Konfiguration anpassen
From t-hack.com - Hack X300T / X301T
(→base.txt) |
(→base.txt) |
||
| Line 25: | Line 25: | ||
# netmask in CIDR (no. of set bits) | # netmask in CIDR (no. of set bits) | ||
IP_NET_2_DEV='eth2' # required: device name like ethX | IP_NET_2_DEV='eth2' # required: device name like ethX | ||
| + | <br> | ||
| + | 2.Auszug:<br> | ||
| + | #-------------------------------------------------------------------------- | ||
| + | # Known networks - Networks which are allowed to pass the packet | ||
| + | # filter (additional restrictions may be applied via black/white | ||
| + | # lists, port based filters, port forwarding opens additional holes, ...) | ||
| + | #-------------------------------------------------------------------------- | ||
| + | MASQ_NETWORK='IP_NET_1,IP_NET_2' # networks to masquerade (e.g. our LAN) | ||
| + | ROUTE_NETWORK='' # same as masq_network, but packets | ||
| + | <br> | ||
| + | 3.Auszug:<br> | ||
| + | PF_INPUT_N='3' | ||
| + | PF_INPUT_1='IP_NET_1 ACCEPT' # allow all hosts in the local | ||
| + | PF_INPUT_2='IP_NET_2 ACCEPT' # network access to the router | ||
| + | PF_INPUT_3='any 224.0.0.0/4 ACCEPT' | ||
| + | <br> | ||
| + | 4.Auszug:<br> | ||
| + | |||
| + | # otherwise drop packet | ||
| + | PF_FORWARD_N='4' | ||
| + | PF_FORWARD_1='tmpl:samba DROP' # drop samba traffic if it tries | ||
| + | # to leave the subnet | ||
| + | PF_FORWARD_2='IP_NET_1 ACCEPT' # accept everything else | ||
| + | PF_FORWARD_3='IP_NET_2 ACCEPT' | ||
| + | PF_FORWARD_4='any 224.0.0.0/4 ACCEPT' # accept everything else | ||
| + | PF_POSTROUTING_N='2' | ||
| + | PF_POSTROUTING_1='IP_NET_1 MASQUERADE' # masquerade traffic leaving | ||
| + | PF_POSTROUTING_2='IP_NET_2 MASQUERADE' # the subnet | ||
== dsl.txt == | == dsl.txt == | ||
