Firewall Squid Rede não faz roteamento

[antoniaze]

Boa noite.

Senhores estou com squid instalado e meu script de firewall.
e esse....

! /bin/sh
# description: Inicializacao do iptables
#
# chkconfig: 2345 80 30
# processname: iptables
# pidfile: /var/run/iptabless.pid

. /etc/rc.d/init.d/functions
. /etc/sysconfig/network

if [ ${NETWORKING} = "no" ]
then
exit 0
fi

# Interfaces de Rede

ETHINT='eth0'
ETHEXT='eth1'
REDINT='10.0.0.0/32'

case "$1" in
start)
gprintf "Iniciando o serviço de %s: " "IPtables"
echo
echo 1 > /proc/sys/net/ipv4/ip_forward

### Nega trafego entrada, saida e forward ###
/usr/sbin/iptables -t filter -P INPUT DROP
/usr/sbin/iptables -t filter -P OUTPUT DROP
/usr/sbin/iptables -t filter -P FORWARD DROP


### Nega portas eth externa ###
/usr/sbin/iptables -t filter -A INPUT -i $ETHEXT -p TCP --dport 111 -j DROP
/usr/sbin/iptables -t filter -A INPUT -i $ETHEXT -p TCP --dport 631 -j DROP
/usr/sbin/iptables -t filter -A INPUT -i $ETHEXT -p TCP --dport 953 -j DROP
/usr/sbin/iptables -t filter -A INPUT -i $ETHEXT -p TCP --dport 3128 -j DROP
/usr/sbin/iptables -t filter -A INPUT -i $ETHEXT -p TCP --dport 10000 -j DROP

/usr/sbin/iptables -t filter -A INPUT -i $ETHEXT -p UDP --dport 111 -j DROP
/usr/sbin/iptables -t filter -A INPUT -i $ETHEXT -p UDP --dport 631 -j DROP
/usr/sbin/iptables -t filter -A INPUT -i $ETHEXT -p UDP --dport 953 -j DROP
/usr/sbin/iptables -t filter -A INPUT -i $ETHEXT -p UDP --dport 10000 -j DROP

### Aceita entrada interface lo ###
/usr/sbin/iptables -t filter -A INPUT -i lo -j ACCEPT
/usr/sbin/iptables -t filter -A OUTPUT -o lo -j ACCEPT

### Aceita entrada ssh ###
### Descomente a linha abaixo para negar ###
#/usr/sbin/iptables -t filter -A INPUT -i $ETHEXT -p TCP --dport 22 -j DROP
### Descomente a linha abaixo para liberar ssh ###
/usr/sbin/iptables -t filter -A INPUT -i $ETHEXT -p TCP --dport 22 -j ACCEPT

### Aceita entrada DNS ###
/usr/sbin/iptables -t filter -A OUTPUT -o $ETHEXT -p UDP --dport 53 -j ACCEPT

### Libera trafego ping rede externa ###
/usr/sbin/iptables -t filter -A INPUT -i $ETHEXT -p icmp --icmp-type echo-request -j ACCEPT
/usr/sbin/iptables -t filter -A INPUT -i $ETHEXT -p icmp --icmp-type echo-reply -j ACCEPT
/usr/sbin/iptables -t filter -A INPUT -i $ETHINT -p icmp --icmp-type echo-request -j ACCEPT
/usr/sbin/iptables -t filter -A INPUT -i $ETHINT -p icmp --icmp-type echo-reply -j ACCEPT
/usr/sbin/iptables -t filter -A OUTPUT -o $ETHEXT -p icmp -j ACCEPT
/usr/sbin/iptables -t filter -A OUTPUT -o $ETHINT -p icmp -j ACCEPT

### Libera trafego ping rede interna ###
/usr/sbin/iptables -t filter -A INPUT -i $ETHINT -p icmp --icmp-type echo-request -j ACCEPT
/usr/sbin/iptables -t filter -A INPUT -i $ETHINT -p icmp --icmp-type echo-reply -j ACCEPT
/usr/sbin/iptables -t filter -A OUTPUT -o $ETHINT -p icmp -j ACCEPT

### Regra de redirecionamento de porta 80/443 p/ 3128 (proxy) ###
/usr/sbin/iptables -t filter -A INPUT -i $ETHINT -s $REDINT -p TCP --dport 3128 -j ACCEPT
/usr/sbin/iptables -t nat -A PREROUTING -i $ETHINT -s $REDINT -p TCP --dport 80 -j REDIRECT --to-port 3128

### DHCP ###
/usr/sbin/iptables -t filter -A INPUT -i $ETHINT -s $REDINT -p TCP --dport 67 -j ACCEPT
/usr/sbin/iptables -t filter -A INPUT -i $ETHINT -s $REDINT -p UDP --dport 67 -j ACCEPT

### Navegação Pagina ###
/usr/sbin/iptables -t filter -A OUTPUT -o $ETHEXT -p TCP --dport 80 -j ACCEPT
/usr/sbin/iptables -t filter -A OUTPUT -o $ETHEXT -p TCP --dport 443 -j ACCEPT
/usr/sbin/iptables -t filter -A OUTPUT -o $ETHEXT -p TCP --dport 21 -j ACCEPT
/usr/sbin/iptables -t filter -A OUTPUT -o $ETHEXT -p TCP --dport 20 -j ACCEPT
/usr/sbin/iptables -t filter -A OUTPUT -o $ETHEXT -p TCP --dport 8080 -j ACCEPT

### FTP UNICAMP PARA ATUALIZAÇÃO ###
/usr/sbin/iptables -t filter -A OUTPUT -o $ETHEXT -p TCP -d 143.106.10.150 --dport 21 -j ACCEPT
/usr/sbin/iptables -t filter -A OUTPUT -o $ETHEXT -p TCP -d 143.106.10.150 --dport 1024:65535 -j ACCEPT

### Libera conexao entrada de conexões estabelecidas rede externa ###
## Entrada DNS ##
/usr/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -i $ETHEXT -p UDP --dport 53 -j ACCEPT

## Portas Altas TCP e UDP ##
/usr/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -i $ETHEXT -p TCP --dport 1024:65535 -j ACCEPT
/usr/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -i $ETHEXT -p UDP --dport 1024:65535 -j ACCEPT
/usr/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -o $ETHEXT -p UDP --dport 1024:65535 -j ACCEPT
/usr/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -o $ETHEXT -p TCP --dport 1024:65535 -j ACCEPT

### Libera conexao de entrada de conexões estabelecidas rede interna ###
/usr/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -o $ETHINT -j ACCEPT

;;

stop)
gprintf "Parando o serviço de %s: " " IPtables"
echo
/usr/sbin/iptables -F
/usr/sbin/iptables -t nat -F
/usr/sbin/iptables -t filter -P INPUT ACCEPT
/usr/sbin/iptables -t filter -P OUTPUT ACCEPT
/usr/sbin/iptables -t filter -P FORWARD ACCEPT

;;
*)
gprintf "Uso: iptables (start|stop)"
echo
;;
esac

exit 0
Gatewai da minha rede e 10.0.0.5
Eth0: 10.0.0.200
eth1: 10.0.0.254
Por Favor alguem pode me dizer porque que meu server não esta rotiando.

[antoniaze]

A Minha Placas de rede.
eth0: ip 10.0.0.200 mask: 255.0.0.0
Eth1: ip 10.0.0.254 Mask 255.255.254
ai esta todos os dados...
Por favor alguem me socorre.

[wps]

cade o postrouting
?????

iptables -t nat -A POSTROUTING -s sua rede -i interface da rede local -j MASQUERADE deve resolver o seu caso