Problemas Fazendo NAT

mauron · 30-03-2006, 08:46

Olá a Todos, eu instalei um servidor de firewall com o CENTOS 4.2 para fazer o controle e ser o meu bastion host, mas acontece que o mesmo não consegue fazer nat, ele redireciona mas portas mas nao funciona a nat, olha o meu firewall:
e neste servidor eu um ip fixo e mais 4 com interfaces de rede virtuais, exemplo:

200.200.200.1
200.200.200.2
200.200.200.3

Código :

 start)
    echo 1 > /proc/sys/net/ipv4/ip_forward
 
    #Filtragem de pacotes (0=desabilita 1 =habilita)
    for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
      echo 0 > $f
    done
 
    #LIMPAR AS REGRAS
    iptables -F
    iptables -F -t nat
    #Iniciando os modulos
    modprobe ip_tables
    modprobe iptable_filter
    modprobe ip_conntrack
    modprobe ip_conntrack_ftp
    modprobe ip_nat_ftp
    modprobe iptable_nat
    modprobe ipt_limit
    modprobe ipt_REJECT
 
 
    ################## CHAIN INPUT PACOTES COM DESTINO AO FIREWALL#######
    #########################BEGIN INPUT#################################
    iptables -P INPUT ACCEPT
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -i eth1 -j ACCEPT
    iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
    iptables -A INPUT -mstate --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    iptables -A INPUT -p tcp --dport 3580 -j ACCEPT
    #iptables -A INPUT -p tcp -m multiport --dports 22345,5900,3580 -j ACCEPT
    #iptables -A INPUT -i eth0 -f -j DROP
    ##################### END INPUT#####################################
 
    ########CHAIN OUTPUT - Pacotes originados na maquina firewall######
    ###########################BEGIN OUTPUT############################
    iptables -P OUTPUT ACCEPT
    ###########################END OUTPUT##############################
 
    ########Chain FORWARD - Pacotes que atravessao a maquina firewall##
    ########################### BEGIN FORWARD #########################
    iptables -P FORWARD ACCEPT
    # Habilitando comunicacao entre as placas de redes
    iptables -A FORWARD -i eth1 -j ACCEPT
    iptables -A FORWARD -o eth1 -j ACCEPT
    iptables -A FORWARD -p tcp -m multiport --dports 22345 -j ACCEPT
    iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
    iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -s 192.168.102.0/24 -d 0/0 -j ACCEPT
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    #SRV1
    iptables -t nat -A PREROUTING -d 200.200.200.3 -j DNAT --to 192.168.102.15
 
    ;;
 stop)
 
    echo "Shutting down %s: " "iptables"
    #LIMPAR AS REGRAS
    iptables -F
    iptables -F -t nat
    iptables -F FORWARD
    iptables -P INPUT ACCEPT
    echo
    ;;
 status)
    iptables -L -n -v|less
    ;;
 *)
    echo "Usar: $0 {start|stop|status}"
    exit 1
esac
 
exit 0

Problemas Fazendo NAT

Ferramentas de Tópicos

Problemas Fazendo NAT