- แนะนำเพิ่เติมนิดนึงครับ ถ้าจะถามปัญหาเกียวกับ Firewall ควรที่จะโพสท์ Firewall ที่ใช้อยู่ทั้งหมดด้วย
ใช่ตัวนี่หรือเปล่าครับ...
# -------------------------------------------------------------
# Author : Mr.Permpong Chaorungmethee (Mr.Alexa)
# WebSite :
http://www.zealzonecafe.com# MSN : permpongc@ฮ็อตเมล์.com
# Email :
alexa@zealzonecafe.com#
# Script : Traffic Control for Internet cafe' Business
# Type : 2 WAN (Game 1 Net 1)
#
# -------------------------------------------------------------
My_Local_Net=192.168.0.0/16
My_IP=192.168.0.254
PPP0_Mark=0x8000
PPP1_Mark=0x8001
# -------------------------------------------------------------
# Controls settings
# -------------------------------------------------------------
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter
echo "1" > /proc/sys/kernel/core_uses_pid
# -------------------------------------------------------------
# Flush all the rules in mangle table
# -------------------------------------------------------------
iptables -t mangle -F
modprobe ip_nat_ftp
modprobe ip_tables
modprobe iptable_nat
modprobe ipt_conntrack
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
modprobe ip_nat_irc
modprobe ip_nat_snmp_basic
# -------------------------------------------------------------
# reset the default policies in the filter table.
# -------------------------------------------------------------
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# -------------------------------------------------------------
# reset the default policies in the nat table.
# -------------------------------------------------------------
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
# -------------------------------------------------------------
# reset the default policies in the mangle table.
# -------------------------------------------------------------
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P POSTROUTING ACCEPT
iptables -t mangle -P INPUT ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
iptables -t mangle -P FORWARD ACCEPT
# -------------------------------------------------------------
# CANCEL OLD IP MASQUERADE
# -------------------------------------------------------------
# iptables -t nat -D POSTROUTING -o eth+ -j MASQUERADE > /dev/null
iptables -t nat -D POSTROUTING -s $My_Local_Net -o ppp0 -j MASQUERADE > /dev/null
iptables -t nat -D POSTROUTING -s $My_Local_Net -o ppp1 -j MASQUERADE > /dev/null
iptables -t nat -D POSTROUTING -s $My_Local_Net -o ppp2 -j MASQUERADE > /dev/null
# -------------------------------------------------------------
# MAKE NEW IP MASQUERADE
# -------------------------------------------------------------
# iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
iptables -t nat -A POSTROUTING -s $My_Local_Net -o ppp0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s $My_Local_Net -o ppp1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s $My_Local_Net -o ppp2 -j MASQUERADE
# ----- Squid
if [ -f /var/run/squid.pid ]; then
iptables -t nat -I PREROUTING -p tcp -m multiport --dports 80,5977 -j REDIRECT --to-port 3128
# CSO
iptables -t nat -I PREROUTING -p tcp -d 202.43.33.0/24 --dport 9898 -j REDIRECT --to-port 3128
# Transparent Mode
iptables -t filter -A INPUT -i eth1 -p tcp -m multiport --destination-port 80,5977,9898 -j ACCEPT
iptables -t filter -A OUTPUT -o eth1 -p tcp -m multiport --destination-port 80,5977,9898 -j ACCEPT
# SealOnline's Game Guard
iptables -t nat -I PREROUTING -p tcp -d 61.47.39.89 --dport 80 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d 61.47.39.88 --dport 80 -j ACCEPT
# SF's Game Guard
iptables -t nat -I PREROUTING -p tcp -d 61.90.203.4 --dport 80 -j ACCEPT
# Pangya
iptables -t nat -I PREROUTING -p tcp -d 58.64.24.163/24 --dport 80 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d 164.115.2.134/24 --dport 80 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d 203.195.98.6/24 --dport 80 -j ACCEPT
# DotA
iptables -t nat -I PREROUTING -p tcp -d 210.86.182.252/24 --dport 80 -j ACCEPT
# Laghaim
iptables -t nat -I PREROUTING -p tcp -d 61.90.198.122 --dport 80 -j ACCEPT
# LastChaos
iptables -t nat -I PREROUTING -p tcp -d 61.90.198.99/24 --dport 80 -j ACCEPT
# RAN
iptables -t nat -I PREROUTING -p tcp -d 202.142.207.240 --dport 80 -j ACCEPT
# ฮ็อตเมล์
iptables -t nat -I PREROUTING -p tcp -d 207.46.9.121/16 --dport 80 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d 65.55.113.23/16 --dport 80 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d 64.62.193.48/16 --dport 80 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d 8.12.221.126/16 --dport 80 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d 206.33.55.125/16 --dport 80 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d 12.129.210.41/16 --dport 80 -j ACCEPT
fi
# ----- Frox
if [ -f /var/run/frox.pid ]; then
iptables -t nat -I PREROUTING -p tcp --dport 21 -j REDIRECT --to-port 2121
# HipStreet for Frox
iptables -t nat -I PREROUTING -p tcp -d 58.97.46.0/24 --dport 8021 -j REDIRECT --to-port 2121
# Transparent Mode
iptables -t filter -A INPUT -i eth1 -p tcp -m multiport --destination-port 21,8021 -j ACCEPT
iptables -t filter -A OUTPUT -o eth1 -p tcp -m multiport --destination-port 21,8021 -j ACCEPT
fi
# #########################################################
# - START - multi wan 2 Line #
# #########################################################
# ----------------------------NOTE---------------------------------
# PPP0 = 0x8000 / PPP1 = 0x8001/ PPP2 = 0x8002
# ----------Create our own CHAINS----------
# ----- Create GOTO_GAME
iptables -t mangle -N GOTO_GAME
iptables -t mangle -F GOTO_GAME
iptables -t mangle -A GOTO_GAME -j MARK --set-mark $PPP0_Mark
iptables -t mangle -A GOTO_GAME -j ACCEPT
# ----- Create CHECK_STREAMING_WEBS
iptables -t mangle -N CHECK_STREAMING_WEBS
iptables -t mangle -F CHECK_STREAMING_WEBS
# Zheza.com
iptables -t mangle -A CHECK_STREAMING_WEBS -d 202.142.207.140 -j ACCEPT
# ----- Create CHECK_SERVICE_PORTS
iptables -t mangle -N CHECK_SERVICE_PORTS
iptables -t mangle -F CHECK_SERVICE_PORTS
iptables -t mangle -A CHECK_SERVICE_PORTS -p tcp -m multiport --dports 20:25,80,443,554,1863,5050,5190,3128,3130,8080,9099,16667 -j ACCEPT
iptables -t mangle -A CHECK_SERVICE_PORTS -p tcp -m multiport --dports 1863,6667,2009,2121,5977,6969,6889,8000,8021,9898 -j ACCEPT
iptables -t mangle -A CHECK_SERVICE_PORTS -p udp -m multiport --dports 20:25,80,443,554,1863,5050,5190,3128,3130,8080,9099,16667 -j ACCEPT
iptables -t mangle -A CHECK_SERVICE_PORTS -p udp -m multiport --dports 1863,6667,2009,2121,5977,6969,6889,8000,8021,9898 -j ACCEPT
# Dns
iptables -t mangle -A CHECK_SERVICE_PORTS -p tcp --destination-port 53 -j ACCEPT
iptables -t mangle -A CHECK_SERVICE_PORTS -p udp --destination-port 53 -j ACCEPT
# ----- Create CHECK_IPP2P
iptables -t mangle -N CHECK_IPP2P
iptables -t mangle -F CHECK_IPP2P
iptables -t mangle -A CHECK_IPP2P -m ipp2p --kazaa --gnu --edk --dc --bit --apple --soul --winmx --ares -j ACCEPT
# ----- Create CHECK_GAMES
iptables -t mangle -N CHECK_GAMES
iptables -t mangle -F CHECK_GAMES
# Abnormal game ports. CSO/Lineage2, check port of game patching. If so, using LoadBalance.
# CSO
iptables -t mangle -A CHECK_GAMES -d 202.43.33.0/24 -p tcp --dport 9898 -j ACCEPT
# LN2
iptables -t mangle -A CHECK_GAMES -d 61.90.199.6/32 -p tcp --dport 2009 -j ACCEPT
# Cabal patching?
# iptables -t mangle -A CHECK_GAMES -d 203.144.132.139/32 -p tcp --dport 6889 -j ACCEPT
iptables -t mangle -A CHECK_GAMES -d 203.144.132.0/24 -p tcp --dport 6969 -j ACCEPT
# SF's game guard?
# iptables -t mangle -A CHECK_GAMES -d 61.78.35.29 -p tcp --dport 6060 -j ACCEPT
# Audition Korean
iptables -t mangle -A CHECK_GAMES -d 210.118.53.0/24 -j GOTO_GAME
# Asiasoft
iptables -t mangle -A CHECK_GAMES -d 203.144.0.0/16 -j GOTO_GAME
# N-age, and <unknown games>
# iptables -t mangle -A CHECK_GAMES -d 203.146.0.0/16 -j GOTO_GAME
# Asiasoft International, SF,LN2
iptables -t mangle -A CHECK_GAMES -d 61.90.0.0/16 -j GOTO_GAME
# ProjectOne, DOMO
# iptables -t mangle -A CHECK_GAMES -d 61.19.0.0/16 -j GOTO_GAME
# RacyCity
iptables -t mangle -A CHECK_GAMES -d 61.19.242.0/24 -j GOTO_GAME
# Seal, HY, 3Kingdoms, 16, PVP
iptables -t mangle -A CHECK_GAMES -d 61.47.0.0/16 -j GOTO_GAME
# PFW, Eco
iptables -t mangle -A CHECK_GAMES -d 61.91.0.0/16 -j GOTO_GAME
# HipStreet
iptables -t mangle -A CHECK_GAMES -d 58.97.46.10/32 -j GOTO_GAME
iptables -t mangle -A CHECK_GAMES -d 58.97.46.16/32 -j GOTO_GAME
# Pangya, Rebirth, Pucca, Flyff
iptables -t mangle -A CHECK_GAMES -d 58.64.0.0/16 -j GOTO_GAME
# DotA, Getamped
iptables -t mangle -A CHECK_GAMES -d 210.86.0.0/16 -j GOTO_GAME
# LunaOnline, pko, water, SDO, Secret, RYL
iptables -t mangle -A CHECK_GAMES -d 202.43.0.0/16 -j GOTO_GAME
# RAN
iptables -t mangle -A CHECK_GAMES -d 202.142.207.0/24 -j GOTO_GAME
# TalesRunner
iptables -t mangle -A CHECK_GAMES -d 203.113.0.0/16 -j GOTO_GAME
# GG
iptables -t mangle -A CHECK_GAMES -d 74.55.122.70/24 -j GOTO_GAME
# iptables -t mangle -A CHECK_GAMES -d 74.55.122.70:8687 -j GOTO_GAME
# iptables -t mangle -A CHECK_GAMES -d 74.53.215.8:7456 -j GOTO_GAME
# NosTale
iptables -t mangle -A CHECK_GAMES -d 203.121.165.196/24 -j GOTO_GAME
# ----- Create CHECK_BONUS
iptables -t mangle -N CHECK_BONUS
iptables -t mangle -F CHECK_BONUS
iptables -t mangle -A CHECK_BONUS -d secure1.asiasoft.co.th -p tcp -m multiport --dports 443 -j GOTO_GAME
iptables -t mangle -A CHECK_BONUS -d secure2.asiasoft.co.th -p tcp -m multiport --dports 443 -j GOTO_GAME
# ----- ----- ----- ----- ----- ----- ----- ----- #
# ----- Load Balance
# ----- ----- ----- ----- ----- ----- ----- ----- #
# ----- Check all ppp interfaces
PPP0=`/sbin/ifconfig | grep "ppp0"`
PPP1=`/sbin/ifconfig | grep "ppp1"`
ppp0=0;ppp1=0;ppp2=0;
if [ -n "$PPP0" ]; then
ppp0=1
else
ppp0=0
fi
if [ -n "$PPP1" ]; then
ppp1=1
else
ppp1=0
fi
LBStatus=$ppp0$ppp1
# ----- Get PPP and Gateway Address
ppp0_addr=`ifconfig | grep -A1 ppp0 | tail -1 | cut -d : -f 2 | cut -f 1 -d " "`
ppp1_addr=`ifconfig | grep -A1 ppp1 | tail -1 | cut -d : -f 2 | cut -f 1 -d " "`
ppp0_gw=`ip route | grep ppp0 | head -1 | cut -f 1 -d " "`
ppp1_gw=`ip route | grep ppp1 | head -1 | cut -f 1 -d " "`
# ----- check status before setting LoadBalance
if [ $LBStatus -eq 11 ]; then
iptables -t mangle -F GOTO_GAME
iptables -t mangle -A GOTO_GAME -j MARK --set-mark $PPP0_Mark
iptables -t mangle -A GOTO_GAME -j ACCEPT
ip route replace default table 250 proto static nexthop via $ppp1_gw dev ppp1 weight 200
elif [ $LBStatus -eq 10 ]; then
iptables -t mangle -F GOTO_GAME
iptables -t mangle -A GOTO_GAME -j MARK --set-mark $PPP0_Mark
iptables -t mangle -A GOTO_GAME -j ACCEPT
ip route replace default table 250 proto static nexthop via $ppp0_gw dev ppp0 weight 200
elif [ $LBStatus -eq 01 ]; then
iptables -t mangle -F GOTO_GAME
iptables -t mangle -A GOTO_GAME -j MARK --set-mark $PPP1_Mark
iptables -t mangle -A GOTO_GAME -j ACCEPT
ip route replace default table 250 proto static nexthop via $ppp1_gw dev ppp1 weight 200
fi
# ----------START rule adding----------
# Firstly, Allow to add IP-Bonus via ppp0
iptables -t mangle -A PREROUTING -p tcp -s $My_Local_Net -j CHECK_BONUS
# ipp2p
iptables -t mangle -A PREROUTING -s $My_IP -j CHECK_IPP2P
iptables -t mangle -A OUTPUT -s $My_IP -j CHECK_IPP2P
iptables -t mangle -A FORWARD -s $My_IP -j CHECK_IPP2P
iptables -t mangle -A PREROUTING -d $My_IP -j CHECK_IPP2P
iptables -t mangle -A OUTPUT -d $My_IP -j CHECK_IPP2P
iptables -t mangle -A FORWARD -d $My_IP -j CHECK_IPP2P
# Service Ports
iptables -t mangle -A PREROUTING -j CHECK_SERVICE_PORTS
iptables -t mangle -A OUTPUT -j CHECK_SERVICE_PORTS
# iptables -t mangle -A FORWARD -j CHECK_SERVICE_PORTS
# Streaming Webs
iptables -t mangle -A PREROUTING -j CHECK_STREAMING_WEBS
# Games
# PREROUTING
iptables -t mangle -A PREROUTING -p all -j CHECK_GAMES
# DotA
# Create DotA
iptables -t mangle -A PREROUTING -p tcp -m multiport --sports 7051:7080,7101:7160 -j GOTO_GAME
iptables -t mangle -A PREROUTING -p udp -m multiport --sports 7051:7080,7101:7160 -j GOTO_GAME
# Join DotA
iptables -t mangle -A PREROUTING -p tcp -m multiport --dports 6101:6200,7101:7200 -j GOTO_GAME
iptables -t mangle -A PREROUTING -p udp -m multiport --dports 6101:6200,7101:7200 -j GOTO_GAME
# BF2
iptables -t mangle -A PREROUTING -p tcp --sport 4711 --dport 4711 -j GOTO_GAME
iptables -t mangle -A PREROUTING -p tcp -m multiport --dports 29900,29901,29920,28910 -j GOTO_GAME
iptables -t mangle -A PREROUTING -p udp -m multiport --dports 27900,29900,29910,27901,55123:55570,1500:4999,16567:16568 -j GOTO_GAME
# Allow ipp2p only me
iptables -t filter -D FORWARD -s $My_IP -m ipp2p --kazaa --gnu --edk --dc --bit --apple --soul --winmx --ares -j ACCEPT
iptables -t filter -I FORWARD -s $My_IP -m ipp2p --kazaa --gnu --edk --dc --bit --apple --soul --winmx --ares -j ACCEPT
iptables -t filter -D FORWARD -d $My_IP -m ipp2p --kazaa --gnu --edk --dc --bit --apple --soul --winmx --ares -j ACCEPT
iptables -t filter -I FORWARD -d $My_IP -m ipp2p --kazaa --gnu --edk --dc --bit --apple --soul --winmx --ares -j ACCEPT
# Allow ipp2p for Special Games (FIFA Online 2)
iptables -t filter -D FORWARD -p all -s 61.91.68.0/24 -j ACCEPT
iptables -t filter -I FORWARD -p all -s 61.91.68.0/24 -j ACCEPT
iptables -t filter -D FORWARD -p all -d 61.91.68.0/24 -j ACCEPT
iptables -t filter -I FORWARD -p all -d 61.91.68.0/24 -j ACCEPT
# No match, use Load Balance
iptables -t mangle -A PREROUTING -i eth1 -j ACCEPT
# ----- END rule adding
# #########################################################
# - END - multi wan 2 Line #
# #########################################################
ติดต่อโฆษณา 