Galera, boa tard;
montei um firewall iptables com as regras abaixo, e aparentemente funciona tudo corretamente, mas passados alguns minutos algumas regras param de funcionar, principalmente as regras de voip e telnet.
será que alguém poderia me ajudar.?
#CARREGANDO MODULOS
MOD="/sbin/modprobe"
$MOD iptable_nat
$MOD ip_tables
$MOD ip_conntrack
$MOD ip_conntrack_ftp
$MOD ip_nat_ftp
$MOD ipt_MASQUERADE
#CRIANDO VARIAVEL DO IPTABLES
IPT="/usr/sbin/iptables"
#CRIANDO VARIAVEIS DE REDE
REDE="192.168.0.0/24"
VOIP="192.168.0.55"
JEFFERSON="192.168.0.16"
KARLA="192.168.0.27"
HANIN="192.168.0.20"
#HABILITANDO IP FORWARD
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#ZERANDO REGRAS NORMAIS DO FIREWALL
$IPT -t filter -F
$IPT -t filter -X
$IPT -t filter -Z
#ZERANDO REGRAS NAT DO FIREWALL
$IPT -t nat -F
$IPT -t nat -X
$IPT -t nat -Z
#CRIANDO CHAINS NORMAIS
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
#CRIANDO CHAINS NAT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
#LIBERANDO LOOPBACK
$IPT -A INPUT -i lo -j ACCEPT
#CRIANDO REGRAS DE NAT
$IPT -t nat -A POSTROUTING -s $REDE -o eth0 -j MASQUERADE
#LIBERANDO CONEXOES JA EXISTENTES
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#CRIANDO REGRAS DE PING
$IPT -A INPUT -p icmp --icmp-type 8 -m limit --limit 1/s -j ACCEPT
$IPT -A FORWARD -p icmp --icmp-type 8 -j ACCEPT
#CRIANDO REGRAS DE FTP (20,21)
$IPT -A FORWARD -s $REDE -p tcp --dport 20:21 -j ACCEPT
#CRIANDO REGRAS DE SSH (22)
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
$IPT -A FORWARD -s $REDE -p tcp --dport 22 -j ACCEPT
#CRIANDO REGRAS DE TELNET (23)
$IPT -A FORWARD -s $REDE -p tcp --dport 23 -j ACCEPT
#CRIANDO REGRAS HTTP (80,443,8080)
$IPT -A FORWARD -s $REDE -p tcp -m multiport --dport 80,443,8080 -j ACCEPT
#CRIANDO REGRAS DE DNS (53)
$IPT -A FORWARD -p udp --dport 53 -j ACCEPT
#CRIANDO REGRAS DE EMAIL (25,110)
$IPT -A FORWARD -s $REDE -p tcp -m multiport --dport 25,110 -j ACCEPT
#CRIANDO REGRAS VOIP
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 20:21 -j DNAT --to $VOIP
$IPT -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dport 8080 -j DNAT --to $VOIP
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 23 -j DNAT --to $VOIP
$IPT -t nat -A PREROUTING -i eth0 -p udp --dport 161:162 -j DNAT --to $VOIP
$IPT -A FORWARD -s $REDE -p udp --dport 161:162 -j ACCEPT
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 9003 -j DNAT --to $VOIP
$IPT -A FORWARD -s $VOIP -p tcp --dport 9003 -j ACCEPT
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 9000:9002 -j DNAT --to $HANIN
$IPT -A FORWARD -s $HANIN -p tcp --dport 9000:9002 -j ACCEPT
$IPT -t nat -A PREROUTING -i eth0 -p udp --dport 1718:1719 -j DNAT --to $VOIP
$IPT -A FORWARD -s $VOIP -p udp --dport 1718:1719 -j ACCEPT
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 1720 -j DNAT --to $VOIP
$IPT -A FORWARD -s $VOIP -p tcp --dport 1720 -j ACCEPT
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 2000:2063 -j DNAT --to $VOIP
$IPT -A FORWARD -s $VOIP -p tcp --dport 2000:2063 -j ACCEPT
$IPT -t nat -A PREROUTING -i eth0 -p udp --dport 5001 -j DNAT --to $VOIP
$IPT -A FORWARD -s $VOIP -p udp --dport 5001 -j ACCEPT
$IPT -t nat -A PREROUTING -i eth0 -p udp --dport 10064 -j DNAT --to $VOIP
$IPT -A FORWARD -s $VOIP -p udp --dport 10064 -j ACCEPT
$IPT -t nat -A PREROUTING -i eth0 -p udp --dport 10240:11200 -j DNAT --to $VOIP
$IPT -A FORWARD -s $VOIP -p udp --dport 10240:11200 -j ACCEPT
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 5060 -j DNAT --to $VOIP
$IPT -A FORWARD -s $VOIP -p tcp --dport 5060 -j ACCEPT
$IPT -t nat -A PREROUTING -i eth0 -p udp --dport 5060 -j DNAT --to $VOIP
$IPT -A FORWARD -s $VOIP -p udp --dport 5060 -j ACCEPT
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 5631:5632 -j DNAT --to $JEFFERSON
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 5900 -j DNAT --to $KARLA