Denuncie   Favoritos   Indicar  

Proxy Transparente+Iptables

1. Proxy Transparente+Iptables

Perfil removido
removido
(usa Nenhuma)

Enviado em 04/09/2012 - 15:33h

Pessoal boa tarde,

estou tendo um problema e não consigo ver a solução, uma maquina na minha empresa que é meu Firewall e meu Proxy, recentemente descobri que tirando o proxy do navegador os usuários conseguem acessar alguns site, vi e revi as regras mas não consigo ver onde esta o erro.

Obrigado desde já pela atenção.

Segue abaixo os meus .conf:

Iptables


#!/bin/bash

###################### Escrevendo um firewall feito para o servidor -by Felipe Brandao######################

###################### Apagando qualquer regra existente ######################
iptables -t filter -F
iptables -t nat -F
iptables -t mangle -F

###################### Apagando regras de terceiros ######################
iptables -t nat -X
iptables -t filter -X
iptables -t mangle -X
iptables -F

##################### Regras de LOG ##############################

#iptables -A INPUT -j LOG
#iptables -A OUTPUT -j LOG
#iptables -A FORWARD -j LOG

###################### Compartilhar uma conexã internet utilizando duas placas de rede ######################
# eth1 => placa ligada no Speedy / Virtua
# eth0 => placa ligada a rede com ip 172.16.0.1
# ppp0 => tipo de conexao PPOE
# bond0 => Placa de balanceamento


#-- Carrega Modulos do Iptables
modprobe ip_tables
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_nat_ftp
modprobe ipt_REJECT
modprobe ipt_MASQUERADE
modprobe ip_nat_pptp
modprobe ip_conntrack_pptp
modprobe ip_gre

# -- Habilitando o repasse entre as placas de rede --
echo 1 > /proc/sys/net/ipv4/ip_forward
#iptables -t nat -A PREROUTING -i eth3 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -i eth4 -p tcp --dport 80 -j REDIRECT --to-port 3128

#iptables -t mangle -A PREROUTING -j MARK -set-mark 2
#iptables -t mangle -A PREROUTING -j MARK -set-mark 1

#iptables -t mangle -A PREROUTING -m state -state new -m statistic -mode random -probability 0,5 -j MARK -set-mark 2

# Habilita mensagens de erro.
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

# Mapeamento de porta para Squid.
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -p udp --dport 80 -j REDIRECT --to-port 3128

#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -i eth1 -p udp --dport 80 -j REDIRECT --to-port 3128



####Sites que passam por fora do bloqueio#####

iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.201.197.107 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.201.197.106 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 161.113.0.71 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.155.86.34 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 170.66.11.10 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.220.186.3 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.220.178.3 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.201.166.106 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.38.80.48 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.150.200.34 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.91.216.156 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.186.77.216 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.186.77.216 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.108.204.139 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.125.241.28 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.174.81.174 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.228.125.2 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.155.3.227 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.38.80.44 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 170.66.52.28 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.98.255.177 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.108.35.2 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.21.131.4 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.21.131.4 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.108.204.139 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.108.204.139 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 208.44.23.120 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 65.55.12.249 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.99.137.68 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.99.137.68 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 65.55.184.152 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 65.55.184.152 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 65.54.81.151 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 65.54.81.151 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 65.55.57.251 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 65.55.57.251 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.125.115.156 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.125.115.156 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 199.7.48.190 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 199.7.48.190 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.20.216.191 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.20.216.191 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.1.136.39 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 38.103.150.135 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 174.120.244.229 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 161.113.4.71 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.196.152.209 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 170.66.52.28 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 170.66.11.10 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.0.218.74 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.0.218.74 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.76.164.246 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.76.164.246 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.77.204.25 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.77.204.25 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.108.35.173 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.108.35.173 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.108.35.173 -p udp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.108.35.173 -p udp --dport 443 -j ACCEPT

iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.94.156.20 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.94.156.20 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.94.156.20 -p udp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.94.156.20 -p udp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.94.154.26 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.94.154.26 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.94.154.26 -p udp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.94.154.26 -p udp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.94.154.24 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.94.154.24 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.94.154.24 -p udp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 201.94.154.24 -p udp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.201.204.105 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.201.204.105 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.201.204.105 -p udp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 200.201.204.105 -p udp --dport 443 -j ACCEPT



######CREDBASE###########
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.126.99.48 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.126.99.48 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.126.99.48 -p udp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.126.99.48 -p udp --dport 443 -j ACCEPT

######STREAMING##########
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.1.136.35 -p tcp --dport 80 -j ACCEPT
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.1.136.35 -p tcp --dport 443 -j ACCEPT
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.1.136.35 -p udp --dport 80 -j ACCEPT
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.1.136.35 -p udp --dport 443 -j ACCEPT

#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.1.136.30 -p tcp --dport 80 -j ACCEPT
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.1.136.30 -p tcp --dport 443 -j ACCEPT
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.1.136.30 -p udp --dport 80 -j ACCEPT
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.1.136.30 -p udp --dport 443 -j ACCEPT

#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.1.136.35 -p tcp --dport 51553 -j ACCEPT
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.1.136.35 -p tcp --dport 51553 -j ACCEPT
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.1.136.35 -p udp --dport 51553 -j ACCEPT
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 187.1.136.35 -p udp --dport 51553 -j ACCEPT

