Pessoal estou trocando meu script de firewall para a policy drop, só que meu proxy não quer funcionar de maneira transparente, colocando manual funfa.
Segue abaixo o script pra analise: (desculpe pelo tamanho!)
#############################################################################################
# Firewall NetPerdizes #
# #
# Descricao : Responsavel pela funcionamento do sistema de firewall baseado em $iptables. #
# Data : 10/08/2005 #
# #
# eth1:10.0.1.1:255.0.0.0 (Rede Interna) #
# eth0:200.202.216.194:255.255.255.224 (Rede Externa - Link) #
#############################################################################################
# Variaveis
# -------------------------------------------------------------------------------------------
iptables=/usr/sbin/iptables
# Ativa Módulos
# -------------------------------------------------------------------------------------------
/sbin/modprobe iptable_nat
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
# Ativa Roteamento via Kernel
# -------------------------------------------------------------------------------------------
echo "1" > /proc/sys/net/ipv4/ip_forward
# Proteção conta IP Spoof
# -------------------------------------------------------------------------------------------
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# POLÍTICA DO FIREWALL - Deny (Barra tudo e vai liberando)
# -------------------------------------------------------------------------------------------
$iptables -P INPUT DROP
$iptables -P FORWARD DROP
$iptables -P OUTPUT DROP
# LIMPEZA DE REGRAS
# -------------------------------------------------------------------------------------------
$iptables -F
$iptables -t nat -F
$iptables -t mangle -F
$iptables -X
$iptables -t nat -X
$iptables -t mangle -X
# Permite acesso ao localhost
# -------------------------------------------------------------------------------------------
$iptables -A INPUT -i lo -j ACCEPT
$iptables -A OUTPUT -o lo -j ACCEPT # squid
$iptables -A OUTPUT -s 10.0.1.1 -j ACCEPT
$iptables -A OUTPUT -s 200.202.216.194 -j ACCEPT
# CHAIN: liberadas
# -------------------------------------------------------------------------------------------
$iptables -N liberadas
$iptables -A INPUT -i eth0 -j liberadas
$iptables -A FORWARD -i eth0 -o eth1 -j liberadas
$iptables -A OUTPUT -o eth0 -j liberadas
$iptables -A OUTPUT -o eth1 -j liberadas
$iptables -A liberadas -p TCP --dport 53 -j ACCEPT
$iptables -A liberadas -p UDP --dport 53 -j ACCEPT
# Permitindo que o FW tenha acesso a servidores TFTP
# -------------------------------------------------------------------------------------------
$iptables -A OUTPUT -s 127.0.0.1 -p TCP --dport 69 -j ACCEPT
$iptables -A OUTPUT -s 127.0.0.1 -p UDP --dport 69 -j ACCEPT
# CHAIN: QoS - otimização de pacotes
# -------------------------------------------------------------------------------------------
$iptables -t mangle -A PREROUTING -p icmp -j TOS --set-tos 0x10
$iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 22 -j TOS --set-tos 0x10
$iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 22 -j TOS --set-tos 0x10
$iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 20 -j TOS --set-tos 0x10
$iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 20 -j TOS --set-tos 0x10
$iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 21 -j TOS --set-tos 0x10
$iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 21 -j TOS --set-tos 0x10
$iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 25 -j TOS --set-tos 0x08
$iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 25 -j TOS --set-tos 0x08
$iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -j TOS --set-tos 0x10
$iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j TOS --set-tos 0x10
$iptables -t mangle -A PREROUTING -p udp -m udp --dport 53 -j TOS --set-tos 0x08
$iptables -t mangle -A PREROUTING -p udp -m udp --sport 53 -j TOS --set-tos 0x08
$iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 110 -j TOS --set-tos 0x08
$iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 110 -j TOS --set-tos 0x08
$iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 3128 -j TOS --set-tos 0x10
$iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 3128 -j TOS --set-tos 0x10
$iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 3389 -j TOS --set-tos 0x08
$iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 3389 -j TOS --set-tos 0x08
$iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 5190 -j TOS --set-tos 0x08
$iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 5190 -j TOS --set-tos 0x08
$iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 5900 -j TOS --set-tos 0x08
$iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 5900 -j TOS --set-tos 0x08
$iptables -t mangle -A PREROUTING -p udp -m udp --dport 8481 -j TOS --set-tos 0x08
$iptables -t mangle -A PREROUTING -p udp -m udp --sport 8481 -j TOS --set-tos 0x08
$iptables -t mangle -A PREROUTING -p udp -m udp --dport 8895 -j TOS --set-tos 0x08
$iptables -t mangle -A PREROUTING -p udp -m udp --sport 8895 -j TOS --set-tos 0x08
$iptables -t mangle -A POSTROUTING -p icmp -j TOS --set-tos 0x10
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 22 -j TOS --set-tos 0x10
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 22 -j TOS --set-tos 0x10
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 20 -j TOS --set-tos 0x10
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 20 -j TOS --set-tos 0x10
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 21 -j TOS --set-tos 0x10
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 21 -j TOS --set-tos 0x10
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 25 -j TOS --set-tos 0x08
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 25 -j TOS --set-tos 0x08
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 80 -j TOS --set-tos 0x10
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 80 -j TOS --set-tos 0x10
$iptables -t mangle -A POSTROUTING -p udp -m udp --dport 53 -j TOS --set-tos 0x08
$iptables -t mangle -A POSTROUTING -p udp -m udp --sport 53 -j TOS --set-tos 0x08
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 110 -j TOS --set-tos 0x08
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 110 -j TOS --set-tos 0x08
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 3128 -j TOS --set-tos 0x10
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 3128 -j TOS --set-tos 0x10
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 3389 -j TOS --set-tos 0x08
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 3389 -j TOS --set-tos 0x08
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 5190 -j TOS --set-tos 0x08
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 5190 -j TOS --set-tos 0x08
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 5900 -j TOS --set-tos 0x08
$iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 5900 -j TOS --set-tos 0x08
$iptables -t mangle -A POSTROUTING -p udp -m udp --dport 8481 -j TOS --set-tos 0x08
$iptables -t mangle -A POSTROUTING -p udp -m udp --sport 8481 -j TOS --set-tos 0x08
$iptables -t mangle -A POSTROUTING -p udp -m udp --dport 8895 -j TOS --set-tos 0x08
$iptables -t mangle -A POSTROUTING -p udp -m udp --sport 8895 -j TOS --set-tos 0x08
# CHAIN: ENTRADA
# --------------------------------------------------------------------------------------------
$iptables -N firewall_entrada
$iptables -A INPUT -d 10.0.1.1 -j firewall_entrada
$iptables -A INPUT -d 200.202.216.194 -j firewall_entrada
# CHAIN: SAIDA
# --------------------------------------------------------------------------------------------
$iptables -N check_firewall_saida
$iptables -N firewall_saida
$iptables -A INPUT -i eth1 -j check_firewall_saida
$iptables -A FORWARD -i eth1 -o eth1 -j firewall_saida
$iptables -A OUTPUT -o eth0 -j firewall_saida
# CHECK_FIREWALL_SAIDA
# -------------------------------------------------------------------------------------------
$iptables -A check_firewall_saida -d 10.0.1.1 -j RETURN
$iptables -A check_firewall_saida -d 200.202.216.194 -j RETURN
$iptables -A check_firewall_saida -j firewall_saida
# ENTRADA
# -------------------------------------------------------------------------------------------
$iptables -A firewall_entrada -i eth1 -p TCP --dport 3128 -j ACCEPT
$iptables -A firewall_entrada -i eth1 -p UDP --dport 3128 -j ACCEPT
$iptables -A firewall_entrada -i eth1 -p TCP --dport 80 -j ACCEPT
$iptables -A firewall_entrada -i eth1 -p UDP --dport 80 -j ACCEPT
$iptables -A firewall_entrada -i eth0 -p TCP --dport 80 -j ACCEPT
$iptables -A firewall_entrada -i eth0 -p UDP --dport 80 -j ACCEPT
