Como faco para liberar um ip total para acesso ao kazaa, sendo o DMZ ou seja como faco para fazer um DMZ
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -F
iptables -t nat -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
# Proxy transparente
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
#NAT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -o eth1 -m state --state NEW,INVALID -j ACCEPT
iptables -A FORWARD -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
#Acesso Web e Servidor web
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
iptables -A FORWARD -p tcp --dport 3128 -j ACCEPT
#libera DNS
#iptables -A INPUT -p tcp --dport 53 -j ACCEPT
#iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
#FTP
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A FORWARD -p tcp --dport 22 -j ACCEPT
# Ping
iptables -A FORWARD -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
# Banespa
iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
iptables -A INPUT -p tcp --dport 30005 -j ACCEPT
iptables -A FORWARD -p tcp --dport 8000 -j ACCEPT
iptables -A FORWARD -p tcp --dport 30005 -j ACCEPT
# SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A FORWARD -p tcp --dport 22 -j ACCEPT
#Banco Atualização e msn para autenticacao
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp --dport 443 -j ACCEPT
#MSN
iptables -A INPUT -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1863 -j ACCEPT
#vnc
iptables -A INPUT -p tcp --dport 5800 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5800 -j ACCEPT
iptables -A INPUT -p tcp --dport 5900 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5900 -j ACCEPT
iptables -A INPUT -p tcp --sport 5900 -j ACCEPT
iptables -A FORWARD -p tcp --sport 5900 -j ACCEPT
#Terminal Service
iptables -A INPUT -p tcp --dport 3389 -j ACCEPT
iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT
iptables -A INPUT -p tcp --sport 3389 -j ACCEPT
iptables -A FORWARD -p tcp --sport 3389 -j ACCEPT
#VNC
iptables -t nat -A PREROUTING -p tcp --dport 5900 -i eth0 -j DNAT --to 192.168.0.1:5900
iptables -t nat -A PREROUTING -p tcp --dport 5800 -i eth0 -j DNAT --to 192.168.0.1:5800
#Terminal Service
iptables -t nat -A PREROUTING -s 0/0 -m tcp -p tcp -i eth0 --dport 3389 -j DNAT --to-destination 192.168.0.1:3389
#Camera Pico
iptables -A INPUT -p tcp --dport 1899 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1899 -j ACCEPT
iptables -A INPUT -p tcp --sport 1899 -j ACCEPT
iptables -A FORWARD -p tcp --sport 1899 -j ACCEPT
iptables -t nat -A PREROUTING -s 0/0 -m tcp -p tcp -i eth0 --dport 1899 -j DNAT --to-destination 192.168.0.1:1899
iptables -A INPUT -p tcp --dport 1999 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1999 -j ACCEPT
iptables -A INPUT -p tcp --sport 1999 -j ACCEPT
iptables -A FORWARD -p tcp --sport 1999 -j ACCEPT
iptables -t nat -A PREROUTING -s 0/0 -m tcp -p tcp -i eth0 --dport 1999 -j DNAT --to-destination 192.168.0.1:1999
#Sql
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -A FORWARD -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp --sport 3306 -j ACCEPT
iptables -A FORWARD -p tcp --sport 3306 -j ACCEPT
iptables -t nat -A PREROUTING -s 0/0 -m tcp -p tcp -i eth0 --dport 1999 -j DNAT --to-destination 192.168.0.1:3306
#VPN
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p tcp --sport 1723 -j ACCEPT
iptables -A FORWARD -p tcp --sport 1723 -j ACCEPT
iptables -t nat -A PREROUTING -s 0/0 -m tcp -p tcp -i eth0 --dport 1723 -j DNAT --to-destination 192.168.0.1:1723