#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.38.80.144 -p tcp --dport 80 -j ACCEPT
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.38.80.144 -p tcp --dport 443 -j ACCEPT
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.38.80.144 -p udp --dport 80 -j ACCEPT
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 189.38.80.144 -p udp --dport 443 -j ACCEPT

#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 186.202.65.18 -p tcp --dport 80 -j ACCEPT
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 186.202.65.18 -p tcp --dport 443 -j ACCEPT
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 186.202.65.18 -p udp --dport 80 -j ACCEPT
#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -d 186.202.65.18 -p udp --dport 443 -j ACCEPT

#Mapeamento de porta para SQUID
iptables -A INPUT -s 172.16.0.0/16 -p tcp --dport 3128 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

#iptables -t nat -A PREROUTING -s 172.16.0.0/16 -p tcp --dport 80 -j REDIRECT --to-port 3128

#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -i eth1 -p udp --dport 80 -j REDIRECT --to-port 3128



#iptables -t nat -A PREROUTING -s 172.16.0.2 -p tcp --dport 80 -j ACCEPT
#iptables -t nat -A PREROUTING -s 172.16.0.119 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -s 172.16.0.119 -p udp --dport 80 -j REDIRECT --to-port 3128


#### Variaveis para facilitar ######
IF_EXTERNA=eth3
IF_EXTERNA2=eth4
IF_EXTERNA3=bond0
IF_INTERNA=eth1
PORTAS_VNC=5900

#Protecao contra Invasao
#Protege contra os "Ping of Death"
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

#Protege contra os ataques do tipo "Syn-flood, DoS, etc
iptables -A FORWARD -p tcp -m limit --limit 1/s -j ACCEPT

#Permitir repassamento (NAT,DNAT,SNAT) de pacotes estabilizados e os relatados ...
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

#Logar os pacotes mortos por inatividade ...
iptables -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG

#Protege contra port scanners avanç (Ex.: nmap)
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT

#Protege contra pacotes que podem procurar e obter informaçda rede interna ...
iptables -A FORWARD --protocol tcp --tcp-flags ALL SYN,ACK -j DROP



#ICMP
iptables -A FORWARD -p icmp --icmp-type ping -s 172.16.0.0/16 -i eth1 -d 0/0 -o eth4 -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type ping -s 172.16.0.0/16 -i eth1 -d 0/0 -o bond0 -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type ping -s 0/0 -d 172.16.0.0/16 -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type ping -s 172.16.0.0/16 -i eth1 -d 0/0 -o eth3 -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type ping -s 0/0 -i eth1 -d 172.16.0.0/16 -o eth3 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -s 172.16.0.0/16 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 8 -s 172.16.0.0/16 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -s 172.16.0.0/16 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -s 172.16.0.0/16 -j ACCEPT


iptables -A FORWARD -p icmp --icmp-type ping -s 172.16.1.0/16 -i eth1 -d 0/0 -o eth4 -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type ping -s 172.16.1.0/16 -i eth1 -d 0/0 -o bond0 -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type ping -s 0/0 -d 172.16.1.0/16 -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type ping -s 172.16.1.0/16 -i eth1 -d 0/0 -o eth3 -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type ping -s 0/0 -i eth1 -d 172.16.1.0/16 -o eth3 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -s 172.16.1.0/16 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 8 -s 172.16.1.0/16 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -s 172.16.1.0/16 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -s 172.16.1.0/16 -j ACCEPT



###################### LIBERACAO DE PORTAS GERAIS MAIS COMUNS ##########################

## OUTLOOK
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 25 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 110 -o $IF_EXTERNA

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 25 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 110 -o $IF_EXTERNA2

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 25 -o $IF_EXTERNA3
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 110 -o $IF_EXTERNA3

iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 110 -j ACCEPT

## E-MAILS IMAP
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 143 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 143 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 143 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 143 -j ACCEPT

#####Liberar portas Gmail/Outlook####
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 995 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 465 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 995 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 465 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 995 -o $IF_EXTERNA3
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 465 -o $IF_EXTERNA3

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 993 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 993 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 993 -o $IF_EXTERNA3

iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 993 -j ACCEPT
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 995 -j ACCEPT
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 465 -j ACCEPT

## VNC E ULTRAVNC - liberar porta
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp -m multiport --dport $PORTAS_VNC -o $IF_EXTERNA
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp -m multiport --dport $PORTAS_VNC -o $IF_EXTERNA2
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp -m multiport --dport $PORTAS_VNC -o $IF_EXTERNA3
#iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp -m multiport --dport $PORTAS_VNC -j ACCEPT

## REMOTE DESKTOP E ACESSO REMOTO - liberar porta 3389 ######
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3389 -o $IF_EXTERNA
#iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp --dport 3389 -j ACCEPT


## RELOGIO #####

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 2101 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 2101 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 2101 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 2101 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 2101 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 2101 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 2101 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 2101 -j ACCEPT


## ZIMBRA ##
iptables -I POSTROUTING -s 172.16.0.0/16 -d 172.16.0.50 -j SNAT --to 172.16.0.24 -t nat
iptables -I PREROUTING -s 172.16.0.0/16 -d 187.72.27.227 -j DNAT --to 172.16.0.50 -t nat

## SSH liberar porta #####
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 22 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 22 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 22 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp --dport 22 -j ACCEPT

