Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
mypage_892017-06-26 17:08:49
Squid
mypage_89, 2017-06-26 17:08:49

How to set up iptables on CentOS for torrent?

Hello. Help setting up port forwarding 40000 (torrenta) in iptables. Squid + Iptables is configured on a CentOS 7 machine. The iptables settings are:
enp2s0 -external network
enp3s1 -internal network
*nat
-A PREROUTING -i enp3s1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.10.1:3128
-A PREROUTING -i enp2s0 - p tcp -m tcp --dport 40000 -j DNAT --to-destination 192.168.10.10:40000
-A PREROUTING -i enp2s0 -p udp -m udp --dport 40000 -j DNAT --to-destination 192.168.10.10: 40000
-A POSTROUTING -s 192.168.10.0/24 -o enp2s0 -j ​​MASQUERADE
*filter
-A INPUT -i lo -j ACCEPT
-A INPUT -i enp3s1 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED - j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -m state --state INVALID -j DROP
-A INPUT -p tcp -m tcp! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -i enp3s1 -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -m state -- state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -i enp2s0 -o enp3s1 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o enp3s1 -j ACCEPT
-A OUTPUT -o enp2s0 -j ​​ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
K
krosh, 2017-06-26
@mypage_89 

iptables -I FORWARD -i enp2s0 -o enp3s1  -m state --state NEW -p tcp -m tcp --dport 40000 -d 192.168.10.10 -j ACCEPT

You allow the passage of packets with the state of an established connection, but incoming traffic is new, the gateway does not know anything about it, so it is blocked.
Rule 3 in FORWARD is too narrow, I would replace it with a more general one, without specifying interfaces. If there are no others and there are only two of them on the gateway: internal and external.

Similar questions
S
Serg4362016-09-01 10:45:16
"Transparent" Squid with HTTPS resource filtering, whitelisting? 1Reply
S
Stan Marsh2016-09-08 09:14:19
How to configure proxy correctly? 1Reply
I
Ilya bow2016-09-25 17:09:26
squid. Delete the package and the daemon remains what to do? 1Reply
V
Vladislav Ivashchenko2014-10-10 15:49:06
Is it possible to teach squid to proxy proxies? 1Reply
M
Maxim2014-10-10 22:37:45
How to properly organize https proxying? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question