der2of6
26.12.04, 11:15
Hallo, ich habe einen router mir 3 nics.
eth0 10.5.11.0
eth1 10.6.1.7
ppp0 internet
sowie folgende routen
10.0.0.0/8 via 10.6.1.254
62.153.78.0/25 via 10.6.1.254
62.159.144.0/24 via 10.6.1.254
Nun habe ich das problem, das ich von den clients wunderbar richtung den netzen bei eth1 komme, aber nicht vom router selber.
Die firewall wurde mit dem script iptables erstellt
Das schaut so aus.
Kann mir jemand helfen?
Ich finde den fehler einfach nicht :(
Edit:
Evtl ist noch wichtig zu sagen, das ich wenn dich die routen richtung 62.xx.xx.xxx lösche, also über ppp0 gehe, dann komme ich dort auch an.
Warum geht das mit den routen nicht?
# Generated by iptables-save v1.2.11 on Sun Dec 26 12:10:58 2004
*filter
:INPUT DROP [12:555]
:FORWARD DROP [10:6178]
:OUTPUT ACCEPT [8:741]
:JAY_CHECK_ICMP - [0:0]
:JAY_CHECK_TCP - [0:0]
:JAY_FWD_INET_LAN - [0:0]
:JAY_FWD_LAN_INET - [0:0]
:JAY_FWD_LAN_LAN - [0:0]
:JAY_INETIN - [0:0]
:JAY_INETIN_TCP - [0:0]
:JAY_INETIN_UDP - [0:0]
:JAY_INETOUT - [0:0]
:JAY_LANIN - [0:0]
:JAY_LANIN_TCP - [0:0]
:JAY_LANIN_UDP - [0:0]
:JAY_LANOUT - [0:0]
:JAY_SPOOFING - [0:0]
:JAY_SYNFLOOD - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j JAY_LANIN
-A INPUT -i eth1 -j JAY_LANIN
-A INPUT -i ppp0 -j JAY_INETIN
-A FORWARD -i eth0 -o eth1 -j JAY_FWD_LAN_LAN
-A FORWARD -i eth1 -o eth0 -j JAY_FWD_LAN_LAN
-A FORWARD -i ppp0 -o eth0 -j JAY_FWD_INET_LAN
-A FORWARD -i ppp0 -o eth1 -j JAY_FWD_INET_LAN
-A FORWARD -i eth0 -o ppp0 -j JAY_FWD_LAN_INET
-A FORWARD -i eth1 -o ppp0 -j JAY_FWD_LAN_INET
-A FORWARD -i ppp0 -p tcp -m tcp --dport 6662 -m state --state NEW -j ACCEPT
-A FORWARD -i ppp0 -p tcp -m tcp --dport 6666 -m state --state NEW -j ACCEPT
-A FORWARD -i ppp0 -p udp -m udp --dport 6672 -m state --state NEW -j ACCEPT
-A OUTPUT -o eth0 -j JAY_LANOUT
-A OUTPUT -o eth1 -j JAY_LANOUT
-A OUTPUT -o ppp0 -j JAY_INETOUT
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 17 -j DROP
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 5/0 -j DROP
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 5/1 -j DROP
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 5/0 -j DROP
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 5/2 -j DROP
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 5/3 -j DROP
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 13 -j DROP
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 14 -j DROP
-A JAY_CHECK_ICMP -j ACCEPT
-A JAY_CHECK_TCP -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
-A JAY_CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A JAY_CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A JAY_CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A JAY_CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A JAY_CHECK_TCP -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A JAY_CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A JAY_CHECK_TCP -m state --state INVALID -j DROP
-A JAY_CHECK_TCP -p tcp -m tcp --tcp-option 64 -j DROP
-A JAY_CHECK_TCP -p tcp -m tcp --tcp-option 128 -j DROP
-A JAY_FWD_INET_LAN -p tcp -j JAY_CHECK_TCP
-A JAY_FWD_INET_LAN -p icmp -j JAY_CHECK_ICMP
-A JAY_FWD_INET_LAN -j JAY_SPOOFING
-A JAY_FWD_INET_LAN -m state --state RELATED,ESTABLISHED -j ACCEPT
-A JAY_FWD_LAN_INET -p icmp -m icmp --icmp-type 0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "Dopped PING reply to outside" --log-level 6
