Cara o ping vai funcionar pois seu script (abaixo) quando você da um
stop nele ele não "fecha" o forwarding ... tenta fazer assim:
parar(){
echo 0> /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -F -t nat
}
Veja se depois de executar o stop (parar) ele continua conseguindo
"pingar" o terra.
Até+
Em 25-04-2011 09:54, Diác. Moretti escreveu:
#!/bin/bash
>>>>>
>>>>> # ... Interface da internet
>>>>> ifinternet="eth0"
>>>>>
>>>>> # ... Interface da rede local
>>>>> iflocal="eth1"
>>>>>
>>>>> iniciar(){
>>>>> modprobe iptable_nat
>>>>> echo 1> /proc/sys/net/ipv4/ip_forward
>>>>> iptables -t nat -A POSTROUTING -o $ifinternet -j MASQUERADE
>>>>> # iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
>>>>> echo 1> /proc/sys/net/ipv4/conf/default/rp_filter
>>>>> iptables -A INPUT -m state --state INVALID -j DROP
>>>>> iptables -A INPUT -i lo -j ACCEPT
>>>>> iptables -A INPUT -i $iflocal -j ACCEPT
>>>>> iptables -A INPUT -p tcp --dport 22 -j ACCEPT
>>>>> iptables -A INPUT -p tcp --syn -j DROP
>>>>> }
>>>>>
>>>>> parar(){
>>>>> iptables -F
>>>>> iptables -F -t nat
>>>>> }
>>>>>
>>>>> case "$1" in
>>>>> "start") iniciar;;
>>>>> "stop") parar;;
>>>>> "restart") parar; iniciar;;
>>>>> *) echo "Use os parametros start ou stop"
>>>>> esac
>>>>>
>>>>>