[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables

Leandro Orílio escreveu:


Olá pessoal!
Estou precisando de um ajuda!
Tenho um firewall com iptables e squid. So que quando rodo o meu script de iptables a maquina não reconhece mais o dns q esta colocado no revolv.conf. 
Alguem saberia me dizer q estou fazendo de errado!
Desde já obrigado!
#!/bin/bash
INTERFACE_INTERNA=eth0
INTERFACE_EXTERNA=eth1
echo 1 > /proc/sys/net/ipv4/ip_forward
#Limpa os chains
iptables -F
iptables -t filter -F
iptables -t nat -F
#Tabela filter
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
#tabela nat
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING DROP
#tablea mangle
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
#iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA -j ACCEPT
iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p tcp --dport 22 -j ACCEPT iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p tcp --dport 80 -j ACCEPT iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p tcp --dport 3128 -j ACCEPT iptables -t filter -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p tcp --dport 53 -j ACCEPT iptables -t filter -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p udp --dport 53 -j ACCEPT iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_EXTERNA -o eth1 -j ACCEPT 
iptables -A FORWARD -i $INTERFACE_EXTERNA -o $INTERFACE_INTERNA -j ACCEPT
#iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_EXTERNA -p tcp -dport 80 -o eth1 -j ACCEPT #iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_EXTERNA -p tcp -dport 443 -o eth1 -j ACCEPT 
#roteamento
iptables -t nat -A POSTROUTING -o lo -j ACCEPT
#iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o $INTERFACE_EXTERNA -j MASQUERADE iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o $INTERFACE_EXTERNA -j SNAT --to 192.168.1.250 
##################Redirecionamento#######################
#iptables -t nat -A PREROUTING -p tcp -i $INTERFACE_INTERNA --dport 80 -j REDIRECT --to-port 3128 #iptables -t nat -A PREROUTING -p udp -i $INTERFACE_INTERNA --dport 80 -j REDIRECT --to-port 3128 #iptables -t nat -A PREROUTING -p tcp -i $INTERFACE_INTERNA --dport 443 -j REDIRECT --to-port 3128 #iptables -t nat -A PREROUTING -p udp -i $INTERFACE_INTERNA --dport 443 -j REDIRECT --to-port 3128
Yahoo! doce lar. Faça do Yahoo! sua homepage. <http://us.rd.yahoo.com/mail/br/tagline/homepage_set/*http://br.yahoo.com/homepageset.html> 


Amigo vc ce tem que liberar na FORWARD tbm a porta 53
iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p tcp --dport 53 -j ACCEPT iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p udp --dport 53 -j ACCEPT
Reply to: