Administrace komentářů

option domain-name "sadam.chickenkiller.com"; #DSN stroje
option domain-name-servers 213.46.172.36,213.46.172.37; #DSN servery ktere budou predany klientum na DHCP

default-lease-time 3600;#doba po kterou ma klined pridelenou IP
authoritative; #DHCP server je hlavni (zjednodusene)


subnet 192.168.2.0 netmask 255.255.255.0 { # subnet , ip musi byt stejna jako je IP karty na ktere pobezi DHCP

    range 192.168.2.2 192.168.2.255;#rozsah DHCP
    option routers 192.168.2.1; #route 
}

host sadamPC { #pojmenovani meho stroje pro prideleni pevne IP v DHCP
    hardware ethernet 00:1D:7D:A4:6D:9F; #MAC adresa me sitove karty v PC
    fixed-address 192.168.3.8;# tvrda IP ktera se memu PC nastavi
}

#!/bin/bash
IPTABLES=/usr/sbin/iptables
EXTIF="eth2"  	 #device conected to the internet
INTIF0="eth0"    #Firs internal device 

#port forwarting 
IP="192.168.2.8" #Ip adress of target machine
PORT="5900" #VNC #Number of forwarted port

echo "1" > /proc/sys/net/ipv4/ip_forward  #zapnuti smerovani packetu
	$IPTABLES -P FORWARD DROP
	$IPTABLES -F FORWARD
	$IPTABLES -t nat -F
	
	$IPTABLES -A FORWARD -i $EXTIF -o $INTIF0 -j ACCEPT #pustit vse ven
	$IPTABLES -A FORWARD -i $INTIF0 -o $EXTIF -j ACCEPT #naopak
	
	$IPTABLES -A FORWARD -j LOG
	$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE	#nahozeni maskarady
	

        #port forwarting
	$IPTABLES -A PREROUTING -t nat  -p tcp -i $EXTIF --dport $PORT -j DNAT --to $IP:$PORT 
	$IPTABLES -A FORWARD -i $EXTIF -p tcp -d $IP --dport $PORT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT