julianln
(usa Red Hat)
Enviado em 24/08/2010 - 16:00h
Segue o conteudo do arquivo. Pretendo colocar dois ips que consigam acessar qualquer site sem restrição. IP: 192.168.1.221 e 222
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -t nat -F
iptables -X
iptables -X -t nat
iptables -Z
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
####> NAT: Windows Terminal Service
iptables -t nat -A PREROUTING -p tcp -d 189.52.81.10 --dport 3389 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -p tcp -d 189.52.81.11 --dport 3389 -j DNAT --to 192.168.1.3
####> Mascaramento
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to 189.52.81.10
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to 189.52.81.10
iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -j SNAT --to 189.52.81.10
####> Barrando o acesso direto a sites pelas Estacoes
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DROP
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DROP
####> Regras INPUT
iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1/32 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 563 -j ACCEPT
iptables -A INPUT -p tcp --dport 2083 -j ACCEPT
iptables -A INPUT -p udp --dport 2083 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -s 192.168.0.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -s 192.168.3.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -i eth0 -j DROP
##> RED Factoring
iptables -A INPUT -p tcp --dport 8001 -j ACCEPT
iptables -A INPUT -p udp --dport 8001 -j ACCEPT
iptables -A INPUT -p udp --dport 1024:65535 -j ACCEPT
####> Regras FORWARD
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p icmp -j ACCEPT
iptables -A FORWARD -p tcp --syn -j ACCEPT
iptables -A FORWARD -p tcp --dport 20 -j ACCEPT
iptables -A FORWARD -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -p tcp --dport 22 -j ACCEPT
##> SMTP mail.serigy.com.br
iptables -A FORWARD -p tcp --dport 25 -s 192.168.1.0/24 -d 200.241.52.11 -j ACCEPT
iptables -A FORWARD -p tcp --dport 25 -s 192.168.3.0/24 -d 200.241.52.11 -j ACCEPT
##> SMTP smtp.aguadiasdavila.com.br
iptables -A FORWARD -p tcp --dport 25 -s 192.168.1.0/24 -d 66.135.35.39 -j ACCEPT
iptables -A FORWARD -p tcp --dport 25 -s 192.168.3.0/24 -d 66.135.35.39 -j ACCEPT
iptables -A FORWARD -p udp --dport 53 -j ACCEPT
##> Acesso direto a Navegacao
iptables -A FORWARD -p tcp --dport 80 -s 192.168.0.3/32 -d 0/0 -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -s 192.168.1.3/32 -d 0/0 -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -s 192.168.1.109/32 -d 0/0 -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -s 192.168.1.116/32 -d 0/0 -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -s 192.168.1.221/32 -d 0/0 -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -s 192.168.1.222/32 -d 0/0 -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -s 192.168.3.50/32 -d 0/0 -j ACCEPT
##> POP3 mail.serigy.com.br
iptables -A FORWARD -p tcp --dport 110 -s 192.168.1.0/24 -d 200.241.52.11 -j ACCEPT
iptables -A FORWARD -p tcp --dport 110 -s 192.168.3.0/24 -d 200.241.52.11 -j ACCEPT
##> POP3 pop.aguadiasdavila.com.br
iptables -A FORWARD -p tcp --dport 110 -s 192.168.1.0/24 -d 66.135.35.39 -j ACCEPT
iptables -A FORWARD -p tcp --dport 110 -s 192.168.3.0/24 -d 66.135.35.39 -j ACCEPT
iptables -A FORWARD -p tcp --dport 443 -j ACCEPT
##> POP3s UOL
iptables -A FORWARD -p tcp --dport 995 -j ACCEPT
##> Insite CPanel
iptables -A FORWARD -p tcp --dport 2083 -j ACCEPT
iptables -A FORWARD -p udp --dport 2083 -j ACCEPT
##> Caixa-SEFIP
iptables -A FORWARD -p tcp --dport 2631 -j ACCEPT
##> Restaurante - Ricardo
iptables -A FORWARD -p tcp --dport 3130 -j ACCEPT
iptables -A FORWARD -p udp --dport 3130 -j ACCEPT
##> Terminal Server
iptables -A FORWARD -p tcp --dport 3389 -i eth0 -d 192.168.1.1/32 -j ACCEPT
iptables -A FORWARD -p tcp --dport 3389 -i eth0 -d 192.168.1.3/32 -j ACCEPT
##> RED Factoring
iptables -A FORWARD -p tcp --dport 8001 -j ACCEPT
##> SEFAZN Bahia
iptables -A FORWARD -p tcp --dport 8017 -j ACCEPT
##> Bradesco Cobranca
iptables -A FORWARD -p tcp --dport 30000 -j ACCEPT
iptables -A FORWARD -p udp --dport 1024:65535 -j ACCEPT
##> Caixa-CONECTIVIDADE SOCIAL
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -d 200.201.174.0/24 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.3.0/24 -d 200.201.174.0/24 -j ACCEPT
##> Banco Rural
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -d 200.251.125.14/32 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -d 200.251.125.65/32 -j ACCEPT