#!/bin/sh
# Variáveis
# -------------------------------------------------------
iptables=/sbin/iptables
IF_EXTERNA=eth0
IF_INTERNA=eth1
# Ativa módulos
# -------------------------------------------------------
/sbin/modprobe iptable_nat
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
# # Limpando Regras
iptables -F
iptables -X
iptables -Z
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t nat
iptables -X -t nat
iptables -F -t mangle
iptables -X -t mangle
echo \" Limpando Regras ..............................[ OK ]\"
# Definindo Politica Padrao
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
echo \" Alterando politica padrao.....................[ OK ]\"
#################################################
# Tabela NAT
#################################################
# Proxy transparente
# -------------------------------------------------------
# Redireciona todo trafego http(80) que nao seja para a conectividade social, para o squid (3128),
iptables -t nat -A PREROUTING -s 192.168.1.0/255.255.255.0 -p tcp --dport 80 -i $IF_INTERNA -j REDIRECT --to-port 3128
# iptables -t nat -A PREROUTING -p tcp -m multiport -s 192.168.1.0/255.255.255.0 --dport 8080 -i $IF_INTERNA -j REDIRECT --to-ports 80
# iptables -t nat -A PREROUTING -p tcp -m multiport -s 192.168.1.0/255.255.255.0 --dport 8080 -i $IF_INTERNA -j REDIRECT --to-ports 3128
# iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 80 -j DNAT --to 192.168.1.194:3128
# iptables -t nat -A PREROUTING -i $IF_INTERNA -p tcp --dport 80 -j REDIRECT --to-port 3128
# Ativa mascaramento de saída
# -------------------------------------------------------
# $iptables -t nat -A POSTROUTING -o $IF_EXTERNA -j MASQUERADE
$iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o $IF_EXTERNA -j MASQUERADE
# Ativa roteamento no kernel
# -------------------------------------------------------
echo "1" > /proc/sys/net/ipv4/ip_forward