[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

IPtables

Olá pessoal!
Estou precisando de um ajuda!
Tenho um firewall com iptables e squid. So que quando rodo o meu script de iptables a maquina não reconhece mais o dns q esta colocado no revolv.conf.
Alguem saberia me dizer q estou fazendo de errado!
Desde já obrigado!
#!/bin/bash
INTERFACE_INTERNA=eth0
INTERFACE_EXTERNA=eth1
echo 1 > /proc/sys/net/ipv4/ip_forward
#Limpa os chains
iptables -F
iptables -t filter -F
iptables -t nat -F
#Tabela filter
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
#tabela nat
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING DROP
#tablea mangle
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
#iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA -j ACCEPT
iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p tcp --dport 3128 -j ACCEPT
iptables -t filter -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p tcp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_EXTERNA -o eth1 -j ACCEPT
iptables -A FORWARD -i $INTERFACE_EXTERNA -o $INTERFACE_INTERNA -j ACCEPT
#iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_EXTERNA -p tcp -dport 80 -o eth1 -j ACCEPT
#iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_EXTERNA -p tcp -dport 443 -o eth1 -j ACCEPT
#roteamento
iptables -t nat -A POSTROUTING -o lo -j ACCEPT
#iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o $INTERFACE_EXTERNA -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o $INTERFACE_EXTERNA -j SNAT --to 192.168.1.250
##################Redirecionamento#######################
#iptables -t nat -A PREROUTING -p tcp -i $INTERFACE_INTERNA --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -p udp -i $INTERFACE_INTERNA --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -p tcp -i $INTERFACE_INTERNA --dport 443 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -p udp -i $INTERFACE_INTERNA --dport 443 -j REDIRECT --to-port 3128

Yahoo! doce lar. Faça do Yahoo! sua homepage.
Reply to: