- Bandlimit com cache
+ Responder ao Tópico
-
Bandlimit com cache
Galera esta brabo de encontrar informações sobre o meu problema. Possuo um link de Velox com 4 MBps, e fiz o compartilhamento com o pessoal do prédio onde moro, limitei a galera em 128Kbps para download e upload. Até ai tudo bem o compartilhamento esta funcionando bem, mais estes computadores que estão com limite de banda, não conseguem utilizar o cache do meu proxy, quando paro o meu bandlimit, eles conseguem ter acesso ao cache, e também ficam sem qualquer limite de banda. Se alguém puder me ajudar ficarei muito grato.....
-
Re: Bandlimit com cache
Galera mais uma vez venho pedir a ajuda de vocês, pois continuo com o "problema" de não conseguir ter acesso ao cache do squid com a utilização do Bandlimit, ou seja a rede que esta com limite vai direto para a internet e utiliza o cache, mais quando paro o Bandlimit, essa rede acessa normalmente o cache. Segue abaixo os meus scripts e arquivos de configuração do Squid, Firewall e Bandlimit. Ficarei muito grato caso alguém possa me ajudar. (Devido ao limite de caracteres abaixo segue só o do squid na outra mensagem segue o Firewall e o Bandlimit)
Squid:
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 256 MB
cache_swap_low 95
cache_swap_high 98
maximum_object_size 100 MB
minimum_object_size 3 KB
maximum_object_size_in_memory 20 KB
ipcache_size 2048
ipcache_low 90
ipcache_high 95
cache_dir ufs /var/spool/squid 15000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl minharede src 192.168.254.0/24
acl redepredio src 192.168.1.8/29
acl redepredio2 src 192.168.1.16/29
acl redepredio3 src 192.168.1.24/29
acl redepredio4 src 192.168.1.32/29
acl redepredio5 src 192.168.1.40/29
acl redepredio6 src 192.168.1.48/29
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access allow minharede
http_access allow redepredio
http_access allow redepredio2
http_access allow redepredio3
http_access allow redepredio4
http_access allow redepredio5
http_access allow redepredio6
http_access allow localhost
http_access deny all
http_reply_access allow all
# and finally allow by default
http_reply_access allow all
icp_access allow all
cache_mgr root
visible_hostname SERVIDOR-PROXY
#Default:
httpd_accel_port 80
#Default:
httpd_accel_host virtual
#Default:
httpd_accel_with_proxy on
#Default:
httpd_accel_uses_host_header on
httpd_accel_no_pmtu_disc off
-
Re: Bandlimit com cache
Script do Firewall.....
Firewall:
#!/bin/sh
### Resetando todas as regras ###
iptables -F
iptables -Z
iptables -X
iptables -t nat -F
iptables -F INPUT
iptables -F FORWARD
iptables -t nat -F PREROUTING
iptables -t nat -F POSTROUTING
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
###############################################################################
for spoofing in /proc/sys/net/ipv4/conf/*/rp_filter;do
echo "1" > $spoofing
done
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
### Carregar modulos ###
modprobe iptable_filter
modprobe iptable_mangle
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe iptable_nat
#modprobe ipt_LOG
modprobe ipt_state
modprobe ipt_MASQUERADE
modprobe ip_nat_ftp
modprobe ipt_mark
modprobe ipt_MARK
modprobe ipt_mac
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
### Liberando acesso do LocalHost ###
iptables -A INPUT -i lo -j ACCEPT
### Otimizando o roteamento ###
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
### Manutencao de conexoes ativas ###
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