## SSH liberar porta #####
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3391 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3391 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3391 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp --dport 3391 -j ACCEPT


## SSH liberar porta #####
##Liberando acesso ao ServerMail Previnacional.local ####
#iptables -t nat -A PREROUTING -d 187.72.27.226 -p tcp --dport 3392 -j DNAT --to 172.16.0.11:3392
#iptables -I INPUT -p tcp --dport 3392 -j ACCEPT
#iptables -I FORWARD -p tcp --dport 3392 -j ACCEPT

## Acesso externo Webmail Previnacional.local ####
#iptables -t nat -A PREROUTING -p tcp -d 187.72.27.226 --dport 80 -j DNAT --to 172.16.0.11:80


##Liberando porta 25 ServerMail Previnacional.local ####
iptables -t nat -A PREROUTING -d 187.72.27.226 -p tcp --dport 25 -j DNAT --to 172.16.0.11:25
iptables -I INPUT -p tcp --dport 25 -j ACCEPT
iptables -I FORWARD -p tcp --dport 25 -j ACCEPT

iptables -t nat -A PREROUTING -d 187.72.27.226 -p tcp --dport 110 -j DNAT --to 172.16.0.11:110
iptables -I INPUT -p tcp --dport 110 -j ACCEPT
iptables -I FORWARD -p tcp --dport 110 -j ACCEPT

iptables -t nat -A PREROUTING -d 187.72.27.226 -p tcp --dport 143 -j DNAT --to 172.16.0.11:143
iptables -I INPUT -p tcp --dport 143 -j ACCEPT
iptables -I FORWARD -p tcp --dport 143 -j ACCEPT



## Liberando portas Zimbra previnacional.com.br ###
iptables -t nat -A PREROUTING -d 187.72.27.227 -p tcp --dport 25 -j DNAT --to 172.16.0.50:25
iptables -t nat -A PREROUTING -d 187.72.27.227 -p tcp --dport 80 -j DNAT --to 172.16.0.50:80
iptables -t nat -A PREROUTING -d 187.72.27.227 -p tcp --dport 110 -j DNAT --to 172.16.0.50:110
iptables -t nat -A PREROUTING -d 187.72.27.227 -p tcp --dport 143 -j DNAT --to 172.16.0.50:143
iptables -t nat -A PREROUTING -d 187.72.27.227 -p tcp --dport 443 -j DNAT --to 172.16.0.50:443
iptables -t nat -A PREROUTING -d 187.72.27.227 -p tcp --dport 465 -j DNAT --to 172.16.0.50:465
iptables -t nat -A PREROUTING -d 187.72.27.227 -p tcp --dport 585 -j DNAT --to 172.16.0.50:585
iptables -t nat -A PREROUTING -d 187.72.27.227 -p tcp --dport 993 -j DNAT --to 172.16.0.50:993
iptables -t nat -A PREROUTING -d 187.72.27.227 -p tcp --dport 995 -j DNAT --to 172.16.0.50:995
iptables -t nat -A PREROUTING -d 187.72.27.227 -p tcp --dport 7071 -j DNAT --to 172.16.0.50:7071
iptables -I INPUT -p tcp --dport 25 -j ACCEPT
iptables -I FORWARD -p tcp --dport 25 -j ACCEPT

###########################################################################################################
#liberando o acesso do webmail externamente apenas para alguns IPs

while read line
do
iptables -A INPUT -i eth4 -s $line -d 187.72.27.226 -p tcp --dport 9500 -j ACCEPT
iptables -t nat -A PREROUTING -s $line -i eth4 -p tcp --dport 9500 -j DNAT --to 172.16.0.11:80
done < /etc/webmail_liberado_externo.txt

iptables -A INPUT -i eth4 -d 187.72.27.226 -p tcp --dport 9500 -j DROP

############################################################################################################

iptables -I FORWARD -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 110 -j ACCEPT
iptables -I FORWARD -p tcp --dport 110 -j ACCEPT
iptables -I INPUT -p tcp --dport 143 -j ACCEPT
iptables -I FORWARD -p tcp --dport 143 -j ACCEPT
iptables -I FORWARD -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -p tcp --dport 465 -j ACCEPT
iptables -I FORWARD -p tcp --dport 465 -j ACCEPT
iptables -I INPUT -p tcp --dport 585 -j ACCEPT
iptables -I FORWARD -p tcp --dport 585 -j ACCEPT
iptables -I INPUT -p tcp --dport 993 -j ACCEPT
iptables -I FORWARD -p tcp --dport 993 -j ACCEPT
iptables -I INPUT -p tcp --dport 995 -j ACCEPT
iptables -I FORWARD -p tcp --dport 995 -j ACCEPT
iptables -I INPUT -p tcp --dport 7071 -j ACCEPT
iptables -I FORWARD -p tcp --dport 7071 -j ACCEPT


## SSH liberar porta ####
##Liberando acesso ao ServerMail Previnacional.com.br ####
#iptables -t nat -A PREROUTING -d 187.72.27.226 -p tcp --dport 3393 -j DNAT --to 172.16.0.50:3393
#iptables -I INPUT -p tcp --dport 3393 -j ACCEPT
#iptables -I FORWARD -p tcp --dport 3393 -j ACCEPT


