Postado originalmente por felco
acho q o problema eh broadcast
iptables -F
iptables -F -t nat
iptables -X
iptables -X -t nat
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -t nat -A PREROUTING -m state --state INVALID -j DROP
iptables -t nat -A PREROUTING -m unclean -j DROP
#caso vc use squid na rede
iptables -t nat -A PREROUTING -i eth1 -s 192.168.0.0/16 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m unclean -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -s 0/0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth1 -s 0/0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth1 -s 192.168.0.0/16 -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 1 -j RETURN
iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 2 -j ACCEPT
iptables -A INPUT -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -m unclean -j DROP
iptables -A FORWARD -p tcp --dport 135 -j DROP
iptables -A FORWARD -p udp -m multiport --dports 137,138 -j DROP
iptables -A FORWARD -p tcp --dport 139 -j DROP
iptables -A FORWARD -p tcp --dport 445 -j DROP
iptables -A FORWARD -p udp --dport 445 -j DROP
iptables -A FORWARD -p udp --dport 500 -j DROP
iptables -A FORWARD -p tcp --dport 1039 -j DROP
iptables -A FORWARD -p udp --dport 1050 -j DROP
iptables -A FORWARD -p udp --dport 1065 -j DROP
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -t nat -A POSTROUTING -m state --state INVALID -j DROP
iptables -t nat -A POSTROUTING -m unclean -j DROP
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/16 -j MASQUERADE