Pode postar no fórum.
Versão Imprimível
Pode postar no fórum.
Supondo que tenho duas redes 192.168.20.0/24 e 192.168.15.0/24 e a rede 15.0 não pode ter acesso a rede 20.0.
Caso aparece alguma duvida me escrevam.
Abraços
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -t nat -P PREROUTING DROP
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -t nat -F PREROUTING
iptables -t nat -F POSTROUTING
iptables -t nat -F OUTPUT
iptables -A INPUT -s 192.168.15.0/24 -d 0/0 -j ACCEPT
iptables -A INPUT -s 192.168.20.0/24 -d 0/0 -j ACCEPT
iptables -A INPUT -s 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p all -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 0:65535 -j LOG --log-prefix "Acesso Externo Indevido"
iptables -A INPUT -p udp --dport 0:65535 -j LOG --log-prefix "Acesso Externo Indevido"
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
iptables -A FORWARD -d 192.168.15.0/24 -s 0/0 -j ACCEPT
iptables -A FORWARD -s 192.168.15.0/24 -d 0/0 -j ACCEPT
iptables -A FORWARD -d 192.168.20.0/24 -s 0/0 -j ACCEPT
iptables -A FORWARD -s 192.168.20.0/24 -d 0/0 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.15.0/24 -m state --state ESTABLISHED,RELATED
iptables -A FORWARD -s 0/0 -d 192.168.20.0/24 -m state --state ESTABLISHED,RELATED
iptables -t nat -A POSTROUTING -s 192.168.15.0/24 -o ppp0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.20.0/24 -o ppp0 -j MASQUERADE
iptables -t nat -A PREROUTING -s 192.168.20.0/24 -d 192.168.15.0/24 -j ACCEPT
iptables -t nat -A PREROUTING -s 192.168.20.1 -d 192.168.15.1 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.15.0/24 --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth2 -p tcp -s 192.168.20.0/24 --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -s 192.168.15.0/24 -p tcp --dport 3128 -j ACCEPT
iptables -t nat -A PREROUTING -s 192.168.20.0/24 -p tcp --dport 3128 -j ACCEPT
iptables -t nat -A PREROUTING -s 192.168.15.0/24 -p tcp --dport 1025:65535 -j LOG --log-prefix "Acesso Indevido "
iptables -t nat -A PREROUTING -s 192.168.15.0/24 -p udp --dport 1025:65535 -j LOG --log-prefix "Acesso Indevido "
iptables -t nat -A PREROUTING -s 192.168.20.0/24 -p tcp --dport 1025:65535 -j LOG --log-prefix "Acesso Indevido "
iptables -t nat -A PREROUTING -s 192.168.20.0/24 -p udp --dport 1025:65535 -j LOG --log-prefix "Acesso Indevido "
iptables -t nat -A PREROUTING -s 192.168.15.0/24 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 192.168.20.0/24 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 192.168.15.0/24 -p udp --dport 53 -j ACCEPT
iptables -t nat -A PREROUTING -s 192.168.20.0/24 -p udp --dport 53 -j ACCEPT
iptables -t nat -A PREROUTING -s 192.168.15.0/24 -p udp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 192.168.20.0/24 -p udp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 192.168.15.0/24 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 192.168.20.0/24 -p tcp --dport 443 -j ACCEPT
Ae cara... blz, deu certo. Ta barrando o kazaa e outros p2p. Agora o seguinte. To precisando liberar a porta 22 pra ssh e a porta de webcam do msn. Como faço.
Ah, valeu ae....
Tb to precisando liberar ping externo. Sabe como faço? Ah, a porta do squid ta liberado para acesso externo.
Valeu.
Ae galera.... ja consegui liberar o ssh e o ping. Qnd o meu firewall estiver todo pronto, posto aqui tb.
Valeu ae a todos.