## ITUNES liberar porta ####
#iptables -A INPUT -p tcp -d 172.16.0.255 --destination-port 51835 -j ACCEPT
#iptables -A FORWARD -p tcp -d 172.16.0.255 --dport 51835 -j ACCEPT

##Liberando acesso ao Squid Teste ####
#iptables -t nat -A PREROUTING -d 187.72.27.226 -p tcp --dport 3394 -j DNAT --to 172.16.0.11:3394
#iptables -I INPUT -p tcp --dport 3394 -j ACCEPT
#iptables -I FORWARD -p tcp --dport 3394 -j ACCEPT


## VPN liberar porta PPTP Windows #####
iptables -A INPUT -p 47 -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A FORWARD -i ppp+ -j ACCEPT
iptables -A FORWARD -o ppp+ -j ACCEPT

iptables --append INPUT --protocol tcp --match tcp --destination-port 1723 --jump ACCEPT
iptables -A FORWARD -i ppp+ -j ACCEPT

iptables -A INPUT -p tcp --sport 9801 --dport 9801 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 9801 --dport 9801 -j ACCEPT

iptables -A INPUT -p udp --sport 9801 --dport 9801 -j ACCEPT
iptables -A OUTPUT -p udp --sport 9801 --dport 9801 -j ACCEPT

iptables -A INPUT -p tcp --sport 7743 --dport 7743 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 7743 --dport 7743 -j ACCEPT

iptables -A INPUT -p udp --sport 7743 --dport 7743 -j ACCEPT
iptables -A OUTPUT -p udp --sport 7743 --dport 7743 -j ACCEPT


## VPN liberar porta SonicWall #####
iptables -A INPUT -p tcp --sport 5000 --dport 5000 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 5000 --dport 5000 -j ACCEPT

iptables -A INPUT -p udp --sport 5000 --dport 5000 -j ACCEPT
iptables -A OUTPUT -p udp --sport 5000 --dport 5000 -j ACCEPT

iptables -A INPUT -p tcp --sport 500 --dport 500 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 500 --dport 500 -j ACCEPT

iptables -A INPUT -p udp --sport 500 --dport 500 -j ACCEPT
iptables -A OUTPUT -p udp --sport 500 --dport 500 -j ACCEPT

iptables -A INPUT -p tcp --sport 400 --dport 400 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 400 --dport 400 -j ACCEPT

iptables -A INPUT -p udp --sport 400 --dport 400 -j ACCEPT
iptables -A OUTPUT -p udp --sport 400 --dport 400 -j ACCEPT


## "Liberar porta para apache"
iptables -A INPUT -p tcp --destination-port 80 -j ACCEPT


## HTTPS - Liberar Porta ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 443 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 443 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 443 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp --dport 443 -j ACCEPT



##8080##

#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8080 -o $IF_EXTERNA
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8080 -o $IF_EXTERNA2
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8080 -o $IF_EXTERNA3
#iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp --dport 8080 -j ACCEPT


#iptables -A INPUT -p tcp --dport 443 -j ACCEPT
#iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT

## SERVIDOR DNS - Liberar Porta##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 53 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 53 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 53 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp --dport 53 -j ACCEPT


## FTP - Liberar Porta ##
iptables -I POSTROUTING -t nat -s 172.16.0.0/16 -p tcp --dport 21 -o $IF_EXTERNA -j LOG --log-prefix "FTP21"
iptables -I POSTROUTING -t nat -s 172.16.0.0/16 -p tcp --dport 21 -o $IF_EXTERNA2 -j LOG --log-prefix "FTP21"
iptables -I POSTROUTING -t nat -s 172.16.0.0/16 -p tcp --dport 21 -o $IF_EXTERNA3 -j LOG --log-prefix "FTP21"
iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp --dport 21 -j LOG --log-prefix "FTP21"

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 20 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 20 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 20 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp --dport 20 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 21 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 21 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 21 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp --dport 21 -j ACCEPT

iptables -I INPUT 1 -j ACCEPT -p 20
iptables -I OUTPUT 1 -j ACCEPT -p 20

iptables -I INPUT 1 -j ACCEPT -p 21
iptables -I OUTPUT 1 -j ACCEPT -p 21

iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 20 -j ACCEPT



## Liberacao porta Camera renato

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8090 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8090 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8090 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp --dport 8090 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 8090 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 8090 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 8090 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p udp --dport 8090 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 37777 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 37777 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 37777 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp --dport 37777 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 37777 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 37777 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 37777 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p udp --dport 37777 -j ACCEPT


### Liberar Bit Torrent ####
#iptables -A FORWARD -o $IF_EXTERNA -p tcp --dport 6881:6889 -j ACCEPT
#iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 6881:6889 -j DNAT --to-dest 172.16.0.240
#iptables -A FORWARD -p tcp -i $IF_EXTERNA --dport 6881:6889 -d 172.16.0.240 -j ACCEPT
#iptables -t nat -A PREROUTING -i $IF_EXTERNA -p udp --dport 6881:6889 -j DNAT --to-dest 172.16.0.240
#iptables -A FORWARD -p udp -i $IF_EXTERNA --dport 6881:6889 -d 172.16.0.240 -j ACCEPT

#iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 6881 -j ACCEPT
#iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 6882 -j ACCEPT
#iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 6883 -j ACCEPT
#iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 6884 -j ACCEPT
#iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 6885 -j ACCEPT
#iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 6886 -j ACCEPT
#iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 6887 -j ACCEPT
#iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 6888 -j ACCEPT
#iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 6889 -j ACCEPT



