Pessoal, estou tentando redirecionar algumas portas da minha rede internar, mas eu não consigo, por exemplo, tenho um outro pc com servidor web, o ip dele é 10.1.1.100 e a porta do server é 5000.
E tb não estou conseguindo deixar o emule com o ID ALTA, ai segue o meu firewall...
ETH0 = 192.168.1.30 (INTERNET)
ETH1 = 10.1.1.254 (INTRANET)
IPTABLES=/usr/sbin/iptables
MODPROBE=/sbin/modprobe
LOCALHOST=lo
ETH0_INTERNET=eth0
ETH1_INTRANET=eth1
REDE_ETH0=192.168.1.0/24
REDE_ETH1=10.1.1.0/24
IP_ETH0=192.168.1.30
IP_ETH1=10.1.1.254
################ Limpando Regras
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -t nat -F PREROUTING
$IPTABLES -t nat -F POSTROUTING
$IPTABLES -t nat -F OUTPUT
################ Definindo a Politica Default das Cadeias
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP
################ Desabilitando o tráfego IP Entre as Placas de Rede
echo "0" > /proc/sys/net/ipv4/ip_forward
################ Configurando a Proteção anti-spoofing
echo " Setting anti-spoofing .....[ OK ]"
for spoofing in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo "1" > $spoofing
done
################ Carregando os Modulos
$MODPROBE ip_tables
$MODPROBE iptable_filter
$MODPROBE iptable_mangle
$MODPROBE iptable_nat
$MODPROBE ipt_MASQUERADE
$MODPROBE ipt_conntrack
$MODPROBE ip_conntrack
$MODPROBE ip_conntrack_ftp
$MODPROBE ip_conntrack_irc
$MODPROBE ip_nat_ftp
$MODPROBE ip_nat_irc
$MODPROBE ip_nat_snmp_basic
################ INPUT INPUT INPUT INPUT INPUT
################ Cadeia de Entrada. Esta cadeia, no iptables, só vale para o próprio host
# Qualquer pacote Ip que venha do localhost, Ok.
$IPTABLES -A INPUT -i $LOCALHOST -j ACCEPT
# Qualquer pacote Ip que venha da rede interna.
$IPTABLES -A INPUT -i $ETH1_INTRANET -j ACCEPT
# No iptables, temos de dizer quais sockets sãvalidos em uma conexao
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Habilitando alguns tipos de Ping
$IPTABLES -A INPUT -p icmp -s 0/0 --icmp-type 0 -j ACCEPT
$IPTABLES -A INPUT -p icmp -s 0/0 --icmp-type 3 -j ACCEPT
$IPTABLES -A INPUT -p icmp -s 0/0 --icmp-type 8 -j ACCEPT
$IPTABLES -A INPUT -p icmp -s 0/0 --icmp-type 11 -j ACCEPT
# Permite o acesso via ssh pela porta 22000
#/sbin/iptables -t filter -I INPUT -i $ETH0_INTERNET -p tcp --dport 22000 -j ACCEPT
################ Cadeia de Reenvio ( FORWARD ).
# Primeiro, vamos ativar o mascaramento ( nat ).
$IPTABLES -t nat -F POSTROUTING
$IPTABLES -t nat -A POSTROUTING -o $ETH0_INTERNET -j MASQUERADE
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#Acesso remoto via vnc
#Estas regras nao estao funcionando, parece que nao direciona os pacotes.
# COMPUTADOR DO EDUARDO - ACEITA TODOS OS PACOTES
$IPTABLES -A FORWARD -s 10.1.1.100 -j ACCEPT
#Direcionando as requisicoes da porta 80 para a 3128(squid)
$IPTABLES -t nat -A PREROUTING -i $ETH1_INTRANET -p tcp --dport 80 -j REDIRECT --to-port 3128
#Quem e o que podem acessar externamente
#Portas seguras para acesso a bancos (https)
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --sport 443 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --dport 443 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --sport 444 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --dport 444 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --sport 447 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --dport 447 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --sport 563 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --dport 563 -d 0/0 -j ACCEPT
#Portas seguras para acesso a bancos (https)
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --sport 443 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --dport 443 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --sport 444 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --dport 444 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --sport 447 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --dport 447 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --sport 563 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --dport 563 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --sport 7443 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --dport 7443 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --sport 25 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --dport 25 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --sport 110 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --dport 110 -d 0/0 -j ACCEPT
# DNS
$IPTABLES -A FORWARD -p udp -s $REDE_ETH1 --sport 53 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p udp -s $REDE_ETH1 --dport 53 -d 0/0 -j ACCEPT
# WWW
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --sport 80 -d 0/0 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --dport 80 -d 0/0 -j ACCEPT
# FTP
$IPTABLES -A FORWARD -p tcp -s $REDE_ETH1 --dport 21 -d 0/0 -j ACCEPT
echo " VNC ...............[ OK ]"
# Habilitando o tráfego Ip, entre as Interfaces de rede
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " Firewall ...............[ OK ]"
SE ALGUEM PUDER ME AJUDAR, EU AGRADEÇO!!!