-A JAY_FWD_LAN_INET -p icmp -m icmp --icmp-type 0 -j DROP
-A JAY_FWD_LAN_INET -p icmp -m state --state INVALID -j DROP
-A JAY_FWD_LAN_INET -p tcp -j JAY_CHECK_TCP
-A JAY_FWD_LAN_INET -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A JAY_FWD_LAN_INET -f -j DROP
-A JAY_FWD_LAN_INET -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A JAY_FWD_LAN_LAN -j ACCEPT
-A JAY_INETIN -j JAY_SPOOFING
-A JAY_INETIN -p tcp -j JAY_INETIN_TCP
-A JAY_INETIN -p udp -j JAY_INETIN_UDP
-A JAY_INETIN -p icmp -j JAY_CHECK_ICMP
-A JAY_INETIN -m state --state ESTABLISHED -j ACCEPT
-A JAY_INETIN -j DROP
-A JAY_INETIN_TCP -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j JAY_SYNFLOOD
-A JAY_INETIN_TCP -j JAY_CHECK_TCP
-A JAY_INETIN_TCP -i ppp0 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A JAY_INETIN_TCP -i ppp0 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A JAY_INETIN_TCP -i ppp0 -p tcp -m tcp --dport 123 -m state --state NEW,ESTABLISHED -j ACCEPT
-A JAY_INETIN_TCP -p tcp -m tcp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A JAY_INETIN_UDP -s 10.5.11.254 -p udp -m udp --sport 53 -m state --state ESTABLISHED -j ACCEPT
-A JAY_INETIN_UDP -p udp -m udp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A JAY_LANIN -s 10.5.11.0/255.255.255.0 -i eth0 -p tcp -j JAY_LANIN_TCP
-A JAY_LANIN -s 10.5.11.0/255.255.255.0 -i eth0 -p udp -j JAY_LANIN_UDP
-A JAY_LANIN -s 10.6.1.0/255.255.255.0 -i eth1 -p tcp -j JAY_LANIN_TCP
-A JAY_LANIN -s 10.6.1.0/255.255.255.0 -i eth1 -p udp -j JAY_LANIN_UDP
-A JAY_LANIN -p icmp -j ACCEPT
-A JAY_LANIN_TCP -m state --state NEW,ESTABLISHED -j ACCEPT
-A JAY_LANIN_TCP -p tcp -m tcp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A JAY_LANIN_UDP -m state --state NEW,ESTABLISHED -j ACCEPT
-A JAY_LANIN_UDP -p udp -m udp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A JAY_LANOUT -d 10.5.11.0/255.255.255.0 -o eth0 -j ACCEPT
-A JAY_LANOUT -d 10.6.1.0/255.255.255.0 -o eth1 -j ACCEPT
-A JAY_SPOOFING -s 0.0.0.0/255.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 10.0.0.0/255.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 127.0.0.0/255.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 169.254.0.0/255.255.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 172.16.0.0/255.240.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 192.0.2.0/255.255.255.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 192.168.0.0/255.255.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 224.0.0.0/240.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 240.0.0.0/248.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 248.0.0.0/248.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 255.255.255.255 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 217.232.238.146 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 10.5.11.0/255.255.255.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 10.6.1.0/255.255.255.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -d 255.255.255.255 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -d 0.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 0.0.0.0/255.0.0.0 -j DROP
-A JAY_SPOOFING -s 10.0.0.0/255.0.0.0 -j DROP
-A JAY_SPOOFING -s 127.0.0.0/255.0.0.0 -j DROP
-A JAY_SPOOFING -s 169.254.0.0/255.255.0.0 -j DROP
