[size=18px]
Fala Galera...
Pessoal, estou tendo uns problemas, queria que uma maquina da minha rede interna se conecta-se diratamente a internet via uma NAT. O grande problema, faço a autenticação com o velox e me conecto a internet, e as outras maquinas acessam via Squid, mas essa maquina com o IP 10.0.0.10 queria q fosse direto.
As minhas configurações são essas:
[/size]
[size=9px]
eth0 Encapsulamento do Link: Ethernet Endereço de HW 00:50:04:71:FD:53
inet end.: 10.0.0.1 Bcast:10.255.255.255 Masc:255.0.0.0
UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1
RX packets:69756 errors:0 dropped:0 overruns:0 frame:0
TX packets:94276 errors:0 dropped:0 overruns:0 carrier:0
colisões:0 txqueuelen:100
RX bytes:13412343 (12.7 MiB) TX bytes:85940697 (81.9 MiB)
IRQ:16 Endereço de E/S:0xec00
eth1 Encapsulamento do Link: Ethernet Endereço de HW 00:10:4B0:4E:98
UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1
RX packets:80648 errors:0 dropped:0 overruns:0 frame:0
TX packets:79273 errors:0 dropped:0 overruns:0 carrier:0
colisões:0 txqueuelen:100
RX bytes:68943064 (65.7 MiB) TX bytes:11699902 (11.1 MiB)
IRQ:17 Endereço de E/S:0xe800
ppp0 Encapsulamento do Link: Protocolo Ponto-a-Ponto
inet end.: 200.25.82.3 P-a-P:200.217.72.80 Masc:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Métrica:1
RX packets:80109 errors:0 dropped:0 overruns:0 frame:0
TX packets:78731 errors:0 dropped:0 overruns:0 carrier:0
colisões:0 txqueuelen:3
RX bytes:67110165 (64.0 MiB) TX bytes:9935207 (9.4 MiB)
*mangle
:PREROUTING ACCEPT [147112:78214784]
:INPUT ACCEPT [145889:77532512]
:FORWARD ACCEPT [1102:653874]
:OUTPUT ACCEPT [170652:92943761]
:POSTROUTING ACCEPT [171744:93597155]
COMMIT
# Completed on Fri Jul 1 15:32:55 2005
# Generated by iptables-save v1.2.6a on Fri Jul 1 15:32:55 2005
*filter
:INPUT DROP [292:93950]
:FORWARD DROP [10:480]
:OUTPUT DROP [0:0]
:allow_services - [0:0]
:allowed - [0:0]
:bad_tcp_packets - [0:0]
:icmp_packets - [0:0]
:tcp_packets - [0:0]
:udpincoming_packets - [0:0]
-A INPUT -s 0.0.0.0 -i eth0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -p tcp -j bad_tcp_packets
-A INPUT -i ppp0 -p icmp -j icmp_packets
-A INPUT -i ppp0 -p tcp -j tcp_packets
-A INPUT -i ppp0 -p udp -j udpincoming_packets
-A INPUT -d 10.255.255.255 -i eth0 -j ACCEPT
-A INPUT -s 127.0.0.1 -i lo -j ACCEPT
-A INPUT -s 10.0.0.1 -i lo -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 10.0.0.0/255.0.0.0 -i eth0 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -j bad_tcp_packets
-A FORWARD -i eth0 -j allow_services
-A FORWARD -m state --state RELATED,ESTABLISHED -j allow_services
-A OUTPUT -p tcp -j bad_tcp_packets
-A OUTPUT -s 127.0.0.1 -j ACCEPT
-A OUTPUT -s 10.0.0.1 -j ACCEPT
-A OUTPUT -j ACCEPT
-A allow_services -p tcp -m tcp --dport 25 -j ACCEPT
-A allow_services -p tcp -m tcp --dport 110 -j ACCEPT
-A allow_services -p tcp -m tcp --dport 143 -j ACCEPT
-A allow_services -p tcp -m tcp --dport 993 -j ACCEPT
-A allow_services -p tcp -m tcp --dport 995 -j ACCEPT
-A allow_services -p tcp -m tcp --dport 23 -j ACCEPT
-A allow_services -p tcp -m tcp --dport 22 -j ACCEPT
-A allow_services -p udp -m udp --dport 22 -j ACCEPT
-A allow_services -p tcp -m tcp --dport 53 -j ACCEPT
-A allow_services -p udp -m udp --dport 53 -j ACCEPT
-A allow_services -p tcp -m tcp --dport 3456 -j ACCEPT
-A allow_services -p tcp -m tcp --sport 25 -j ACCEPT
-A allow_services -p tcp -m tcp --sport 110 -j ACCEPT
-A allow_services -p tcp -m tcp --sport 143 -j ACCEPT
-A allow_services -p tcp -m tcp --sport 993 -j ACCEPT
-A allow_services -p tcp -m tcp --sport 995 -j ACCEPT
-A allow_services -p tcp -m tcp --sport 23 -j ACCEPT
-A allow_services -p tcp -m tcp --sport 22 -j ACCEPT
-A allow_services -p udp -m udp --sport 22 -j ACCEPT
-A allow_services -p tcp -m tcp --sport 53 -j ACCEPT
-A allow_services -p udp -m udp --sport 53 -j ACCEPT
-A allow_services -p tcp -m tcp --sport 3456 -j ACCEPT
-A allow_services -p icmp -j ACCEPT
-A allow_services -s 10.0.0.101 -j ACCEPT
-A allow_services -d 10.0.0.101 -j ACCEPT
-A allow_services -s 200.201.174.207 -j ACCEPT
-A allow_services -d 200.201.174.207 -j ACCEPT
-A allow_services -s 10.0.0.5 -j ACCEPT
-A allow_services -d 10.0.0.5 -j ACCEPT
-A allowed -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A allowed -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A allowed -p tcp -j DROP
-A bad_tcp_packets -p tcp -m state --state NEW -m tcp ! --tcp-flags SYN,RST,ACK SYN -j DROP
-A bad_tcp_packets -s 192.168.0.0/255.255.0.0 -i ppp0 -j DROP
-A bad_tcp_packets -s 10.0.0.0/255.0.0.0 -i ppp0 -j DROP
-A bad_tcp_packets -s 172.16.0.0/255.240.0.0 -i ppp0 -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A icmp_packets -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A tcp_packets -p tcp -m tcp --dport 21 -j allowed
-A tcp_packets -p tcp -m tcp --dport 22 -j allowed
-A tcp_packets -p tcp -m tcp --dport 80 -j allowed
-A tcp_packets -p tcp -m tcp --dport 113 -j allowed
-A udpincoming_packets -p udp -m udp --sport 53 -j ACCEPT
COMMIT
# Completed on Fri Jul 1 15:32:55 2005
# Generated by iptables-save v1.2.6a on Fri Jul 1 15:32:55 2005
*nat
:PREROUTING ACCEPT [3806:408740]
:POSTROUTING ACCEPT [6:504]
:OUTPUT ACCEPT [4730:285412]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
[/size]
[size=18px]Alguem poderia me ajudar a criar a rega no iptables pra isso??
Valeu galera....[/size]