### Liberando acessos externos ao Firewall ###
iptables -A INPUT -p udp --dport 53 -i ppp0 -j ACCEPT
### Liberado o Ping Interno ao Firewall da rede 192.168.254.0 ###
iptables -A INPUT -p icmp -s 0/0 -i eth0 -j ACCEPT
### Liberado o Ping Interno ao Firewall da rede 192.168.1.x ###
#iptables -A INPUT -p icmp -s 0/0 -i eth2 -j ACCEPT
### Liberado o Ping Interno ao Firewall da rede 192.168.2.0###
iptables -A INPUT -p icmp -s 0/0 -i eth1 -j ACCEPT
### Porta SSH do Firewall ###
iptables -A INPUT -p tcp --dport 22 -i ppp0 -j ACCEPT
### Porta de acesso ao HTTP ###
iptables -A INPUT -p tcp --dport 80 -i ppp0 -j ACCEPT
### Porta de acesso ao WEBMIN ###
iptables -A INPUT -p tcp --dport 33000 -i ppp0 -j ACCEPT
### Bloqueio de Ping Externo ao Firewall ###
iptables -A INPUT -p icmp -s 0/0 -i ppp0 -j DROP
### Bloquea acessos vindo de fora para o Proxy na porta 3128 ###
iptables -A INPUT -p tcp -s 0/0 -i ppp0 --dport 3128 -j DROP
## Liberando acessos interno ao Firewall ###
### Porta para o SSH Interno ###
iptables -A INPUT -p tcp -s 192.168.254.0/24 -i eth0 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.2.0/24 -i eth1 --dport 22 -j ACCEPT
### Porta do proxy Transparente ###
iptables -A INPUT -p tcp -s 192.168.254.0/24 -i eth0 --dport 3128 -j ACCEPT
# SALA 303 #
iptables -A INPUT -p tcp -s 192.168.1.8/29 -i eth2 --dport 3128 -j ACCEPT
# COBERTURA #
iptables -A INPUT -p tcp -s 192.168.1.16/29 -i eth2 --dport 3128 -j ACCEPT
# SALA 402 #
iptables -A INPUT -p tcp -s 192.168.1.24/29 -i eth2 --dport 3128 -j ACCEPT
# SALA 404 #
iptables -A INPUT -p tcp -s 192.168.1.32/29 -i eth2 --dport 3128 -j ACCEPT
# SALA 401 #
iptables -A INPUT -p tcp -s 192.168.1.40/29 -i eth2 --dport 3128 -j ACCEPT
# SALA 403 #
iptables -A INPUT -p tcp -s 192.168.1.48/29 -i eth2 --dport 3128 -j ACCEPT
# SALA 301 #
### Pesquisa de DNS ###
iptables -A INPUT -p tcp -s 192.168.254.0/24 -i eth0 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.254.0/24 -i eth0 --dport 53 -j ACCEPT
# SALA 303 #
iptables -A INPUT -p tcp -s 192.168.1.8/29 -i eth2 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.1.8/29 -i eth2 --dport 53 -j ACCEPT
# COBERTURA #
iptables -A INPUT -p tcp -s 192.168.1.16/29 -i eth2 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.1.16/29 -i eth2 --dport 53 -j ACCEPT
# SALA 402 #
iptables -A INPUT -p tcp -s 192.168.1.24/29 -i eth2 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.1.24/29 -i eth2 --dport 53 -j ACCEPT
# SALA 404 #
iptables -A INPUT -p tcp -s 192.168.1.32/29 -i eth2 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.1.32/29 -i eth2 --dport 53 -j ACCEPT
# SALA 401 #
iptables -A INPUT -p tcp -s 192.168.1.40/29 -i eth2 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.1.40/29 -i eth2 --dport 53 -j ACCEPT
# SALA 403 #
iptables -A INPUT -p tcp -s 192.168.1.48/29 -i eth2 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.1.48/29 -i eth2 --dport 53 -j ACCEPT
### HTTP ###
iptables -A INPUT -p tcp -s 192.168.254.0/24 -i eth0 --dport 80 -j ACCEPT
# SALA 303 #
iptables -A INPUT -p tcp -s 192.168.1.8/29 -i eth2 --dport 80 -j ACCEPT
# COBERTURA #
iptables -A INPUT -p tcp -s 192.168.1.16/29 -i eth2 --dport 80 -j ACCEPT
# SALA 402 #
iptables -A INPUT -p tcp -s 192.168.1.24/29 -i eth2 --dport 80 -j ACCEPT
# SALA 404 #
iptables -A INPUT -p tcp -s 192.168.1.32/29 -i eth2 --dport 80 -j ACCEPT
# SALA 401 #
iptables -A INPUT -p tcp -s 192.168.1.40/29 -i eth2 --dport 80 -j ACCEPT
# SALA 403 #
iptables -A INPUT -p tcp -s 192.168.1.48/29 -i eth2 --dport 80 -j ACCEPT
