problemas com iptables

To: debian-user-portuguese@lists.debian.org
Subject: problemas com iptables
From: "Clayton Nogueira" <clayton.nog@gmail.com>
Date: Wed, 4 Jul 2007 12:55:34 -0300
Message-id: <[🔎] 6ed8139b0707040855k20ba9144nf1a316dec6713909@mail.gmail.com>

Pessoal eu fiz um script de firewall, mas quando coloco ele pra rodar
a internet da minha empresa cai e dá uma zica só... Alguem pode dar
uma olhada/avaliada e dizer no que estou errando ?

Segue abaixo, abraços.

#!/bin/bash
################################################
#SRV-Firewall Novamarca500 - Interface 2007    #
#Clayton Nogueira - clayton@interfacenet.com.br#
################################################
#
iniciar(){
echo "Iniciando regras de Firewall"

#Modulos
modprobe ip_tables
modprobe iptable_filter
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe ipt_LOG
modprobe ipt_state
modprobe ipt_MASQUERADE
modprobe iptable_nat

#Padrao
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

#Proxy transparente
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT
--to-port 3128
iptables -t nat -A POSTROUTING -o eth1 -p tcp --sport 3128 -j ACCEPT

#INPUT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 3128 -j ACCEPT
iptables -A INPUT -p tcp --syn -s 10.0.0.0/8 -j ACCEPT

#Redirecionamento de portas

#FTP, porta 21
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 21 -j DNAT
--to-destination 10.0.0.14
iptables -t nat -A POSTROUTING -s 10.0.0.14 -j SNAT --to-source 10.0.0.1

#SSH, porta 22
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 22 -j DNAT
--to-destination 10.0.0.14
iptables -t nat -A POSTROUTING -s 10.0.0.14 -j SNAT --to-source 10.0.0.1

#Forward de portas
iptables -A FORWARD -p udp -s 10.0.0.0/8 -i eth1 -o eth0 --dport 25 -j ACCEPT
iptables -A FORWARD -p udp -s 10.0.0.0/8 -i eth1 -o eth0 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 10.0.0.0/8 -i eth1 -o eth0 --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp -s 10.0.0.0/8 -i eth1 -o eth0 --dport 5405 -j ACCEPT
iptables -A FORWARD -p tcp -s 10.0.0.0/8 -i eth1 -o eth0 --dport 1863
-j ACCEPT #msn

iptables -A FORWARD -p udp -i eth0 -o eth1 --sport 25 -j ACCEPT
iptables -A FORWARD -p udp -i eth0 -o eth1 --sport 53 -j ACCEPT
iptables -A FORWARD -p udp -i eth0 -o eth1 --sport 110 -j ACCEPT
iptables -A FORWARD -p tcp -i eth0 -o eth1 --sport 5405 -j ACCEPT
iptables -A FORWARD -p tcp -i eth0 -o eth1 --sport 1863 -j ACCEPT

#Mascaramento
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

#Compartilha a internet
echo "1"> /proc/sys/net/ipv4/ip_forward

echo "Regras de Firewall ATIVADAS"
}
parar(){
iptables -F
iptables -t nat -F
iptables -t mangle -F
echo "Regras de Firewall DESATIVADAS"
}
case "$1" in
"start")iniciar;;
"stop")parar;;
"restart")parar; iniciar;;
*)echo "Use os parametros start ou stop"
esac

--
Att,
Clayton Nogueira
Analista de Suporte
Linux User nro. #448808

Reply to:

Follow-Ups:
- Re: problemas com iptables
  - From: Junior Polegato - Linux <linux@juniorpolegato.com.br>
- Re: problemas com iptables
  - From: "Edson Marquezani Filho" <edsonmarquezani@gmail.com>

Prev by Date: Re: Inteface para shell script
Next by Date: Usar e-token no Linux
Previous by thread: Re: Inteface para shell script
Next by thread: Re: problemas com iptables
Index(es):
- Date
- Thread