iptables nao funciona [RESOLVIDO]
1. iptables nao funciona [RESOLVIDO]
julianderson
(usa Debian)
Enviado em 25/09/2010 - 09:56h
ola pessoal da vol mais uma vez estou com um probleminha com meu linux debian leny kernel 2.6ha duas semanas atraz eu configurei o squid 3 e colocava as regras do firewall manualmente, bem emprestei um livro com um amigo meu e coloquei o script firewall conforme o recomendado, mais ao dar start no script aparece uma mensagem de erro '/etc/init.d/firewall: line 736: syntax error near unexpected token 'start' /etc/init.d/firewall: line 736: 'start)' bem o que eu contei nao tem esta linha 736 o que eu estou achando e problema mesmo no scritp firewall, pessoal o meu scrip firewall e esse ak kaso eu tenho que fazer alguma alteracao , tando se estiver faltando alguma coisa ou se estar inceguro eu aceito sugestoes, obrigado;
#! /bin/bash
# /etc/init.d/firewall
# chkconfig: 09 20010
##### definicoes #####
MODPROBE=/sbin/modprobe
IPTABLES=/usr/sbin/iptables
prog=firewall
$MODPROBE ip_conntrack_ftp
$MODPROBE ip_nat_ftp
IFACE_LO="lo"
IP_IFACE_LO="127.0.0.1"
IFACE_EXT="eth0"
IP_IFACE_EXT="192.168.1.114"
IP_REDE_EXT="192.168.1.0/24
IP_BROADCAST_EXT="192.168.1.255"
MASC_REDE_EXT="255.255.255.0"
IFACE_INT="eth1"
IP_IFACE_INT="192.168.0.1
IP_REDE_INT="192.168.0.0/24
IP_BROADCAST_INT="192.168.0.255"
MASC_REDE_INT="255.255.255.0"
case "$1" in
start)
########################### tabela filter ###################################
##### flush #####
$IPTABLES -F
#### apaga todas as user chains ####
$IPTABLES -X
#### politica padrao #####
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP
#### chains INPUT #######
#### stateful ####
$IPTABLES -A INPUT -m state -state ESTABLISHED,RELATED -j ACCEPT
########## REGRAS para redes que nao fazem parte da internet ########
$IPTABLES -A INPUT -p ALL -i $IFACE_INT -d $IP_BROADCAST_INT -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $IFACE_LO -s $IP_IFACE_LO -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $IFACE_LO -s $IP_IFACE_EXT -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $IFACE_LO -s $IP_IFACE_INT -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $IFACE_LO -s $IP_REDE_INT -j ACCEPT
### ssh ###
$IPTABLES -A INPUT -p tcp -i $IFACE_INT -s $IP_REDE_INT -d $IP_IFACE_INT --dport 22 -j ACCEPT
### squid ###
$IPTABLES -A INPUT -p tcp -i $IFACE_INT -s $IP_REDE_INT -d $IP_IFACE_INT --dport 3128 -j ACCEPT
### chain FORWARD ###
### stateful ###
$IPTABLES -A FORWARD -m state -state ESTABELISHED,RELATED -j ACCEPT
### SPOOFING ###
## ext ##
$IPTABLES -A FORWARD -o $IFACE_EXT -d $IP_REDE_INT -j DROP
$IPTABLES -A FORWARD -I $IFACE_EXT -s $IP_REDE_INT -j DROP
# int #
$IPTABLES -A FORWARD -o $IFACE_INT -d ! $IP_REDE_INT -j DROP
$IPTABLES -A FORWARD -i $IFACE_INT -s ! $IP_REDE_INT -j DROP
### ftp ###
$IPTABLES -A FORWARD -p tcp -i $IFACE_INT -s $IP_REDE_INT -o $IFACE_EXT --dport 21 -j ACCEPT
## ssh ###
$IPTABLES -A FORWARD -p tcp -i $IFACE_INT -s $IP_REDE_INT -o $IFACE_EXT --dport 22 -j ACCEPT
### HTTP ###
$IPTABLES -A FORWARD -p tcp -i $IFACE_INT -s $IP_REDE_INT -o $IFACE_EXT --dport 80 -j ACCEPT
### https ###
$IPTABLES -A FORWARD -p tcp -i $IFACE_INT -s $IP_REDE_INT -o $IFACE_EXT --dport 443 -j ACCEPT
### SMTP ###
$IPTABLES -A FORWARD -p tcp -i $IFACE_INT -s $IP_REDE_INT -o $IFACE_EXT --dport 25 -j ACCEPT
### smtps ###
$IPTABLES -A FORWARD -p tcp -i $IFACE_INT -s $IP_REDE_INT -o $IFACE_EXT --dport 465 -j ACCEPT
### pop ###
$IPTABLES -A FORWARD -p tcp -i $IFACE_INT -s $IP_REDE_INT -o $IFACE_EXT --dport 110 -j ACCEPT
## pops ##
$IPTABLES -A FORWARD -p tcp -i $IFACE_INT -s $IP_REDE_INT -o $IFACE_EXT --dport 995 -j ACCEPT
## imap ##
$IPTABLES -A FORWARD -p tcp -i $IFACE_INT -s $IP_REDE_INT -o $IFACE_EXT --dport 143 -j ACCEPT
## imaps ##
$IPTABLES -A FORWARD -p tcp -i $IFACE_INT -s $IP_REDE_INT -o $IFACE_EXT --dport 993 -j ACCEPT
## dns ##
$IPTABLES -A FORWARD -p udp -i $IFACE_INT -s $IP_REDE_INT -o $IFACE_EXT --dport 53 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -i $IFACE_INT -s $IP_REDE_INT -o $IFACE_EXT --dport 53 -j ACCEPT
## squid ##
$IPTABLES -A FORWARD -p tcp -i $IFACE_INT -s $IP_REDE_INT -o $IFACE_EXT --dport 3128 -j ACCEPT
################################ TABELA NAT ##################################################
#### flush ###
$IPTABLES -t nat -F
### apagar todas as user chains ###
$IPTABLES -t nat -X
#### politicas padrao ####
### cria chains ususarios ####
### regras chains usuario ####
#### chain PREROUTING ###
$IPTABLES -t nat -A PREROUTING -i eth1 p tcp --dport 80 -j REDIRECT --to-port 3128
### chian PREROUTING ###
$IPTABLES -t nat -A POSTROUTING -s $IP_REDE_INT -o $IFACE_EXT -j MASQUERADE
#### chain OUTPUT ###
$IPTABLES -t magnle -F
#### apagar todas as user chains ###
$IPTABLES -t mangle -X
;;
stop)
### restaura as politicas defalt da tabela filter ###
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
## restaura as politicas defalt da tabela nat ###
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
### restaura as politicas defalt da tabela mangle ###
$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P INPUT ACCEPT
$IPTABLES -t mangle -P FORWARD ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT
$IPTABLES -t mangle -P POSTROUTING ACCEPT
### flush ###
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
### apagar todas as user chains ###
$IPTABLES -X
$IPTABLES -t nat -X
$IPTABLES -t mangle -x
;;
status)
echo ""
echo "TABELA FILTER"
echo ""
$IPTABLES -L -n
echo ""
$IPTABLES -t nat -L -n
echo ""
echo "TABELAS MANGLE"
echo ""
$IPTABLES -t mangle -L -n
;;
restart)
$0 stop
$0 start
;;
*)
echo $"Usage: {start|stop|status|restart|}"
exit 1
;;
esac
exit $?