# SALA 301 #
iptables -A INPUT -p tcp -s 192.168.4.0/29 -i eth2 --dport 80 -j ACCEPT
### Acesso da rede interna ao Firewall para utilizar o proxy ###
iptables -A INPUT -s 192.168.254.0/24 -i eth0 -j ACCEPT
# SALA 303 #
iptables -A INPUT -s 192.168.1.8/29 -i eth2 -j ACCEPT
# COBERTURA #
iptables -A INPUT -s 192.168.1.16/29 -i eth2 -j ACCEPT
# SALA 402 #
iptables -A INPUT -s 192.168.1.24/29 -i eth2 -j ACCEPT
# SALA 404 #
iptables -A INPUT -s 192.168.1.32/29 -i eth2 -j ACCEPT
# SALA 401 #
iptables -A INPUT -s 192.168.1.40/29 -i eth2 -j ACCEPT
# SALA 403 #
iptables -A INPUT -s 192.168.1.48/29 -i eth2 -j ACCEPT
# SALA 301 #
iptables -A INPUT -s 192.168.4.0/29 -i eth2 -j ACCEPT
### SMTP ###
iptables -A FORWARD -p tcp -s 192.168.254.0/24 --dport 25 -i eth0 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.254.0/24 --sport 25 -i ppp0 -o eth0 -j ACCEPT
### SMTP da SALA 301 ###
iptables -A FORWARD -p tcp -s 192.168.4.0/29 --dport 25 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.4.0/29 --sport 25 -i ppp0 -o eth2 -j ACCEPT
### SMTP da SALA 303 ###
iptables -A FORWARD -p tcp -s 192.168.1.8/29 --dport 25 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.8/29 --sport 25 -i ppp0 -o eth2 -j ACCEPT
### SMTP da COBERTURA ###
iptables -A FORWARD -p tcp -s 192.168.1.16/29 --dport 25 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.16/29 --sport 25 -i ppp0 -o eth2 -j ACCEPT
### SMTP da SALA 402 ###
iptables -A FORWARD -p tcp -s 192.168.1.24/29 --dport 25 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.24/29 --sport 25 -i ppp0 -o eth2 -j ACCEPT
### SMTP da SALA 404 ###
iptables -A FORWARD -p tcp -s 192.168.1.32/29 --dport 25 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.32/29 --sport 25 -i ppp0 -o eth2 -j ACCEPT
### SMTP da SALA 401 ###
iptables -A FORWARD -p tcp -s 192.168.1.40/29 --dport 25 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.40/29 --sport 25 -i ppp0 -o eth2 -j ACCEPT
### SMTP da SALA 403 ###
iptables -A FORWARD -p tcp -s 192.168.1.48/29 --dport 25 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.48/29 --sport 25 -i ppp0 -o eth2 -j ACCEPT
### POP3 ###
iptables -A FORWARD -p tcp -s 192.168.254.0/24 --dport 110 -i eth0 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.254.0/24 --sport 110 -i ppp0 -o eth0 -j ACCEPT
### POP3 da SALA 301 ###
iptables -A FORWARD -p tcp -s 192.168.4.0/29 --dport 110 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.4.0/29 --sport 110 -i ppp0 -o eth2 -j ACCEPT
### POP3 da SALA 303 ###
iptables -A FORWARD -p tcp -s 192.168.1.8/29 --dport 110 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.8/29 --sport 110 -i ppp0 -o eth2 -j ACCEPT
### POP3 da SALA COBERTURA ###
iptables -A FORWARD -p tcp -s 192.168.1.16/29 --dport 110 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.16/29 --sport 110 -i ppp0 -o eth2 -j ACCEPT
### POP3 da SALA 402 ###
iptables -A FORWARD -p tcp -s 192.168.1.24/29 --dport 110 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.24/29 --sport 110 -i ppp0 -o eth2 -j ACCEPT
### POP3 da SALA 404 ###
iptables -A FORWARD -p tcp -s 192.168.1.32/29 --dport 110 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.32/29 --sport 110 -i ppp0 -o eth2 -j ACCEPT
### POP3 da SALA 401 ###
iptables -A FORWARD -p tcp -s 192.168.1.40/29 --dport 110 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.40/29 --sport 110 -i ppp0 -o eth2 -j ACCEPT
### POP3 da SALA 403 ###
iptables -A FORWARD -p tcp -s 192.168.1.48/29 --dport 110 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.48/29 --sport 110 -i ppp0 -o eth2 -j ACCEPT