########## LIBERAR LOGMEIN #################
#iptables -A FORWARD -d www.logmein.com -j ACCEPT
#iptables -A FORWARD -d secure.logmein.com -j ACCEPT
#iptables -A FORWARD -p tcp --dport 2002 -j ACCEPT
#iptables -A FORWARD -d 69.209.251.0/24 -j ACCEPT
#iptables -A FORWARD -s 69.209.251.0/24 -j ACCEPT
#iptables -A FORWARD -d asterisk.app01.logmein.com -j ACCEPT
#iptables -A FORWARD -d asterisk.app02.logmein.com -j ACCEPT
#iptables -A FORWARD -d asterisk.app03.logmein.com -j ACCEPT
#iptables -A FORWARD -d asterisk.app04.logmein.com -j ACCEPT
#iptables -A FORWARD -d asterisk.app05.logmein.com -j ACCEPT
#iptables -A FORWARD -d asterisk.app06.logmein.com -j ACCEPT





############# LIBERACAO DE PORTAS ESPECIFICAS ###############

### BANCO REAL - Liberar Portas
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4675 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4675 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4675 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 4675 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4976 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4976 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4976 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 4976 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 443 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 443 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 443 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 443 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 1992 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 1992 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 1992 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 1992 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4977 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4977 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4977 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 4977 -j ACCEPT

## liberacao da porta 5502 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5502 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5502 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5502 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 5502 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 5502 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 5502 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 5502 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 5502 -j ACCEPT

iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 17500 -j ACCEPT
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 17500 -j ACCEPT


## liberacao da porta 8443 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8443 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8443 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8443 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 8443 -j ACCEPT

iptables -t filter -A FORWARD -p tcp --dport 8443 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 8443 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 8443 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 8443 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 8443 -j ACCEPT

## liberacao da porta 8080 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8080 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8080 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8080 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 8080 -j ACCEPT

iptables -t filter -A FORWARD -p tcp --dport 8080 -j ACCEPT

## liberacao da porta 1433 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 1433 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 1433 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 1433 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 1433 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 1433 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 1433 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 1433 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 1433 -j ACCEPT

## liberacao da porta 9000 - Cameras ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 9000 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 9000 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 9000 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 9000 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 9000 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 9000 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 9000 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 9000 -j ACCEPT

## liberacao da porta 3780 - Cameras ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3780 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3780 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3780 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 3780 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 3780 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 3780 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 3780 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 3780 -j ACCEPT


## liberacao da porta 3876 - Cameras ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3876 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3876 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3876 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 3876 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 3876 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 3876 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 3876 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 3876 -j ACCEPT

## liberacao da porta 3973 - Cameras ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3973 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3973 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3973 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 3973 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 3973 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 3973 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 3973 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 3973 -j ACCEPT

##################################################################################################
## liberacao da porta 4550 - Cameras ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4550 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4550 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4550 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 4550 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 4550 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 4550 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 4550 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 4550 -j ACCEPT

## liberacao da porta 5550 - Cameras ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5550 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5550 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5550 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 5550 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 5550 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 5550 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 5550 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 5550 -j ACCEPT

## liberacao da porta 4560 - Cameras ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4560 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4560 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4560 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 4560 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 4560 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 4560 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 4560 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 4560 -j ACCEPT

## liberacao da porta 5560 - Cameras ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5560 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5560 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5560 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 5560 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 5560 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 5560 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 5560 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 5560 -j ACCEPT

## liberacao da porta 6560 - Cameras ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 6560 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 6560 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 6560 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 6560 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 6560 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 6560 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 6560 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 6560 -j ACCEPT

## liberacao da porta 8876 - Cameras ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8876 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8876 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8876 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 8876 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 8876 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 8876 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 8876 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 8876 -j ACCEPT

## libercacao da porta 8080 - Cameras ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8080 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8080 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8080 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 8080 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 8080 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 8080 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 8080 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 8080 -j ACCEPT

###########################################################################################################

## libercacao da porta 5000 a 5019 - Cameras ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5000:5019 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5000:5019 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5000:5019 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 5000:5019 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 5000:5019 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 5000:5019 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 5000:5019 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 5000:5019 -j ACCEPT

## libercacao da porta 6000 a 6019 - Cameras ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 6000:6019 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 6000:6019 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 6000:6019 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 6000:6019 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 6000:6019 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 6000:6019 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 6000:6019 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 6000:6019 -j ACCEPT

## libercacao da porta 7000 a 7019 - Cameras ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 7000:7019 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 7000:7019 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 7000:7019 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 7000:7019 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 7000:7019 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 7000:7019 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 7000:7019 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 7000:7019 -j ACCEPT

###########################################################################################################

## Portas programa InterFloult/infoque ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 1995 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 1995 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 1995 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 1995 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 60652 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 60652 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 60652 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 60652 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 2020 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 2020 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 2020 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 2020 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 2021 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 2021 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 2021 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 2021 -j ACCEPT


###################################################################################################

## liberacao da porta 1434 ##
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 1434 -o $IF_EXTERNA
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 1434 -o $IF_EXTERNA2
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 1434 -o $IF_EXTERNA3
#iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 1434 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 1434 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 1434 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 1434 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 1434 -j ACCEPT

