstream?
> > >
> > > cheers,
> > >
> > > Noah
> >
> > You might start here, though I use static, myself...
>
> [...]
>
> > #Drop TCP / UDP packets to privileged ports
> > iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP
> > iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP
>
> This is very harsh. It will disrupt some protocols that use ports in this
> range for output. Some of which include NTP and DHCP. Also note you didn't
> issue a stateful,established rule before dropping everything, so it is
> virtually impossible to even get an IP address dynamically.
>
> This may be well suited for your case, but it's definitely not a starting
> point. One should begin accepting known needed ports, then drop everything
> else, and not the other way around.
NP! Don't use it, then! ;-)
--
...CH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20061020/d9ccec46/attachment.sig>
More information about the ubuntu-users
mailing list