### IMAP ###
iptables -A FORWARD -p tcp -s 192.168.254.0/24 --dport 143 -i eth0 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.254.0/24 --sport 143 -i ppp0 -o eth0 -j ACCEPT
### IMAP da SALA 301 ###
iptables -A FORWARD -p tcp -s 192.168.4.0/29 --dport 143 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.4.0/29 --sport 143 -i ppp0 -o eth2 -j ACCEPT
### IMAP da SALA 303 ###
iptables -A FORWARD -p tcp -s 192.168.1.8/29 --dport 143 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.8/29 --sport 143 -i ppp0 -o eth2 -j ACCEPT
### IMAP da COBERTURA ###
iptables -A FORWARD -p tcp -s 192.168.1.16/29 --dport 143 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.16/29 --sport 143 -i ppp0 -o eth2 -j ACCEPT
### IMAP da SALA 402 ###
iptables -A FORWARD -p tcp -s 192.168.1.24/29 --dport 143 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.24/29 --sport 143 -i ppp0 -o eth2 -j ACCEPT
### IMAP da SALA 404 ###
iptables -A FORWARD -p tcp -s 192.168.1.32/29 --dport 143 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.32/29 --sport 143 -i ppp0 -o eth2 -j ACCEPT
### IMAP da SALA 401 ###
iptables -A FORWARD -p tcp -s 192.168.1.40/29 --dport 143 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.40/29 --sport 143 -i ppp0 -o eth2 -j ACCEPT
### IMAP da SALA 403 ###
iptables -A FORWARD -p tcp -s 192.168.1.48/29 --dport 143 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.48/29 --sport 143 -i ppp0 -o eth2 -j ACCEPT
### HTTP seguro ###
iptables -A FORWARD -p tcp -s 192.168.254.0/24 --dport 443 -i eth0 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.254.0/24 --sport 443 -i ppp0 -o eth0 -j ACCEPT
### HTTP seguro da SALA 301 ###
iptables -A FORWARD -p tcp -s 192.168.4.0/29 --dport 443 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.4.0/29 --sport 443 -i ppp0 -o eth2 -j ACCEPT
### HTTP seguro da SALA 303 ###
iptables -A FORWARD -p tcp -s 192.168.1.8/29 --dport 443 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.8/29 --sport 443 -i ppp0 -o eth2 -j ACCEPT
### HTTP seguro da COBERTURA ###
iptables -A FORWARD -p tcp -s 192.168.1.16/29 --dport 443 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.16/29 --sport 443 -i ppp0 -o eth2 -j ACCEPT
### HTTP seguro da SALA 402 ###
iptables -A FORWARD -p tcp -s 192.168.1.24/29 --dport 443 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.24/29 --sport 443 -i ppp0 -o eth2 -j ACCEPT
### HTTP seguro da SALA 404 ###
iptables -A FORWARD -p tcp -s 192.168.1.32/29 --dport 443 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.32/29 --sport 443 -i ppp0 -o eth2 -j ACCEPT
### HTTP seguro da SALA 401 ###
iptables -A FORWARD -p tcp -s 192.168.1.40/29 --dport 443 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.40/29 --sport 443 -i ppp0 -o eth2 -j ACCEPT
### HTTP seguro da SALA 403 ###
iptables -A FORWARD -p tcp -s 192.168.1.48/29 --dport 443 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.48/29 --sport 443 -i ppp0 -o eth2 -j ACCEPT
### Acesso ao FTP ###
iptables -A FORWARD -p tcp -s 192.168.254.0/24 --dport 20:21 -i eth0 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.254.0/24 --sport 20:21 -i ppp0 -o eth0 -j ACCEPT
### FTP Rede da SALA 301 ###
iptables -A FORWARD -p tcp -s 192.168.4.0/29 --dport 20:21 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.4.0/29 --sport 20:21 -i ppp0 -o eth2 -j ACCEPT
### FTP Rede da SALA 303 ###
iptables -A FORWARD -p tcp -s 192.168.1.8/29 --dport 20:21 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.8/29 --sport 20:21 -i ppp0 -o eth2 -j ACCEPT
