#"/bin/bash
#ETH1 rede local 192.168.1.0/24
#ETH3 Net -Speedy
#######Carregando Modulos######
modprobe iptable_nat
echo "Carga de Modulos >>>>>>>>>>>>[OK]"
########Limpando Regras########
iptables -F
iptables -Z
iptables -X
iptables -t nat -F
iptables -t nat -Z
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -Z
iptables -t mangle -X
echo "Regras Limpas >>>>>>>>>>>>>>>[OK]"
##########Politicas Padroes#######
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
echo "Politicas P. >>>>>>>>>>>>>>>>[OK]"
#########Liberar Loopback############
iptables -A INPUT -i lo -j ACCEPT
#iptables -A INPUT -i lo -o eth3 -j ACCEPT
echo "Loopback >>>>>>>>>>>>>>>>>>> [OK]"
#########SSHD########
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
echo "SSH >>>>>>>>>>>>>>>>>>>>>>>>>[OK]"
#########Firewall Pinga Net###########
iptables -A INPUT -p icmp -i ppp0 -s 0/0 -m state --state RELATED,ESTABLISHED -j ACCEPT
echo "Firewall-Net >>>>>>>>>>>>>>>>[OK]"
##########Lan Pinga Firewall#########
iptables -A INPUT -p icmp -i eth1 -s 192.168.1.0/24 -j ACCEPT
echo "Lan-Firewall >>>>>>>>>>>>>>>>[OK]"
########Lan Pinga Net#########
iptables -A FORWARD -i eth1 -s 192.168.1.0/24 -o eth3 -d 0/0 -p icmp -j ACCEPT
echo "Lan-Net >>>>>>>>>>>>>>>>>>>>>[OK]"
#########DNS###############
iptables -A FORWARD -o eth3 -d 0/0 -p udp --dport 53 -j ACCEPT
echo "Dns >>>>>>>>>>>>>>>>>>>>>>>>>[OK]"
#########Lan Acessa Net#########
iptables -A FORWARD -i eth1 -s 192.168.1.0/24 -o ppp0 -d 0/0 -p tcp -m multiport --dport 25,80,110,443 -j ACCEPT
iptables -A FORWARD -i ppp0 -s 0/0 -o eth1 -d 192.168.1.0/24 -m state --state RELATED,ESTABLISHED -j ACCEPT
echo "Lan Acessa a Net >>>>>>>>>>>>[OK]"
#########Liberando Resposta######
iptables -A INPUT -i ppp0 -s 0/0 -m state --state RELATED,ESTABLISHED -j ACCEPT
echo "Liberando Resposta >>>>>>>>>>[OK]"
##########Squid##################
#iptables -t nat -A PREROUTING -i eth1 -p tcp -m multiport --dport 80,443 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -d 192.168.1.0/24 -p tcp -m multiport --dport 80,443 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.2:3128
#iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.2:3128
echo "Squid +++++++++++++++++++++++[OK]
###########Compartilha Net###########
echo "1" > /proc/sys/net/ipv4/ip_forward
#iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth3 -j MASQUERADE
#echo "Compartilha Net >>>>>>>>>>>>[OK]"
iptables -P FORWARD ACCEPT
#iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o ppp0 -j MASQUERADE
iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o ppp0 -j MASQUERADE
echo "Compartilha Net PPPOE >>>>>>>[OK]"