+ Responder ao Tópico



  1. Pessoal estou trocando meu script de firewall para a policy drop, só que meu proxy não quer funcionar de maneira transparente, colocando manual funfa.

    Segue abaixo o script pra analise: (desculpe pelo tamanho!)

    #############################################################################################
    # Firewall NetPerdizes #
    # #
    # Descricao : Responsavel pela funcionamento do sistema de firewall baseado em $iptables. #
    # Data : 10/08/2005 #
    # #
    # eth1:10.0.1.1:255.0.0.0 (Rede Interna) #
    # eth0:200.202.216.194:255.255.255.224 (Rede Externa - Link) #
    #############################################################################################

    # Variaveis
    # -------------------------------------------------------------------------------------------
    iptables=/usr/sbin/iptables

    # Ativa Módulos
    # -------------------------------------------------------------------------------------------
    /sbin/modprobe iptable_nat
    /sbin/modprobe ip_conntrack
    /sbin/modprobe ip_conntrack_ftp
    /sbin/modprobe ip_nat_ftp
    /sbin/modprobe ipt_LOG
    /sbin/modprobe ipt_REJECT
    /sbin/modprobe ipt_MASQUERADE

    # Ativa Roteamento via Kernel
    # -------------------------------------------------------------------------------------------
    echo "1" > /proc/sys/net/ipv4/ip_forward

    # Proteção conta IP Spoof
    # -------------------------------------------------------------------------------------------
    echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
    echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

    # POLÍTICA DO FIREWALL - Deny (Barra tudo e vai liberando)
    # -------------------------------------------------------------------------------------------
    $iptables -P INPUT DROP
    $iptables -P FORWARD DROP
    $iptables -P OUTPUT DROP

    # LIMPEZA DE REGRAS
    # -------------------------------------------------------------------------------------------
    $iptables -F
    $iptables -t nat -F
    $iptables -t mangle -F
    $iptables -X
    $iptables -t nat -X
    $iptables -t mangle -X

    # Permite acesso ao localhost
    # -------------------------------------------------------------------------------------------
    $iptables -A INPUT -i lo -j ACCEPT
    $iptables -A OUTPUT -o lo -j ACCEPT # squid
    $iptables -A OUTPUT -s 10.0.1.1 -j ACCEPT
    $iptables -A OUTPUT -s 200.202.216.194 -j ACCEPT

    # CHAIN: liberadas
    # -------------------------------------------------------------------------------------------
    $iptables -N liberadas
    $iptables -A INPUT -i eth0 -j liberadas
    $iptables -A FORWARD -i eth0 -o eth1 -j liberadas
    $iptables -A OUTPUT -o eth0 -j liberadas
    $iptables -A OUTPUT -o eth1 -j liberadas
    $iptables -A liberadas -p TCP --dport 53 -j ACCEPT
    $iptables -A liberadas -p UDP --dport 53 -j ACCEPT

    # Permitindo que o FW tenha acesso a servidores TFTP
    # -------------------------------------------------------------------------------------------
    $iptables -A OUTPUT -s 127.0.0.1 -p TCP --dport 69 -j ACCEPT
    $iptables -A OUTPUT -s 127.0.0.1 -p UDP --dport 69 -j ACCEPT

    # CHAIN: QoS - otimização de pacotes
    # -------------------------------------------------------------------------------------------
    $iptables -t mangle -A PREROUTING -p icmp -j TOS --set-tos 0x10
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 22 -j TOS --set-tos 0x10
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 22 -j TOS --set-tos 0x10
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 20 -j TOS --set-tos 0x10
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 20 -j TOS --set-tos 0x10
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 21 -j TOS --set-tos 0x10
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 21 -j TOS --set-tos 0x10
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 25 -j TOS --set-tos 0x08
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 25 -j TOS --set-tos 0x08
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -j TOS --set-tos 0x10
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j TOS --set-tos 0x10
    $iptables -t mangle -A PREROUTING -p udp -m udp --dport 53 -j TOS --set-tos 0x08
    $iptables -t mangle -A PREROUTING -p udp -m udp --sport 53 -j TOS --set-tos 0x08
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 110 -j TOS --set-tos 0x08
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 110 -j TOS --set-tos 0x08
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 3128 -j TOS --set-tos 0x10
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 3128 -j TOS --set-tos 0x10
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 3389 -j TOS --set-tos 0x08
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 3389 -j TOS --set-tos 0x08
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 5190 -j TOS --set-tos 0x08
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 5190 -j TOS --set-tos 0x08
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 5900 -j TOS --set-tos 0x08
    $iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 5900 -j TOS --set-tos 0x08
    $iptables -t mangle -A PREROUTING -p udp -m udp --dport 8481 -j TOS --set-tos 0x08
    $iptables -t mangle -A PREROUTING -p udp -m udp --sport 8481 -j TOS --set-tos 0x08
    $iptables -t mangle -A PREROUTING -p udp -m udp --dport 8895 -j TOS --set-tos 0x08
    $iptables -t mangle -A PREROUTING -p udp -m udp --sport 8895 -j TOS --set-tos 0x08
    $iptables -t mangle -A POSTROUTING -p icmp -j TOS --set-tos 0x10
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 22 -j TOS --set-tos 0x10
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 22 -j TOS --set-tos 0x10
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 20 -j TOS --set-tos 0x10
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 20 -j TOS --set-tos 0x10
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 21 -j TOS --set-tos 0x10
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 21 -j TOS --set-tos 0x10
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 25 -j TOS --set-tos 0x08
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 25 -j TOS --set-tos 0x08
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 80 -j TOS --set-tos 0x10
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 80 -j TOS --set-tos 0x10
    $iptables -t mangle -A POSTROUTING -p udp -m udp --dport 53 -j TOS --set-tos 0x08
    $iptables -t mangle -A POSTROUTING -p udp -m udp --sport 53 -j TOS --set-tos 0x08
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 110 -j TOS --set-tos 0x08
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 110 -j TOS --set-tos 0x08
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 3128 -j TOS --set-tos 0x10
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 3128 -j TOS --set-tos 0x10
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 3389 -j TOS --set-tos 0x08
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 3389 -j TOS --set-tos 0x08
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 5190 -j TOS --set-tos 0x08
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 5190 -j TOS --set-tos 0x08
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --dport 5900 -j TOS --set-tos 0x08
    $iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 5900 -j TOS --set-tos 0x08
    $iptables -t mangle -A POSTROUTING -p udp -m udp --dport 8481 -j TOS --set-tos 0x08
    $iptables -t mangle -A POSTROUTING -p udp -m udp --sport 8481 -j TOS --set-tos 0x08
    $iptables -t mangle -A POSTROUTING -p udp -m udp --dport 8895 -j TOS --set-tos 0x08
    $iptables -t mangle -A POSTROUTING -p udp -m udp --sport 8895 -j TOS --set-tos 0x08

    # CHAIN: ENTRADA
    # --------------------------------------------------------------------------------------------
    $iptables -N firewall_entrada
    $iptables -A INPUT -d 10.0.1.1 -j firewall_entrada
    $iptables -A INPUT -d 200.202.216.194 -j firewall_entrada

    # CHAIN: SAIDA
    # --------------------------------------------------------------------------------------------
    $iptables -N check_firewall_saida
    $iptables -N firewall_saida
    $iptables -A INPUT -i eth1 -j check_firewall_saida
    $iptables -A FORWARD -i eth1 -o eth1 -j firewall_saida
    $iptables -A OUTPUT -o eth0 -j firewall_saida

    # CHECK_FIREWALL_SAIDA
    # -------------------------------------------------------------------------------------------
    $iptables -A check_firewall_saida -d 10.0.1.1 -j RETURN
    $iptables -A check_firewall_saida -d 200.202.216.194 -j RETURN
    $iptables -A check_firewall_saida -j firewall_saida

    # ENTRADA
    # -------------------------------------------------------------------------------------------

    $iptables -A firewall_entrada -i eth1 -p TCP --dport 3128 -j ACCEPT
    $iptables -A firewall_entrada -i eth1 -p UDP --dport 3128 -j ACCEPT
    $iptables -A firewall_entrada -i eth1 -p TCP --dport 80 -j ACCEPT
    $iptables -A firewall_entrada -i eth1 -p UDP --dport 80 -j ACCEPT
    $iptables -A firewall_entrada -i eth0 -p TCP --dport 80 -j ACCEPT
    $iptables -A firewall_entrada -i eth0 -p UDP --dport 80 -j ACCEPT
    $iptables -A firewall_entrada -i eth1 -p TCP --dport 23 -j ACCEPT
    $iptables -A firewall_entrada -i eth1 -p UDP --dport 23 -j ACCEPT
    $iptables -A firewall_entrada -i eth0 -p TCP --dport 23 -j ACCEPT
    $iptables -A firewall_entrada -i eth0 -p UDP --dport 23 -j ACCEPT
    $iptables -A firewall_entrada -i eth1 -p ICMP -j ACCEPT
    $iptables -A firewall_entrada -i eth0 -p ICMP -j ACCEPT
    $iptables -A firewall_entrada -i eth1 -p UDP --dport 161 -j ACCEPT
    $iptables -A firewall_entrada -i eth1 -p UDP --dport 162 -j ACCEPT
    $iptables -A firewall_entrada -i eth0 -p UDP --dport 161 -j ACCEPT
    $iptables -A firewall_entrada -i eth0 -p UDP --dport 162 -j ACCEPT

    # SAIDA
    # Serviços Comuns ao acesso (Para liberar um serviço adicione aki)
    # -------------------------------------------------------------------------------------------

    # WWW (http e https)
    $iptables -A firewall_saida -p TCP --dport 80 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 80 -j ACCEPT
    $iptables -A firewall_saida -p TCP --dport 443 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 443 -j ACCEPT

    # E-mail
    $iptables -A firewall_saida -p TCP --dport 25 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 25 -j ACCEPT
    $iptables -A firewall_saida -p TCP --dport 110 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 110 -j ACCEPT
    $iptables -A firewall_saida -p TCP --dport 143 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 143 -j ACCEPT

    # FTP
    $iptables -A firewall_saida -p TCP --dport 20 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 20 -j ACCEPT
    $iptables -A firewall_saida -p TCP --dport 21 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 21 -j ACCEPT

    # TFTP
    $iptables -A firewall_saida -p TCP --dport 69 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 69 -j ACCEPT

    # TELNET
    $iptables -A firewall_saida -p TCP --dport 23 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 23 -j ACCEPT

    # SSH
    $iptables -A firewall_saida -p TCP --dport 22 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 22 -j ACCEPT

    # Ping
    $iptables -A firewall_saida -p ICMP -j ACCEPT

    # Proxy Web
    $iptables -A firewall_saida -p TCP --dport 3128 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 3128 -j ACCEPT
    $iptables -A firewall_saida -p TCP --dport 8080 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 8080 -j ACCEPT

    # Acesso Remoto - VPN PPTP
    $iptables -A firewall_saida -p TCP --dport 1723 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 1723 -j ACCEPT

    # PC AnyWhere
    $iptables -A firewall_saida -p TCP --dport 5631 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 5631 -j ACCEPT
    $iptables -A firewall_saida -p TCP --dport 5632 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 5632 -j ACCEPT

    # Oracle
    $iptables -A firewall_saida -p TCP --dport 1521 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 1521 -j ACCEPT

    # MS-SQL
    $iptables -A firewall_saida -p TCP --dport 1433 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 1433 -j ACCEPT

    # Sybase
    $iptables -A firewall_saida -p TCP --dport 5000 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 5000 -j ACCEPT

    # MySQL
    $iptables -A firewall_saida -p TCP --dport 3306 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 3306 -j ACCEPT

    # PostgreSQL
    $iptables -A firewall_saida -p TCP --dport 5432 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 5432 -j ACCEPT

    # Interbase / FireBird
    $iptables -A firewall_saida -p TCP --dport 3050 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 3050 -j ACCEPT
    $iptables -A firewall_saida -p TCP --dport 3060 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 3060 -j ACCEPT

    # Citrix
    $iptables -A firewall_saida -p TCP --dport 1494 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 1494 -j ACCEPT