### FTP Rede da COBERTURA ###
iptables -A FORWARD -p tcp -s 192.168.1.16/29 --dport 20:21 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.16/29 --sport 20:21 -i ppp0 -o eth2 -j ACCEPT
### FTP Rede da SALA 402 ###
iptables -A FORWARD -p tcp -s 192.168.1.24/29 --dport 20:21 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.24/29 --sport 20:21 -i ppp0 -o eth2 -j ACCEPT
### FTP Rede da SALA 404 ###
iptables -A FORWARD -p tcp -s 192.168.1.32/29 --dport 20:21 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.32/29 --sport 20:21 -i ppp0 -o eth2 -j ACCEPT
### FTP Rede da SALA 401 ###
iptables -A FORWARD -p tcp -s 192.168.1.40/29 --dport 20:21 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.40/29 --sport 20:21 -i ppp0 -o eth2 -j ACCEPT
### FTP Rede da SALA 403 ###
iptables -A FORWARD -p tcp -s 192.168.1.48/29 --dport 20:21 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.48/29 --sport 20:21 -i ppp0 -o eth2 -j ACCEPT
### Pesquisa de DNS ###
iptables -A FORWARD -p udp -s 192.168.254.0/24 --dport 53 -i eth0 -o ppp0 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.254.0/24 --sport 53 -i ppp0 -o eth0 -j ACCEPT
### Rede Predial SALA 301 ###
iptables -A FORWARD -p udp -s 192.168.4.0/29 --dport 53 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.4.0/29 --sport 53 -i ppp0 -o eth2 -j ACCEPT
### Rede Predial SALA 303 ###
iptables -A FORWARD -p udp -s 192.168.1.8/29 --dport 53 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.1.8/29 --sport 53 -i ppp0 -o eth2 -j ACCEPT
### Rede Predial COBERTURA ###
iptables -A FORWARD -p udp -s 192.168.1.16/29 --dport 53 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.1.16/29 --sport 53 -i ppp0 -o eth2 -j ACCEPT
### Rede Predial SALA 402 ###
iptables -A FORWARD -p udp -s 192.168.1.24/29 --dport 53 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.1.24/29 --sport 53 -i ppp0 -o eth2 -j ACCEPT
### Rede Predial SALA 404 ###
iptables -A FORWARD -p udp -s 192.168.1.32/29 --dport 53 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.1.32/29 --sport 53 -i ppp0 -o eth2 -j ACCEPT
### Rede Predial SALA 401 ###
iptables -A FORWARD -p udp -s 192.168.1.40/29 --dport 53 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.1.40/29 --sport 53 -i ppp0 -o eth2 -j ACCEPT
### Rede Predial SALA 403 ###
iptables -A FORWARD -p udp -s 192.168.1.48/29 --dport 53 -i eth2 -o ppp0 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.1.48/29 --sport 53 -i ppp0 -o eth2 -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type 0 -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
### Regras de NAT, mascaramento ###
iptables -t nat -A POSTROUTING -s 192.168.254.0/24 -o ppp0 -j MASQUERADE
# SALA 301 #
iptables -t nat -A POSTROUTING -s 192.168.4.0/29 -o ppp0 -j MASQUERADE
# SALA 303 #
iptables -t nat -A POSTROUTING -s 192.168.1.8/29 -o ppp0 -j MASQUERADE
# COBERTURA #
iptables -t nat -A POSTROUTING -s 192.168.1.16/29 -o ppp0 -j MASQUERADE
# SALA 402 #
iptables -t nat -A POSTROUTING -s 192.168.1.24/29 -o ppp0 -j MASQUERADE
# SALA 404 #
iptables -t nat -A POSTROUTING -s 192.168.1.32/29 -o ppp0 -j MASQUERADE
# SALA 401 #
iptables -t nat -A POSTROUTING -s 192.168.1.40/29 -o ppp0 -j MASQUERADE
# SALA 403 #
iptables -t nat -A POSTROUTING -s 192.168.1.48/29 -o ppp0 -j MASQUERADE
### Redirecionando todo o trafego da porta 80 para o Proxy ###
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -d! 200.201.174.207/32 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -d! 200.201.174.207/32 -j REDIRECT --to-port 3128
-