Firewall Etch

To: debian-user-portuguese@lists.debian.org
Subject: Firewall Etch
From: Murilo <murilopz@gmail.com>
Date: Tue, 17 Jul 2007 17:03:54 -0000
Message-id: <[🔎] 1184691834.656720.191680@i13g2000prf.googlegroups.com>

Estou fazendo um firewall aqui pra empresa e consigo colocar ele no ar
e tudo certo, mas nao sei por que nao consigo compartilhar a conexao
da internet com o restante da rede.

O pior que o msn, skype e ate o ping tudo funciona. Somente na hora de
navegar que ele nao vai.

Se alguem puder me dar uma luz, fico agradecido. Eu tenho uma unica
interface de rede. minha conexao eh com ip fixo

interface eth0: 200.200.200.0 (ip da net)
interface eh0:1: 192.168.0.8 (ip da maquina)

#!/bin/bash
#Regras de Firewall

#Definir Variaveis
IPT=/sbin/iptables
REDE="192.168.0.0/24"
PA="1024:65535"
PL="25,53,80,110,143,443" #Portas Liberadas
#25(SMTP),53(DNS),80(WEB),110(POP),443(HTTPS)
INTRA="eth0"    #Intranet
INTER="eth0"    #Internet
IPNET=" 200.200.200.0"
IPREDE="192.168.0.8"
IPDNS="200.255.255.65"
WEB=" 192.168.0.7" #Maquina com Squid

#Limpando regras
$IPT -F
$IPT -X

#Liberando Ipforward
echo "1" > /proc/sys/net/ipv4/ip_forward

#Nega tudo por padrao
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT

#Criando o STATEFUL
$IPT -A INPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
$IPT -A OUTPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
$IPT -A FORWARD -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT

#Mascaramento
$IPT -t nat -A POSTROUTING -s $REDE -o $INTER -j MASQUERADE

#Libera Ping
$IPT -A INPUT -p icmp --icmp-type echo-request -s 0/0 -d $IPREDE -j
ACCEPT
$IPT -A OUTPUT -p icmp --icmp-type echo-reply -s $IPREDE -d 0/0 -j
ACCEPT

#Libera SSH
$IPT -A INPUT -s 0/0 -i $INTER -p tcp --dport 22 -j ACCEPT

#Libera Resolucao de Nomes (DNS - Servidor/Cliente)
$IPT -A OUTPUT -p udp -s $REDE --sport $PA -d $IPDNS --dport 53 -j
ACCEPT
$IPT -A INPUT -p udp -s $IPDNS --sport 53 -d $REDE --dport $PA -j
ACCEPT
$IPT -A INPUT -p udp -s $REDE --sport $PA -d $IPREDE --dport 53 -j
ACCEPT
$IPT -A OUTPUT -p udp -s $IPREDE --sport 53 -d $REDE --dport $PA -j
ACCEPT

#Libera Saida do Firewall
$IPT -A OUTPUT -m multiport -d 0/0 -p tcp --dport $PL -j ACCEPT
$IPT -A OUTPUT -m multiport -d 0/0 -p udp --dport $PL -j ACCEPT
$IPT -A FORWARD -m multiport -s $REDE -d 0/0 -p tcp --dport $PL -j
ACCEPT
$IPT -A FORWARD -m multiport -s $REDE -d 0/0 -p udp --dport $PL -j
ACCEPT

#Analise e LOGs
$IPT -A INPUT -j LOG --log-prefix "INPUT NAO DECLARADO"
$IPT -A OUTPUT -j LOG --log-prefix "OUTPUT NAO DECLARADO"
$IPT -A FORWARD -j LOG --log-prefix "FORWARD NAO DECLARADO"

Reply to:

Follow-Ups:
- Re: Firewall Etch
  - From: "Leonardo Coelho" <leonardoscoelho@gmail.com>
- Re: Firewall Etch
  - From: Denis <denismpa@gmail.com>

Prev by Date: Re: [OT] Expresão regular para filtar URL
Next by Date: Re: Firewall Etch
Previous by thread: Re: [OT] Expresão regular para filtar URL
Next by thread: Re: Firewall Etch
Index(es):
- Date
- Thread