-A JAY_SPOOFING -s 172.16.0.0/255.240.0.0 -j DROP
-A JAY_SPOOFING -s 192.0.2.0/255.255.255.0 -j DROP
-A JAY_SPOOFING -s 192.168.0.0/255.255.0.0 -j DROP
-A JAY_SPOOFING -s 224.0.0.0/240.0.0.0 -j DROP
-A JAY_SPOOFING -s 240.0.0.0/248.0.0.0 -j DROP
-A JAY_SPOOFING -s 248.0.0.0/248.0.0.0 -j DROP
-A JAY_SPOOFING -s 255.255.255.255 -j DROP
-A JAY_SPOOFING -s 217.232.238.146 -j DROP
-A JAY_SPOOFING -s 10.5.11.0/255.255.255.0 -j DROP
-A JAY_SPOOFING -s 10.6.1.0/255.255.255.0 -j DROP
-A JAY_SPOOFING -d 255.255.255.255 -j DROP
-A JAY_SPOOFING -d 0.0.0.0 -j DROP
-A JAY_SYNFLOOD -m limit --limit 4/sec --limit-burst 4 -j RETURN
-A JAY_SYNFLOOD -j DROP
COMMIT
# Completed on Sun Dec 26 12:10:58 2004
# Generated by iptables-save v1.2.11 on Sun Dec 26 12:10:58 2004
*mangle
:PREROUTING ACCEPT [14717682:11753171880]
:INPUT ACCEPT [8040865:7871026792]
:FORWARD ACCEPT [6563412:3878743140]
:OUTPUT ACCEPT [7605207:6785862017]
:POSTROUTING ACCEPT [14169155:10664735546]
COMMIT
# Completed on Sun Dec 26 12:10:58 2004
# Generated by iptables-save v1.2.11 on Sun Dec 26 12:10:58 2004
*nat
:PREROUTING ACCEPT [267:12378]
:POSTROUTING ACCEPT [108:6770]
:OUTPUT ACCEPT [7:948]
-A PREROUTING -d 217.232.238.146 -i ppp0 -p tcp -m tcp --dport 6662 -j DNAT --to-destination 10.5.11.1
-A PREROUTING -d 217.232.238.146 -i ppp0 -p tcp -m tcp --dport 6666 -j DNAT --to-destination 10.5.11.1
-A PREROUTING -d 217.232.238.146 -i ppp0 -p udp -m udp --dport 6672 -j DNAT --to-destination 10.5.11.1
-A POSTROUTING -s 10.5.11.0/255.255.255.0 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.6.1.0/255.255.255.0 -o ppp0 -j MASQUERADE
COMMIT
# Completed on Sun Dec 26 12:10:58 2004
eth0 10.5.11.0
eth1 10.6.1.7
ppp0 internet
sowie folgende routen
10.0.0.0/8 via 10.6.1.254
62.153.78.0/25 via 10.6.1.254
62.159.144.0/24 via 10.6.1.254
Nun habe ich das problem, das ich von den clients wunderbar richtung den netzen bei eth1 komme, aber nicht vom router selber.
Die firewall wurde mit dem script iptables erstellt
Das schaut so aus.
Kann mir jemand helfen?
Ich finde den fehler einfach nicht :(
Edit:
Evtl ist noch wichtig zu sagen, das ich wenn dich die routen richtung 62.xx.xx.xxx lösche, also über ppp0 gehe, dann komme ich dort auch an.
Warum geht das mit den routen nicht?
# Generated by iptables-save v1.2.11 on Sun Dec 26 12:10:58 2004
*filter
:INPUT DROP [12:555]
:FORWARD DROP [10:6178]
:OUTPUT ACCEPT [8:741]
:JAY_CHECK_ICMP - [0:0]
:JAY_CHECK_TCP - [0:0]
:JAY_FWD_INET_LAN - [0:0]
:JAY_FWD_LAN_INET - [0:0]
:JAY_FWD_LAN_LAN - [0:0]
:JAY_INETIN - [0:0]
:JAY_INETIN_TCP - [0:0]
:JAY_INETIN_UDP - [0:0]
:JAY_INETOUT - [0:0]
:JAY_LANIN - [0:0]
:JAY_LANIN_TCP - [0:0]
:JAY_LANIN_UDP - [0:0]
:JAY_LANOUT - [0:0]
:JAY_SPOOFING - [0:0]
:JAY_SYNFLOOD - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j JAY_LANIN
-A INPUT -i eth1 -j JAY_LANIN
-A INPUT -i ppp0 -j JAY_INETIN
-A FORWARD -i eth0 -o eth1 -j JAY_FWD_LAN_LAN
-A FORWARD -i eth1 -o eth0 -j JAY_FWD_LAN_LAN
-A FORWARD -i ppp0 -o eth0 -j JAY_FWD_INET_LAN
-A FORWARD -i ppp0 -o eth1 -j JAY_FWD_INET_LAN
-A FORWARD -i eth0 -o ppp0 -j JAY_FWD_LAN_INET
-A FORWARD -i eth1 -o ppp0 -j JAY_FWD_LAN_INET
-A FORWARD -i ppp0 -p tcp -m tcp --dport 6662 -m state --state NEW -j ACCEPT
-A FORWARD -i ppp0 -p tcp -m tcp --dport 6666 -m state --state NEW -j ACCEPT
-A FORWARD -i ppp0 -p udp -m udp --dport 6672 -m state --state NEW -j ACCEPT
-A OUTPUT -o eth0 -j JAY_LANOUT
-A OUTPUT -o eth1 -j JAY_LANOUT
-A OUTPUT -o ppp0 -j JAY_INETOUT
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 17 -j DROP
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 5/0 -j DROP
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 5/1 -j DROP
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 5/0 -j DROP
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 5/2 -j DROP
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 5/3 -j DROP
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 13 -j DROP
-A JAY_CHECK_ICMP -p icmp -m icmp --icmp-type 14 -j DROP
-A JAY_CHECK_ICMP -j ACCEPT
-A JAY_CHECK_TCP -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
-A JAY_CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A JAY_CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A JAY_CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A JAY_CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A JAY_CHECK_TCP -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A JAY_CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A JAY_CHECK_TCP -m state --state INVALID -j DROP
-A JAY_CHECK_TCP -p tcp -m tcp --tcp-option 64 -j DROP
-A JAY_CHECK_TCP -p tcp -m tcp --tcp-option 128 -j DROP
-A JAY_FWD_INET_LAN -p tcp -j JAY_CHECK_TCP
-A JAY_FWD_INET_LAN -p icmp -j JAY_CHECK_ICMP
-A JAY_FWD_INET_LAN -j JAY_SPOOFING
-A JAY_FWD_INET_LAN -m state --state RELATED,ESTABLISHED -j ACCEPT
-A JAY_FWD_LAN_INET -p icmp -m icmp --icmp-type 0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "Dopped PING reply to outside" --log-level 6
-A JAY_FWD_LAN_INET -p icmp -m icmp --icmp-type 0 -j DROP
-A JAY_FWD_LAN_INET -p icmp -m state --state INVALID -j DROP
-A JAY_FWD_LAN_INET -p tcp -j JAY_CHECK_TCP
-A JAY_FWD_LAN_INET -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A JAY_FWD_LAN_INET -f -j DROP
-A JAY_FWD_LAN_INET -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A JAY_FWD_LAN_LAN -j ACCEPT
-A JAY_INETIN -j JAY_SPOOFING
-A JAY_INETIN -p tcp -j JAY_INETIN_TCP
-A JAY_INETIN -p udp -j JAY_INETIN_UDP
-A JAY_INETIN -p icmp -j JAY_CHECK_ICMP
-A JAY_INETIN -m state --state ESTABLISHED -j ACCEPT
-A JAY_INETIN -j DROP
-A JAY_INETIN_TCP -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j JAY_SYNFLOOD
-A JAY_INETIN_TCP -j JAY_CHECK_TCP
-A JAY_INETIN_TCP -i ppp0 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A JAY_INETIN_TCP -i ppp0 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A JAY_INETIN_TCP -i ppp0 -p tcp -m tcp --dport 123 -m state --state NEW,ESTABLISHED -j ACCEPT
-A JAY_INETIN_TCP -p tcp -m tcp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A JAY_INETIN_UDP -s 10.5.11.254 -p udp -m udp --sport 53 -m state --state ESTABLISHED -j ACCEPT
-A JAY_INETIN_UDP -p udp -m udp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A JAY_LANIN -s 10.5.11.0/255.255.255.0 -i eth0 -p tcp -j JAY_LANIN_TCP
-A JAY_LANIN -s 10.5.11.0/255.255.255.0 -i eth0 -p udp -j JAY_LANIN_UDP
-A JAY_LANIN -s 10.6.1.0/255.255.255.0 -i eth1 -p tcp -j JAY_LANIN_TCP
-A JAY_LANIN -s 10.6.1.0/255.255.255.0 -i eth1 -p udp -j JAY_LANIN_UDP
-A JAY_LANIN -p icmp -j ACCEPT
-A JAY_LANIN_TCP -m state --state NEW,ESTABLISHED -j ACCEPT
-A JAY_LANIN_TCP -p tcp -m tcp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A JAY_LANIN_UDP -m state --state NEW,ESTABLISHED -j ACCEPT
-A JAY_LANIN_UDP -p udp -m udp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A JAY_LANOUT -d 10.5.11.0/255.255.255.0 -o eth0 -j ACCEPT
-A JAY_LANOUT -d 10.6.1.0/255.255.255.0 -o eth1 -j ACCEPT
-A JAY_SPOOFING -s 0.0.0.0/255.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 10.0.0.0/255.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 127.0.0.0/255.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 169.254.0.0/255.255.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 172.16.0.0/255.240.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 192.0.2.0/255.255.255.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 192.168.0.0/255.255.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 224.0.0.0/240.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 240.0.0.0/248.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 248.0.0.0/248.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 255.255.255.255 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 217.232.238.146 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 10.5.11.0/255.255.255.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 10.6.1.0/255.255.255.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -d 255.255.255.255 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -d 0.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A JAY_SPOOFING -s 0.0.0.0/255.0.0.0 -j DROP
-A JAY_SPOOFING -s 10.0.0.0/255.0.0.0 -j DROP
-A JAY_SPOOFING -s 127.0.0.0/255.0.0.0 -j DROP
-A JAY_SPOOFING -s 169.254.0.0/255.255.0.0 -j DROP
-A JAY_SPOOFING -s 172.16.0.0/255.240.0.0 -j DROP
-A JAY_SPOOFING -s 192.0.2.0/255.255.255.0 -j DROP
-A JAY_SPOOFING -s 192.168.0.0/255.255.0.0 -j DROP
-A JAY_SPOOFING -s 224.0.0.0/240.0.0.0 -j DROP
-A JAY_SPOOFING -s 240.0.0.0/248.0.0.0 -j DROP
-A JAY_SPOOFING -s 248.0.0.0/248.0.0.0 -j DROP
-A JAY_SPOOFING -s 255.255.255.255 -j DROP
-A JAY_SPOOFING -s 217.232.238.146 -j DROP
-A JAY_SPOOFING -s 10.5.11.0/255.255.255.0 -j DROP
-A JAY_SPOOFING -s 10.6.1.0/255.255.255.0 -j DROP
-A JAY_SPOOFING -d 255.255.255.255 -j DROP
-A JAY_SPOOFING -d 0.0.0.0 -j DROP
-A JAY_SYNFLOOD -m limit --limit 4/sec --limit-burst 4 -j RETURN
-A JAY_SYNFLOOD -j DROP
COMMIT
# Completed on Sun Dec 26 12:10:58 2004
# Generated by iptables-save v1.2.11 on Sun Dec 26 12:10:58 2004
*mangle
:PREROUTING ACCEPT [14717682:11753171880]
:INPUT ACCEPT [8040865:7871026792]
:FORWARD ACCEPT [6563412:3878743140]
:OUTPUT ACCEPT [7605207:6785862017]
:POSTROUTING ACCEPT [14169155:10664735546]
COMMIT
# Completed on Sun Dec 26 12:10:58 2004
# Generated by iptables-save v1.2.11 on Sun Dec 26 12:10:58 2004
*nat
:PREROUTING ACCEPT [267:12378]
:POSTROUTING ACCEPT [108:6770]
:OUTPUT ACCEPT [7:948]
-A PREROUTING -d 217.232.238.146 -i ppp0 -p tcp -m tcp --dport 6662 -j DNAT --to-destination 10.5.11.1
-A PREROUTING -d 217.232.238.146 -i ppp0 -p tcp -m tcp --dport 6666 -j DNAT --to-destination 10.5.11.1
-A PREROUTING -d 217.232.238.146 -i ppp0 -p udp -m udp --dport 6672 -j DNAT --to-destination 10.5.11.1
-A POSTROUTING -s 10.5.11.0/255.255.255.0 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.6.1.0/255.255.255.0 -o ppp0 -j MASQUERADE
COMMIT
# Completed on Sun Dec 26 12:10:58 2004