## liberacao da porta 82 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 82 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 82 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 82 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 82 -j ACCEPT

## liberacao da porta 8200 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8200 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8200 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 8200 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 8200 -j ACCEPT

## liberacao da porta 8200 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.1.0/16 -p tcp --dport 8200 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.1.0/16 -p tcp --dport 8200 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.1.0/16 -p tcp --dport 8200 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.1.0/16 -p tcp --dport 8200 -j ACCEPT

###################################################################################################
## liberacao da porta 4550 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4550 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4550 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 4550 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 4550 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 4550 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 4550 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 4550 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 4550 -j ACCEPT

## liberacao da porta 5550 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5550 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5550 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5550 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 5550 -j ACCEPT

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 5550 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 5550 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p udp --dport 5550 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p udp --dport 5550 -j ACCEPT
###################################################################################################

## liberacao da porta 587 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 587 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 587 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 587 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 587 -j ACCEPT

## liberacao da porta 9875 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 9875 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 9875 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 9875 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 9875 -j ACCEPT

## liberacao da porta 3005 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3005 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3005 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3005 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 3005 -j ACCEPT

## liberacao da porta 443 ##
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 443 -o $IF_EXTERNA
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 443 -o $IF_EXTERNA2
#iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 443 -j ACCEPT


#beracao da porta 5001##
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5001 -o $IF_EXTERNA
#iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 5001 -j ACCEPT

#beracao da porta 5000##
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5000 -o $IF_EXTERNA
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5000 -o $IF_EXTERNA2
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5000 -o $IF_EXTERNA3
#iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 5001 -j ACCEPT

#beracao da porta 3050##
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3050 -o $IF_EXTERNA
#iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 3050 -j ACCEPT

## SPTRANS - Liberar Porta 5501
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5501 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5501 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 5501 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -d 200.189.189.94 -p tcp --dport 5501 -j ACCEPT

### Portas Especificas
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 2020 -o $IF_EXTERNA
#iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 2020 -j ACCEPT

#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 2023 -o $IF_EXTERNA
#iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 2023 -j ACCEPT

#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 2010 -o $IF_EXTERNA
#iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 2010 -j ACCEPT

#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 2021 -o $IF_EXTERNA
#iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 2021 -j ACCEPT

#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3110 -o $IF_EXTERNA
#iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 3110 -j ACCEPT

#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3210 -o $IF_EXTERNA
#iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 3210 -j ACCEPT

#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3310 -o $IF_EXTERNA
#iptables -A FORWARD -s 172.16.0.0/16 -p tcp --dport 3310 -j ACCEPT


## LIBERAR PORTA VIVO GESTAO ####
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 7003 -o $IF_EXTERNA
#iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp --dport 7003 -j ACCEPT

#############################################################################################################################
## 80 ####

#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 80 -o $IF_EXTERNA
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 80 -o $IF_EXTERNA2
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 80 -o $IF_EXTERNA3
#iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp --dport 80 -j ACCEPT

#iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp --dport 80 -j ACCEPT

#iptables -A INPUT -p tcp --dport 80 -j ACCEPT

## 3128 ####
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3128 -o $IF_EXTERNA
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3128 -o $IF_EXTERNA2
#iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 3128 -o $IF_EXTERNA3
#iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp --dport 3128 -j ACCEPT
#iptables -A INPUT -i eth1 -p tcp --dport 3128 -j ACCEPT
#iptables -A INPUT -i eth2 -p tcp --dport 3128 -j ACCEPT
##############################################################################################################################


########PORTA CAIXA CONECTIVIDADE#######
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 2631 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 2631 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.0/16 -p tcp --dport 2631 -o $IF_EXTERNA3
iptables -A FORWARD -s 172.16.0.0/16 -d 172.16.0.0/16 -p tcp --dport 2631 -j ACCEPT



## CAMERAS GEOVISION 4550-5550 ###
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.24 -p tcp --dport 5550 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.24 -p tcp --dport 4550 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.24 -p udp --dport 4550 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.24 -p udp --dport 5500 -o $IF_EXTERNA

iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.24 -p tcp --dport 5550 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.24 -p tcp --dport 4550 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.24 -p udp --dport 4550 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.24 -p udp --dport 5500 -o $IF_EXTERNA2

iptables -A FORWARD -s 172.16.0.26 -d 187.108.35.174 -p tcp --dport 4550 -j ACCEPT
iptables -A FORWARD -s 172.16.0.26 -d 187.108.35.174 -p tcp --dport 5500 -j ACCEPT

iptables -A FORWARD -s 172.16.0.26 -d 187.108.35.173 -p tcp --dport 4550 -j ACCEPT
iptables -A FORWARD -s 172.16.0.26 -d 187.108.35.173 -p tcp --dport 5500 -j ACCEPT

#iptables -A FORWARD -s 172.16.0.26 -d 187.108.35.172 -p tcp --dport 4550 -j ACCEPT
#iptables -A FORWARD -s 172.16.0.26 -d 187.108.35.172 -p tcp --dport 5500 -j ACCEPT