$iptables -A firewall_entrada -i eth1 -p TCP --dport 23 -j ACCEPT
$iptables -A firewall_entrada -i eth1 -p UDP --dport 23 -j ACCEPT
$iptables -A firewall_entrada -i eth0 -p TCP --dport 23 -j ACCEPT
$iptables -A firewall_entrada -i eth0 -p UDP --dport 23 -j ACCEPT
$iptables -A firewall_entrada -i eth1 -p ICMP -j ACCEPT
$iptables -A firewall_entrada -i eth0 -p ICMP -j ACCEPT
$iptables -A firewall_entrada -i eth1 -p UDP --dport 161 -j ACCEPT
$iptables -A firewall_entrada -i eth1 -p UDP --dport 162 -j ACCEPT
$iptables -A firewall_entrada -i eth0 -p UDP --dport 161 -j ACCEPT
$iptables -A firewall_entrada -i eth0 -p UDP --dport 162 -j ACCEPT
# SAIDA
# Serviços Comuns ao acesso (Para liberar um serviço adicione aki)
# -------------------------------------------------------------------------------------------
# WWW (http e https)
$iptables -A firewall_saida -p TCP --dport 80 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 80 -j ACCEPT
$iptables -A firewall_saida -p TCP --dport 443 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 443 -j ACCEPT
$iptables -A firewall_saida -p TCP --dport 25 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 25 -j ACCEPT
$iptables -A firewall_saida -p TCP --dport 110 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 110 -j ACCEPT
$iptables -A firewall_saida -p TCP --dport 143 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 143 -j ACCEPT
# FTP
$iptables -A firewall_saida -p TCP --dport 20 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 20 -j ACCEPT
$iptables -A firewall_saida -p TCP --dport 21 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 21 -j ACCEPT
# TFTP
$iptables -A firewall_saida -p TCP --dport 69 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 69 -j ACCEPT
# TELNET
$iptables -A firewall_saida -p TCP --dport 23 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 23 -j ACCEPT
# SSH
$iptables -A firewall_saida -p TCP --dport 22 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 22 -j ACCEPT
# Ping
$iptables -A firewall_saida -p ICMP -j ACCEPT
# Proxy Web
$iptables -A firewall_saida -p TCP --dport 3128 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 3128 -j ACCEPT
$iptables -A firewall_saida -p TCP --dport 8080 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 8080 -j ACCEPT
# Acesso Remoto - VPN PPTP
$iptables -A firewall_saida -p TCP --dport 1723 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 1723 -j ACCEPT
# PC AnyWhere
$iptables -A firewall_saida -p TCP --dport 5631 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 5631 -j ACCEPT
$iptables -A firewall_saida -p TCP --dport 5632 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 5632 -j ACCEPT
# Oracle
$iptables -A firewall_saida -p TCP --dport 1521 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 1521 -j ACCEPT
# MS-SQL
$iptables -A firewall_saida -p TCP --dport 1433 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 1433 -j ACCEPT
# Sybase
$iptables -A firewall_saida -p TCP --dport 5000 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 5000 -j ACCEPT
# MySQL
$iptables -A firewall_saida -p TCP --dport 3306 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 3306 -j ACCEPT
# PostgreSQL
$iptables -A firewall_saida -p TCP --dport 5432 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 5432 -j ACCEPT
# Interbase / FireBird
$iptables -A firewall_saida -p TCP --dport 3050 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 3050 -j ACCEPT
$iptables -A firewall_saida -p TCP --dport 3060 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 3060 -j ACCEPT
# Citrix
$iptables -A firewall_saida -p TCP --dport 1494 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 1494 -j ACCEPT
# Windows - Terminal Server
$iptables -A firewall_saida -p TCP --dport 3389 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 3389 -j ACCEPT
# mIRC
$iptables -A firewall_saida -p TCP --dport 6665:6669 -j ACCEPT
$iptables -A firewall_saida -p TCP --dport 7000:7002 -j ACCEPT
# ICQ e AIM
$iptables -A firewall_saida -p TCP --dport 5190 -j ACCEPT
$iptables -A firewall_saida -d 205.188.179.233 -j ACCEPT
$iptables -A firewall_saida -d 64.12.161.153 -j ACCEPT
$iptables -A firewall_saida -d 64.12.161.185 -j ACCEPT
$iptables -A firewall_saida -d 64.12.200.89 -j ACCEPT
# MSN Messenger
$iptables -A firewall_saida -p TCP --dport 1863:1864 -j ACCEPT
$iptables -A firewall_saida -p TCP --dport 6891:6900 -j ACCEPT
$iptables -A firewall_saida -p TCP --dport 9000 -j ACCEPT
$iptables -A firewall_saida -d 64.4.13.0/24 -j ACCEPT
$iptables -A firewall_saida -p TCP --dport 6901 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 6901 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 6801 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 2001:2120 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 5004:65535 -j ACCEPT
# Yahoo Messenger]
$iptables -A firewall_saida -d 216.136.233.128 -j ACCEPT
$iptables -A firewall_saida -d 216.136.227.24 -j ACCEPT
$iptables -A firewall_saida -d 216.136.227.25 -j ACCEPT
$iptables -A firewall_saida -d 216.136.227.74 -j ACCEPT
$iptables -A firewall_saida -d 216.136.227.76 -j ACCEPT
$iptables -A firewall_saida -d 216.136.227.77 -j ACCEPT
$iptables -A firewall_saida -d 216.136.227.78 -j ACCEPT
$iptables -A firewall_saida -d 216.136.227.79 -j ACCEPT
$iptables -A firewall_saida -d 216.136.233.153 -j ACCEPT
# Bate-Papo UOL
$iptables -A firewall_saida -p TCP --dport 8010:8020 -j ACCEPT
# Bate-Papo Terra
$iptables -A firewall_saida -p TCP --dport 9187 -j ACCEPT
$iptables -A firewall_saida -p TCP --dport 21000:24000 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 21000:24000 -j ACCEPT
# Bate-Papo iG
$iptables -A firewall_saida -p TCP --dport 8200:8250 -j ACCEPT
# KaZaA
$iptables -A firewall_saida -d 213.248.112.0/24 -j ACCEPT
$iptables -A firewall_saida -p TCP --dport 1214 -j ACCEPT
# Emule
$iptables -A firewall_saida -p TCP --dport 4662 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 4672 -j ACCEPT
# Napster
$iptables -A firewall_saida -d 64.124.41.0/24 -j ACCEPT
# Audio Galaxy
$iptables -A firewall_saida -d 64.245.58.0/23 -j ACCEPT
# Morpheus
$iptables -A firewall_saida -d 206.142.53.0/24 -j ACCEPT
# I-Mesh
$iptables -A firewall_saida -d 216.35.208.0/24 -j ACCEPT
# Counter-Strike/Half-Life
$iptables -A firewall_saida -p TCP --dport 27015:27020 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 27015:27020 -j ACCEPT
# Quake 3
$iptables -A firewall_saida -p TCP --dport 27690:27692 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 27690:27692 -j ACCEPT
# Unreal Tournament
$iptables -A firewall_saida -p TCP --dport 7777:7780 -j ACCEPT
$iptables -A firewall_saida -p UDP --dport 7777:7780 -j ACCEPT
# VNC Acesso Romoto
$iptables -A firewall_saida -p tcp --dport 5900 -j ACCEPT
$iptables -A firewall_saida -p udp --dport 5900 -j ACCEPT
# Tibia Game
$iptables -A firewall_saida -p tcp --dport 7171 -j ACCEPT
$iptables -A firewall_saida -p udp --dport 7171 -j ACCEPT
# Conectividade Social Caixa Econômica
$iptables -A firewall_saida -p tcp --dport 2631 -j ACCEPT
$iptables -A firewall_saida -p udp --dport 2631 -j ACCEPT
# Skype
$iptables -A firewall_saida -p tcp --dport 41571 -j ACCEPT
# ReceitaNet
$iptables -A firewall_saida -p tcp --dport 3456 -j ACCEPT
# Porta Prefeitura Municipal a saber
$iptables -A firewall_saida -p tcp --dport 3001 -j ACCEPT
# Porta Game Alcy
$iptables -A firewall_saida -p tcp --dport 8360:8380 -j ACCEPT
# A Ver
$iptables -A firewall_saida -p tcp --dport 1057 -j ACCEPT
$iptables -A firewall_saida -p udp --dport 1057 -j ACCEPT
# Microsiga Protheus e Named Utiliza essa porta
$iptables -A firewall_saida -p tcp --dport 1024 -j ACCEPT
$iptables -A firewall_saida -p udp --dport 1024 -j ACCEPT
# Regras de Entrada
# Administração web
# ---------------------------------------------------------------
# LAN
$iptables -A firewall_entrada -i eth1 -p TCP --dport 80 -j ACCEPT
$iptables -A firewall_entrada -i eth1 -p UDP --dport 80 -j ACCEPT
# INTERNET
$iptables -A firewall_entrada -i eth0 -p TCP --dport 80 -j ACCEPT
$iptables -A firewall_entrada -i eth0 -p UDP --dport 80 -j ACCEPT
# Telnet
# LAN
$iptables -A firewall_entrada -i eth1 -p TCP --dport 23 -j ACCEPT
$iptables -A firewall_entrada -i eth1 -p UDP --dport 23 -j ACCEPT
# INTERNET
$iptables -A firewall_entrada -i eth0 -p TCP --dport 23 -j ACCEPT
$iptables -A firewall_entrada -i eth0 -p UDP --dport 23 -j ACCEPT
# Ping - ICMP
# LAN
$iptables -A firewall_entrada -i eth1 -p ICMP -j ACCEPT
# INTERNET
$iptables -A firewall_entrada -i eth0 -p ICMP -j ACCEPT
# SNMP
# LAN
$iptables -A firewall_entrada -i eth1 -p UDP --dport 161 -j ACCEPT
$iptables -A firewall_entrada -i eth1 -p UDP --dport 162 -j ACCEPT
# INTERNET
$iptables -A firewall_entrada -i eth0 -p UDP --dport 161 -j ACCEPT
$iptables -A firewall_entrada -i eth0 -p UDP --dport 162 -j ACCEPT
# Mysql SGCU
$iptables -A firewall_entrada -i eth0 -p UDP --dport 3306 -j ACCEPT
$iptables -A firewall_entrada -i eth0 -p TCP --dport 3306 -j ACCEPT
# POP e SMTP para o Externo
$iptables -A firewall_entrada -i eth0 -p TCP --dport 110 -j ACCEPT
$iptables -A firewall_entrada -i eth0 -p UDP --dport 110 -j ACCEPT
$iptables -A firewall_entrada -i eth0 -p TCP --dport 25 -j ACCEPT
$iptables -A firewall_entrada -i eth0 -p UDP --dport 25 -j ACCEPT
# CHAIN: ESTABELECIDAS
# -----------------------------------------------------------------------------------------------------
$iptables -N estabelecidas
$iptables -A estabelecidas -m state --state ESTABLISHED,RELATED -j ACCEPT
$iptables -A INPUT -j estabelecidas
$iptables -A FORWARD -j estabelecidas
$iptables -A OUTPUT -j estabelecidas
# Redirecionamento VNC Pessonha
# -----------------------------------------------------------------------------------------------------
$iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 5908 -j DNAT --to-dest 10.0.1.119:5900
# Redirecionamento VPN Solus
# -----------------------------------------------------------------------------------------------------
$iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 5907 -j DNAT --to-dest 10.0.1.115:5900
# Redirecionamento VNC RenatoAvila
# -----------------------------------------------------------------------------------------------------
$iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 5901 -j DNAT --to-dest 10.0.1.101:5900
# Redirecionamento SQL Server Prefeitura
# -----------------------------------------------------------------------------------------------------
$iptables -t nat -A PREROUTING -s 200.225.212.98 -d 200.202.216.194 -p tcp --dport 1433 -j DNAT --to-dest 10.0.1.141:1433
$iptables -t nat -A PREROUTING -s 200.225.212.97 -d 200.202.216.194 -p tcp --dport 1433 -j DNAT --to-dest 10.0.1.141:1433
# Redirecionamento Terrafert (Postgress, SSH, VNC)
# -----------------------------------------------------------------------------------------------------
$iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 5906 -j DNAT --to-dest 10.0.1.128:5900
$iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 10100 -j DNAT --to-dest 10.0.1.128:22
$iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 5432 -j DNAT --to-dest 10.0.1.128:5432
$iptables -t nat -A PREROUTING -d 200.202.216.194 -p udp --dport 5432 -j DNAT --to-dest 10.0.1.128:5432
# Redirecionamento Aguia2 (Pico e VNC)
# -----------------------------------------------------------------------------------------------------
$iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 1999 -j DNAT --to-dest 10.0.1.152:1999
$iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 5904 -j DNAT --to-dest 10.0.1.152:5900
# Redirecionamento ApCristo para Administração Interna
# ----------------------------------------------------------------------------------------------------
$iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 30000 -j DNAT --to-dest 10.0.1.5:80
# Redirecionamento WarSistemas (SSH)
# -----------------------------------------------------------------------------------------------------
$iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 10000 -j DNAT --to-dest 10.0.1.191:22
# REDIRECIONAMENTO PROXY
# -----------------------------------------------------------------------------------------------------
$iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
$iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
# PRIVADAS
# CHAINS: interna
# -----------------------------------------------------------------------------------------------------
$iptables -N interna
$iptables -A INPUT -i eth1 -j interna
$iptables -A OUTPUT -o eth1 -j interna
$iptables -A interna -p UDP --sport 67 -j ACCEPT
$iptables -A interna -p UDP --sport 68 -j ACCEPT
$iptables -A interna -p TCP --sport 67 -j ACCEPT
$iptables -A interna -p TCP --sport 68 -j ACCEPT
$iptables -A interna -p UDP --dport 67 -j ACCEPT
$iptables -A interna -p UDP --dport 68 -j ACCEPT
$iptables -A interna -p TCP --dport 67 -j ACCEPT
$iptables -A interna -p TCP --dport 68 -j ACCEPT