    # Windows - Terminal Server
    $iptables -A firewall_saida -p TCP --dport 3389 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 3389 -j ACCEPT

    # mIRC
    $iptables -A firewall_saida -p TCP --dport 6665:6669 -j ACCEPT
    $iptables -A firewall_saida -p TCP --dport 7000:7002 -j ACCEPT

    # ICQ e AIM
    $iptables -A firewall_saida -p TCP --dport 5190 -j ACCEPT
    $iptables -A firewall_saida -d 205.188.179.233 -j ACCEPT
    $iptables -A firewall_saida -d 64.12.161.153 -j ACCEPT
    $iptables -A firewall_saida -d 64.12.161.185 -j ACCEPT
    $iptables -A firewall_saida -d 64.12.200.89 -j ACCEPT

    # MSN Messenger
    $iptables -A firewall_saida -p TCP --dport 1863:1864 -j ACCEPT
    $iptables -A firewall_saida -p TCP --dport 6891:6900 -j ACCEPT
    $iptables -A firewall_saida -p TCP --dport 9000 -j ACCEPT
    $iptables -A firewall_saida -d 64.4.13.0/24 -j ACCEPT
    $iptables -A firewall_saida -p TCP --dport 6901 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 6901 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 6801 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 2001:2120 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 5004:65535 -j ACCEPT

    # Yahoo Messenger]
    $iptables -A firewall_saida -d 216.136.233.128 -j ACCEPT
    $iptables -A firewall_saida -d 216.136.227.24 -j ACCEPT
    $iptables -A firewall_saida -d 216.136.227.25 -j ACCEPT
    $iptables -A firewall_saida -d 216.136.227.74 -j ACCEPT
    $iptables -A firewall_saida -d 216.136.227.76 -j ACCEPT
    $iptables -A firewall_saida -d 216.136.227.77 -j ACCEPT
    $iptables -A firewall_saida -d 216.136.227.78 -j ACCEPT
    $iptables -A firewall_saida -d 216.136.227.79 -j ACCEPT
    $iptables -A firewall_saida -d 216.136.233.153 -j ACCEPT

    # Bate-Papo UOL
    $iptables -A firewall_saida -p TCP --dport 8010:8020 -j ACCEPT

    # Bate-Papo Terra
    $iptables -A firewall_saida -p TCP --dport 9187 -j ACCEPT
    $iptables -A firewall_saida -p TCP --dport 21000:24000 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 21000:24000 -j ACCEPT

    # Bate-Papo iG
    $iptables -A firewall_saida -p TCP --dport 8200:8250 -j ACCEPT

    # KaZaA
    $iptables -A firewall_saida -d 213.248.112.0/24 -j ACCEPT
    $iptables -A firewall_saida -p TCP --dport 1214 -j ACCEPT

    # Emule
    $iptables -A firewall_saida -p TCP --dport 4662 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 4672 -j ACCEPT

    # Napster
    $iptables -A firewall_saida -d 64.124.41.0/24 -j ACCEPT

    # Audio Galaxy
    $iptables -A firewall_saida -d 64.245.58.0/23 -j ACCEPT

    # Morpheus
    $iptables -A firewall_saida -d 206.142.53.0/24 -j ACCEPT

    # I-Mesh
    $iptables -A firewall_saida -d 216.35.208.0/24 -j ACCEPT

    # Counter-Strike/Half-Life
    $iptables -A firewall_saida -p TCP --dport 27015:27020 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 27015:27020 -j ACCEPT

    # Quake 3
    $iptables -A firewall_saida -p TCP --dport 27690:27692 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 27690:27692 -j ACCEPT

    # Unreal Tournament
    $iptables -A firewall_saida -p TCP --dport 7777:7780 -j ACCEPT
    $iptables -A firewall_saida -p UDP --dport 7777:7780 -j ACCEPT

    # VNC Acesso Romoto
    $iptables -A firewall_saida -p tcp --dport 5900 -j ACCEPT
    $iptables -A firewall_saida -p udp --dport 5900 -j ACCEPT

    # Tibia Game
    $iptables -A firewall_saida -p tcp --dport 7171 -j ACCEPT
    $iptables -A firewall_saida -p udp --dport 7171 -j ACCEPT

    # Conectividade Social Caixa Econômica
    $iptables -A firewall_saida -p tcp --dport 2631 -j ACCEPT
    $iptables -A firewall_saida -p udp --dport 2631 -j ACCEPT

    # Skype
    $iptables -A firewall_saida -p tcp --dport 41571 -j ACCEPT

    # ReceitaNet
    $iptables -A firewall_saida -p tcp --dport 3456 -j ACCEPT

    # Porta Prefeitura Municipal a saber
    $iptables -A firewall_saida -p tcp --dport 3001 -j ACCEPT

    # Porta Game Alcy
    $iptables -A firewall_saida -p tcp --dport 8360:8380 -j ACCEPT

    # A Ver
    $iptables -A firewall_saida -p tcp --dport 1057 -j ACCEPT
    $iptables -A firewall_saida -p udp --dport 1057 -j ACCEPT

    # Microsiga Protheus e Named Utiliza essa porta
    $iptables -A firewall_saida -p tcp --dport 1024 -j ACCEPT
    $iptables -A firewall_saida -p udp --dport 1024 -j ACCEPT


    # Regras de Entrada
    # Administração web
    # ---------------------------------------------------------------

    # LAN
    $iptables -A firewall_entrada -i eth1 -p TCP --dport 80 -j ACCEPT
    $iptables -A firewall_entrada -i eth1 -p UDP --dport 80 -j ACCEPT

    # INTERNET
    $iptables -A firewall_entrada -i eth0 -p TCP --dport 80 -j ACCEPT
    $iptables -A firewall_entrada -i eth0 -p UDP --dport 80 -j ACCEPT

    # Telnet
    # LAN
    $iptables -A firewall_entrada -i eth1 -p TCP --dport 23 -j ACCEPT
    $iptables -A firewall_entrada -i eth1 -p UDP --dport 23 -j ACCEPT
    # INTERNET
    $iptables -A firewall_entrada -i eth0 -p TCP --dport 23 -j ACCEPT
    $iptables -A firewall_entrada -i eth0 -p UDP --dport 23 -j ACCEPT

    # Ping - ICMP
    # LAN
    $iptables -A firewall_entrada -i eth1 -p ICMP -j ACCEPT
    # INTERNET
    $iptables -A firewall_entrada -i eth0 -p ICMP -j ACCEPT

    # SNMP
    # LAN
    $iptables -A firewall_entrada -i eth1 -p UDP --dport 161 -j ACCEPT
    $iptables -A firewall_entrada -i eth1 -p UDP --dport 162 -j ACCEPT
    # INTERNET
    $iptables -A firewall_entrada -i eth0 -p UDP --dport 161 -j ACCEPT
    $iptables -A firewall_entrada -i eth0 -p UDP --dport 162 -j ACCEPT

    # Mysql SGCU
    $iptables -A firewall_entrada -i eth0 -p UDP --dport 3306 -j ACCEPT
    $iptables -A firewall_entrada -i eth0 -p TCP --dport 3306 -j ACCEPT

    # POP e SMTP para o Externo
    $iptables -A firewall_entrada -i eth0 -p TCP --dport 110 -j ACCEPT
    $iptables -A firewall_entrada -i eth0 -p UDP --dport 110 -j ACCEPT
    $iptables -A firewall_entrada -i eth0 -p TCP --dport 25 -j ACCEPT
    $iptables -A firewall_entrada -i eth0 -p UDP --dport 25 -j ACCEPT

    # CHAIN: ESTABELECIDAS
    # -----------------------------------------------------------------------------------------------------
    $iptables -N estabelecidas
    $iptables -A estabelecidas -m state --state ESTABLISHED,RELATED -j ACCEPT
    $iptables -A INPUT -j estabelecidas
    $iptables -A FORWARD -j estabelecidas
    $iptables -A OUTPUT -j estabelecidas

    # Redirecionamento VNC Pessonha
    # -----------------------------------------------------------------------------------------------------
    $iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 5908 -j DNAT --to-dest 10.0.1.119:5900

    # Redirecionamento VPN Solus
    # -----------------------------------------------------------------------------------------------------
    $iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 5907 -j DNAT --to-dest 10.0.1.115:5900

    # Redirecionamento VNC RenatoAvila
    # -----------------------------------------------------------------------------------------------------
    $iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 5901 -j DNAT --to-dest 10.0.1.101:5900

    # Redirecionamento SQL Server Prefeitura
    # -----------------------------------------------------------------------------------------------------
    $iptables -t nat -A PREROUTING -s 200.225.212.98 -d 200.202.216.194 -p tcp --dport 1433 -j DNAT --to-dest 10.0.1.141:1433
    $iptables -t nat -A PREROUTING -s 200.225.212.97 -d 200.202.216.194 -p tcp --dport 1433 -j DNAT --to-dest 10.0.1.141:1433

    # Redirecionamento Terrafert (Postgress, SSH, VNC)
    # -----------------------------------------------------------------------------------------------------
    $iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 5906 -j DNAT --to-dest 10.0.1.128:5900
    $iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 10100 -j DNAT --to-dest 10.0.1.128:22
    $iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 5432 -j DNAT --to-dest 10.0.1.128:5432
    $iptables -t nat -A PREROUTING -d 200.202.216.194 -p udp --dport 5432 -j DNAT --to-dest 10.0.1.128:5432

    # Redirecionamento Aguia2 (Pico e VNC)
    # -----------------------------------------------------------------------------------------------------
    $iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 1999 -j DNAT --to-dest 10.0.1.152:1999
    $iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 5904 -j DNAT --to-dest 10.0.1.152:5900

    # Redirecionamento ApCristo para Administração Interna
    # ----------------------------------------------------------------------------------------------------
    $iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 30000 -j DNAT --to-dest 10.0.1.5:80

    # Redirecionamento WarSistemas (SSH)
    # -----------------------------------------------------------------------------------------------------
    $iptables -t nat -A PREROUTING -d 200.202.216.194 -p tcp --dport 10000 -j DNAT --to-dest 10.0.1.191:22

    # REDIRECIONAMENTO PROXY
    # -----------------------------------------------------------------------------------------------------
    $iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
    $iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE

    # PRIVADAS
    # CHAINS: interna
    # -----------------------------------------------------------------------------------------------------
    $iptables -N interna
    $iptables -A INPUT -i eth1 -j interna
    $iptables -A OUTPUT -o eth1 -j interna
    $iptables -A interna -p UDP --sport 67 -j ACCEPT
    $iptables -A interna -p UDP --sport 68 -j ACCEPT
    $iptables -A interna -p TCP --sport 67 -j ACCEPT
    $iptables -A interna -p TCP --sport 68 -j ACCEPT
    $iptables -A interna -p UDP --dport 67 -j ACCEPT
    $iptables -A interna -p UDP --dport 68 -j ACCEPT
    $iptables -A interna -p TCP --dport 67 -j ACCEPT
    $iptables -A interna -p TCP --dport 68 -j ACCEPT

  2. Grande mesmo hein, qual e a finalidade desse micro???



  3. Citação Postado originalmente por gatoseco
    Grande mesmo hein, qual e a finalidade desse micro???
    Bom Dia, primeiramente obrigado pela atenção.
    Esse micro é um firewall com squid de um provedor de internet wireless.






Tópicos Similares

  1. Proxy Transparente no Cisco 2500
    Por Good_speed no fórum Redes
    Respostas: 12
    Último Post: 24-12-2004, 16:23
  2. Proxy FTP no OpenBSD 3.4
    Por Hawthorn no fórum Servidores de Rede
    Respostas: 2
    Último Post: 26-04-2004, 15:53
  3. Errro Proxy Squid no Slackare 9
    Por Wal no fórum Servidores de Rede
    Respostas: 2
    Último Post: 13-01-2004, 13:52
  4. proxy transparente no squid com erro
    Por no fórum Servidores de Rede
    Respostas: 5
    Último Post: 20-06-2003, 11:37
  5. 1... 2... 3... 4... 5... BUGS de uma vez so no Slackware...
    Por Hacker no fórum Servidores de Rede
    Respostas: 56
    Último Post: 28-05-2003, 20:14

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L