#iptables -A FORWARD -s 172.16.0.26 -d 187.6.102.37 -p tcp --dport 4550 -j ACCEPT
#iptables -A FORWARD -s 172.16.0.26 -d 187.6.102.37 -p tcp --dport 5500 -j ACCEPT


iptables -A INPUT -d 172.16.0.26 -p tcp --dport 4550 -j ACCEPT
iptables -A INPUT -d 172.16.0.26 -p tcp --dport 5550 -j ACCEPT

iptables -A INPUT -d 172.16.0.24 -p udp --dport 4550 -j ACCEPT
iptables -A INPUT -d 172.16.0.24 -p udp --dport 5550 -j ACCEPT

## LIBERACAO DE ACESSO AO SERVIDOR DE CAMERA EXTERNO INDICANDO O CLIENTE ##

iptables -A FORWARD -o $IF_EXTERNA -p tcp --dport 4550 -j ACCEPT

iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 4550 -j DNAT --to-dest 172.16.0.24
iptables -A FORWARD -p tcp -i $IF_EXTERNA --dport 4550 -d 172.16.0.24 -j ACCEPT

iptables -t nat -A PREROUTING -i $IF_EXTERNA -p udp --dport 5550 -j DNAT --to-dest 172.16.0.24
iptables -A FORWARD -p udp -i $IF_EXTERNA --dport 5550 -d 172.16.0.24 -j ACCEPT

iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 4550 -j ACCEPT
iptables -A INPUT -d 172.16.0.0/16 -p udp --dport 5550 -j ACCEPT


## BANCO CENTRAL
#iptables -I POSTROUTING -j MASQUERADE -t nat -s $IP -p tcp --dport 5024 -o $EXTERNAL
#iptables -I POSTROUTING -j MASQUERADE -t nat -s $IP -p tcp --dport 1024 -o $EXTERNAL


## Porta 3007 associacao comercial
#iptables -I POSTROUTING -j MASQUERADE -t nat -p tcp --dport 3007 -o $IF_EXTERNA


## SUFRAMA
iptables -I POSTROUTING -j MASQUERADE -t nat -p tcp --dport 7778 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -p udp --dport 7778 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -p tcp --dport 7778 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -p udp --dport 7778 -o $IF_EXTERNA2
iptables -I POSTROUTING -j MASQUERADE -t nat -p tcp --dport 7778 -o $IF_EXTERNA3
iptables -I POSTROUTING -j MASQUERADE -t nat -p udp --dport 7778 -o $IF_EXTERNA3


#Intranets porta 8080
#iptables -I POSTROUTING -j MASQUERADE -t nat -s $IP -p tcp --dport 8080 -o $EXTERNAL


#CONECTIVIDADE CAIXA ECONOMICA
#iptables -I POSTROUTING -j MASQUERADE -t nat -s $IP -p tcp -h 200.201.174.207 --dport 80 -o $EXTERNAL

#CPANEL
#iptables -I POSTROUTING -j MASQUERADE -t nat -s $IP -p tcp --dport 2082 -o $EXTERNAL


## LIBERACAO DA PORTA 5617
#iptables -I POSTROUTING -j MASQUERADE -t nat -p tcp --dport 5617 -o $IF_EXTERNA



###################### REDIRECIONAMENTO DE PORTAS ##################

#### SSH redirecionar porta #####
#iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 22 -j DNAT --to 172.16.0.24
#iptables -t nat -A PREROUTING -i $IF_EXTERNA2 -p tcp --dport 22 -j DNAT --to 172.16.0.24


## VNC redirecionar porta
#iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 5900 -j DNAT --to 172.16.0.10

## Remote Desktop #######
#iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 3389 -j DNAT --to 172.16.0.10

## PORTA 5500 #######
#iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 5500 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth3 -p tcp --dport 5500 -j DNAT --to 172.16.0.126:5500

## PORTA 5500 e 4500 ######

#iptables -A INPUT -d 172.16.0.0/16 -p udp --dport 5500 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth3 -p udp --dport 5500 -j DNAT --to 172.16.0.26:5500

#iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 4500 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth3 -p tcp --dport 4500 -j DNAT --to 172.16.0.26:4500

## PORTA 3390 #######
#iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 3390 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth3 -p tcp --dport 3390 -j DNAT --to 172.16.0.119:3389
#iptables -t nat -A PREROUTING -i eth4 -p tcp --dport 3390 -j DNAT --to 172.16.0.119:3389
#iptables -t nat -A PREROUTING -i bond0 -p tcp --dport 3390 -j DNAT --to 172.16.0.119:3389

## PORTA 8100 #######
#iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 8100 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth3 -p tcp --dport 8100 -j DNAT --to 172.16.0.99:8100
#iptables -t nat -A PREROUTING -i eth4 -p tcp --dport 8100 -j DNAT --to 172.16.0.99:8100
#iptables -t nat -A PREROUTING -i bond0 -p tcp --dport 8100 -j DNAT --to 172.16.0.99:8100

## PORTA 8400 - File Server #######
#iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 8400 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth3 -p tcp --dport 8400 -j DNAT --to 172.16.0.26:3389
#iptables -t nat -A PREROUTING -i eth4 -p tcp --dport 8400 -j DNAT --to 172.16.0.26:3389
#iptables -t nat -A PREROUTING -i bond0 -p tcp --dport 8400 -j DNAT --to 172.16.0.26:3389

## PORTA 8300 #######
#iptables -A INPUT -d 172.16.0.0/16 -p tcp --dport 8300 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth3 -p

0 0
  • Quote

    •   


    2. Re: Proxy Transparente+Iptables

    Perfil removido
    removido
    (usa Nenhuma)

    Enviado em 04/09/2012 - 15:47h

    Ué brother! Não era para conseguir? Se tu usas proxy transparente a ideia é essa... Navegar sem configurar o proxy do navegador.

    0 0
  • Quote

    • 3. Re: Proxy Transparente+Iptables

    Perfil removido
    removido
    (usa Nenhuma)

    Enviado em 04/09/2012 - 15:57h

    Você não usa politica padrão como DROP né? Não seria melhor bloquear tudo e ir liberando oque é necessário?

    0 0
  • Quote

    • 4. Re: Proxy Transparente+Iptables

    Perfil removido
    removido
    (usa Nenhuma)

    Enviado em 04/09/2012 - 16:04h

    Dica: Suas regras estão enormes! Otimize isso para facilitar o suporte.

    Ex:


    
## CAMERAS GEOVISION 4550-5550 ###
    
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.24 -p tcp --dport 5550 -o $IF_EXTERNA
    
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.24 -p tcp --dport 4550 -o $IF_EXTERNA
    
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.24 -p udp --dport 4550 -o $IF_EXTERNA
    
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.24 -p udp --dport 5500 -o $IF_EXTERNA
    
 



    
## CAMERAS GEOVISION 4550-5550 ###
    
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.24 -p tcp --dport 5550,4550 -o $IF_EXTERNA
    
iptables -I POSTROUTING -j MASQUERADE -t nat -s 172.16.0.24 -p udp --dport 5550,4550 -o $IF_EXTERNA


    0 0
  • Quote

    • 5. Squid+Iptables

    Perfil removido
    removido
    (usa Nenhuma)

    Enviado em 04/09/2012 - 16:19h

    Opa,

    então antes o pessoal só navegava com o proxy setado no navegador ou quando era preciso eu liberei alguns site mais usador por fora,

    mas descobri se tirar o proxy esta tendo acesso ao google, uol e outros site, isso esta me preocupando.

    Obrigado pela a dica da otimização das regras irei utilizar.

    Muito obrigado.

    0 0
  • Quote

    • 6. Re: Proxy Transparente+Iptables

    Perfil removido
    removido
    (usa Nenhuma)

    Enviado em 04/09/2012 - 16:26h

    adsqueiroz escreveu:

    Opa,

    então antes o pessoal só navegava com o proxy setado no navegador ou quando era preciso eu liberei alguns site mais usador por fora,

    mas descobri se tirar o proxy esta tendo acesso ao google, uol e outros site, isso esta me preocupando.

    Obrigado pela a dica da otimização das regras irei utilizar.

    Muito obrigado.


    Se não quer usar o proxy transparente comente a regra que redireciona para a porta 3128.

    No caso de sites que não precisam de proxy, basta configurar nas exceções do proxy do navegador.

    0 0
  • Quote

    • 7. Proxy Transparente+Iptables

    Perfil removido
    removido
    (usa Nenhuma)

    Enviado em 04/09/2012 - 16:38h

    Ok vou fazer um teste,

    desde já obrigado pela ajuda.

    0 0
  • Quote

    • 8. Proxy Transparente+Iptables

    Perfil removido
    removido
    (usa Nenhuma)

    Enviado em 04/09/2012 - 17:21h

    Cara fiz o que você disse, quando tiro a regra do Iptables para direcionar requisições da porta 80 para a 3128 não entra em nenhum site, mas se voltou a regra consigo entrar no google e no uol, eu acho que é o squid, não sei porque ele ta deixando passar.

    Obrigado pela luz.

    0 0
  • Quote

    • 9. Squid+Iptables

    Perfil removido
    removido
    (usa Nenhuma)

    Enviado em 10/09/2012 - 13:23h

    Estou verificando o meu Squid e acabei descobrindo que tem acl dando acesso de site de outra acl, nunca ví isso.

    Alguém consegue me ajudar?



    0 0
  • Quote





    • Patrocínio

    Site hospedado pelo provedor RedeHost.
    Linux banner

    Destaques

    Artigos

    Enviar mensagem ao usuário trabalhando com as opções do php.ini

    Meu Fork do Plugin de Integração do CVS para o KDevelop

    Compartilhando a tela do Computador no Celular via Deskreen

    Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota

    Configuração para desligamento automatizado de Computadores em um Ambiente Comercial

    Dicas

    Compartilhamento de Rede com samba em modo Público/Anônimo de forma simples, rápido e fácil

    Cups: Mapear/listar todas as impressoras de outro Servidor CUPS de forma rápida e fácil

    Criando uma VPC na AWS via CLI

    Multifuncional HP imprime mas não digitaliza

    Dica básica para escrever um Artigo.

    Tópicos

    Linux Mint 21.1 Lançamento (2)

    Arch tavado na instalação (2)

    escalar privilegio (4)

    Impressora Bematech MP4200TH rorando com a distribuição Zorin OS (3)

    Erro no Linux (2)

    Top 10 do mês

    Scripts

    [C/C++] reverse shell na marra!

    [Outros] Dicas e truques Matematica Básica

    [C/C++] criptografia de modo simples

    [C/C++] intdb - gerador de wordlist numerica

    [C/C++] genpass - gerador de senhas seguras

    A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.

    Site hospedado por: