Bloqueio Orkut Iptables
1. Bloqueio Orkut Iptables
diogobueno
(usa Debian)
Enviado em 06/09/2010 - 12:10h
Bom dia Amigos !Estou encontrando dificuldades para bloquear o orkut via Iptables, já verifiquei os outros Posts aqui, mas nenhum deles resolveu meu problema. Na empresa onde trabalho, utilizamos Iptables + Squid, porém, existem alguns usuários que não podem passar pelo proxy, mas que também não podem acessar o Orkut e outros sites.
Sou iniciante no linux, solicito ajuda para tentar resolver esse problema.
Abaixo segue meu iptables.
#!/bin/sh
#description: Inicializacao do iptables
#
# chkconfig: 2345 80 30
# processname: iptables
IPT="/sbin/iptables"
EXT_IF="eth0"
EXT_IP="189.19.51.145"
LAN_IF="eth2"
LAN_IP="192.168.0.100"
TEL_IP="192.168.0.101"
# Caso a Vpn desse servidor cair, ativar as regras da VPN_IP
VPN_IP="192.168.0.101"
# Placas da VPN desse servidor
VPN_IF0="tun0"
VPN_IF1="tun1"
VPN_IF2="tun2"
# Fabrica - Totvs
FAB_IP="192.168.0.102"
# Fabrica - Camera
CAM_IP="192.168.0.120"
# Fabrica - Terminal
WTS_IP="192.168.0.5"
case "$1" in
start)
echo "Iniciando o servico: " "Iptables"
echo
echo 1 > /proc/sys/net/ipv4/ip_forward
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -F
$IPT -F INPUT
$IPT -F FORWARD
$IPT -F OUTPUT
$IPT -t nat -F
$IPT -t mangle -F
$IPT -X
$IPT -t nat -X
$IPT -t mangle -X
# Policy DROP - Input and Forward and Output
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP
# Basic
$IPT -N bad_packets
$IPT -N bad_tcp_packets
$IPT -N icmp_packets
$IPT -N udp_inbound
$IPT -N udp_outbound
$IPT -N tcp_inbound
$IPT -N tcp_outbound
# icmp-packets chain
$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
$IPT -A icmp_packets -p ICMP -j RETURN
# Inbound chain - udp
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 1193 -j ACCEPT
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 1194 -j ACCEPT
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 1195 -j ACCEPT
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 500 -j ACCEPT
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 5800:5900 -j ACCEPT
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 2077:2078 -j ACCEPT
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 8000 -j DROP
$IPT -A udp_inbound -p UDP -j RETURN
# Outbound chain - udp
$IPT -A udp_outbound -p UDP -s 0/0 --destination-port 1193 -j ACCEPT
$IPT -A udp_outbound -p UDP -s 0/0 --destination-port 1194 -j ACCEPT
$IPT -A udp_outbound -p UDP -s 0/0 --destination-port 1195 -j ACCEPT
$IPT -A udp_outbound -p UDP -s 0/0 --destination-port 5800:5900 -j ACCEPT
$IPT -A udp_outbound -p UDP -s 0/0 --destination-port 500 -j ACCEPT
$IPT -A udp_outbound -p UDP -s 0/0 --destination-port 2077:2078 -j ACCEPT
$IPT -A udp_outbound -p UDP -s 0/0 --destination-port 8000 -j DROP
$IPT -A udp_outbound -p UDP -s 0/0 -j ACCEPT
# Inbound chain - tcp
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 22 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 23 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 139 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 443 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 500 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 631 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 1159 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 1160 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 1863 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 2208 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 2381 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 2631 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 3050 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 3389 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 5017 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 5800:5900 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 6346 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 9000 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 2077:2078 -j ACCEPT
# Acesso ao site
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 80 -j ACCEPT
# Fabrica inicio - Portas
# $IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 3400 -j ACCEPT
# $IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 3390 -j ACCEPT
# $IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 5555 -j ACCEPT
# $IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 8021 -j ACCEPT
# $IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 8085 -j ACCEPT
# $IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 9011 -j ACCEPT
# $IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 9013 -j ACCEPT
# $IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 9090 -j ACCEPT
# $IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 8011 -j ACCEPT
# $IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 4550 -j ACCEPT
# $IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 5550 -j ACCEPT
# $IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 6550 -j ACCEPT
# $IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 4431 -j ACCEPT
# Fabrica fim - Portas
# Sms inicio - Portas
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 1099 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 4444 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 8005 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 8080 -j ACCEPT
# Sms fim - Portas
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 8000 -j DROP
$IPT -A tcp_inbound -p TCP -j RETURN
# Outbound chain - tcp
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 22 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 23 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 139 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 443 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 500 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 631 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 1159 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 1160 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 1863 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 2208 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 2631 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 3050 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 3389 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 5017 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 5800:5900 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 6346 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 9000 -j ACCEPT
# Fabrica inicio - Portas
# $IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 3400 -j ACCEPT
# $IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 8011 -j ACCEPT
# $IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 4550 -j ACCEPT
# $IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 5550 -j ACCEPT
# $IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 6550 -j ACCEPT
# $IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 4431 -j ACCEPT
# $IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 3390 -j ACCEPT
# $IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 5555 -j ACCEPT
# $IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 8021 -j ACCEPT
# $IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 8085 -j ACCEPT
# $IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 9011 -j ACCEPT
# $IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 9013 -j ACCEPT
# $IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 9090 -j ACCEPT
# Fabrica fim - Portas
# Sms inicio - Portas
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 1099 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 4444 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 8080 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 9090 -j ACCEPT
# Sms fim - Portas
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 8000 -j DROP
$IPT -A tcp_outbound -p TCP -s 0/0 -j ACCEPT
$IPT -A tcp_outbound -p TCP -s 0/0 --destination-port 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A FORWARD -p tcp --dport 8080 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 8080 -j ACCEPT
# Input chain - Permissoes de redes
$IPT -A INPUT -p ALL -i lo -j ACCEPT
$IPT -A INPUT -p ALL -j bad_packets
# Matriz - VPN (linux)
$IPT -A INPUT -p ALL -i $LAN_IF -s 192.168.0.0/24 -j ACCEPT
$IPT -A INPUT -p ALL -i $LAN_IF -d 192.168.0.255 -j ACCEPT
# Deposito - VPN (linux)
$IPT -A INPUT -p ALL -i $LAN_IF -s 192.168.1.0/24 -j ACCEPT
$IPT -A INPUT -p ALL -i $LAN_IF -d 192.168.1.255 -j ACCEPT
# Atibaia - VPN (linux)
$IPT -A INPUT -p ALL -i $LAN_IF -s 192.168.2.0/24 -j ACCEPT
$IPT -A INPUT -p ALL -i $LAN_IF -d 192.168.2.255 -j ACCEPT
# Fabrica - VPN (FTD)
$IPT -A INPUT -p ALL -i $LAN_IF -s 192.168.3.0/24 -j ACCEPT
$IPT -A INPUT -p ALL -i $LAN_IF -d 192.168.3.255 -j ACCEPT
# Vpn client
$IPT -A INPUT -p ALL -i $LAN_IF -s 10.7.0.0/24 -j ACCEPT
$IPT -A INPUT -p ALL -i $LAN_IF -d 10.7.0.255 -j ACCEPT
# Vpn deposito
$IPT -A INPUT -p ALL -i $LAN_IF -s 10.8.0.0/24 -j ACCEPT
$IPT -A INPUT -p ALL -i $LAN_IF -d 10.8.0.255 -j ACCEPT
# Vpn atibaia
$IPT -A INPUT -p ALL -i $LAN_IF -s 10.9.0.0/24 -j ACCEPT
$IPT -A INPUT -p ALL -i $LAN_IF -d 10.9.0.255 -j ACCEPT
# Micros impedidos de navegar
$IPT -A INPUT -p UDP -i $LAN_IF --source-port 68 --destination-port 67 -j ACCEPT
# Stateful - Internet
$IPT -A INPUT -p ALL -i $EXT_IF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p TCP -i $EXT_IF -j tcp_inbound
$IPT -A INPUT -p UDP -i $EXT_IF -j udp_inbound
$IPT -A INPUT -p ICMP -i $EXT_IF -j icmp_packets
$IPT -A INPUT -p ALL -d 255.255.255.255 -j DROP
# $IPT -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-prefix "INPUT packet died:"
# Stateful - VPN0
$IPT -A INPUT -p ALL -i $VPN_IF0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p TCP -i $VPN_IF0 -j tcp_inbound
$IPT -A INPUT -p UDP -i $VPN_IF0 -j udp_inbound
$IPT -A INPUT -p ICMP -i $VPN_IF0 -j icmp_packets
# Stateful - VPN1
$IPT -A INPUT -p ALL -i $VPN_IF1 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p TCP -i $VPN_IF1 -j tcp_inbound
$IPT -A INPUT -p UDP -i $VPN_IF1 -j udp_inbound
$IPT -A INPUT -p ICMP -i $VPN_IF1 -j icmp_packets
# Stateful - VPN0
$IPT -A INPUT -p ALL -i $VPN_IF2 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p TCP -i $VPN_IF2 -j tcp_inbound
$IPT -A INPUT -p UDP -i $VPN_IF2 -j udp_inbound
$IPT -A INPUT -p ICMP -i $VPN_IF2 -j icmp_packets
# Conectividade
$IPT -A INPUT -p tcp -s 192.168.0.0/16 -d 200.201.174.0/24 --dport 80 -m state --state NEW -j ACCEPT
$IPT -A INPUT -p tcp -s 192.168.0.0/16 -d 200.201.174.0/24 --dport 2631 -m state --state NEW -j ACCEPT
# Aliens out
$IPT -A INPUT -s 169.0.0.0/255.0.0.0 -j DROP
$IPT -A INPUT -d 169.0.0.0/255.0.0.0 -j DROP
# Forward chain
# Intranet
$IPT -A FORWARD -p tcp -i $LAN_IF -j tcp_outbound
$IPT -A FORWARD -p udp -i $LAN_IF -j udp_outbound
$IPT -A FORWARD -p ALL -i $LAN_IF -j ACCEPT
# Vpn 0
$IPT -A FORWARD -p tcp -i $VPN_IF0 -j tcp_outbound
$IPT -A FORWARD -p udp -i $VPN_IF0 -j udp_outbound
$IPT -A FORWARD -p ALL -i $VPN_IF0 -j ACCEPT
# Vpn 1
$IPT -A FORWARD -p tcp -i $VPN_IF1 -j tcp_outbound
$IPT -A FORWARD -p udp -i $VPN_IF1 -j udp_outbound
$IPT -A FORWARD -p ALL -i $VPN_IF1 -j ACCEPT
# Vpn 2
$IPT -A FORWARD -p tcp -i $VPN_IF2 -j tcp_outbound
$IPT -A FORWARD -p udp -i $VPN_IF2 -j udp_outbound
$IPT -A FORWARD -p ALL -i $VPN_IF2 -j ACCEPT
# Internet
$IPT -A FORWARD -i $EXT_IF -m state --state ESTABLISHED,RELATED -j ACCEPT
# $IPT -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG --log-prefix "FORWARD packet died:"
# $IPT -A FORWARD -d 192.168.0.0/24 -j ACCEPT
# $IPT -A FORWARD -s 192.168.0.0/24 -j ACCEPT
$IPT -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j ACCEPT
$IPT -A FORWARD -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
$IPT -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j ACCEPT
$IPT -A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j ACCEPT
# Conectividade
$IPT -A FORWARD -p tcp -s 192.168.0.0/16 -d 200.201.174.0/24 --dport 80 -j ACCEPT
$IPT -A FORWARD -p tcp -d 192.168.0.0/16 -s 200.201.174.0/24 --dport 80 -j ACCEPT
$IPT -A FORWARD -p tcp -s 192.168.0.0/16 -d 200.201.174.0/24 --dport 2631 -j ACCEPT
$IPT -A FORWARD -p tcp -d 192.168.0.0/16 -s 200.201.174.0/24 --dport 2631 -j ACCEPT
# Vpn
# $IPT -A FORWARD -p udp -i $EXT_IF --dport 1193 --destination $VPN_IP -j ACCEPT
# $IPT -A FORWARD -p udp -i $EXT_IF --dport 1194 --destination $VPN_IP -j ACCEPT
# $IPT -A FORWARD -p udp -i $EXT_IF --dport 1195 --destination $VPN_IP -j ACCEPT
# Telnet
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 23 --destination $TEL_IP -j ACCEPT
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 2208 --destination $TEL_IP -j ACCEPT
# Cups
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 515 --destination $TEL_IP -j ACCEPT
$IPT -A FORWARD -p udp -i $EXT_IF --dport 515 --destination $TEL_IP -j ACCEPT
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 631 --destination $TEL_IP -j ACCEPT
$IPT -A FORWARD -p udp -i $EXT_IF --dport 631 --destination $TEL_IP -j ACCEPT
# Firebird
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 3050 --destination $TEL_IP -j ACCEPT
# Fabrica
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 3400 --destination $WTS_IP -j ACCEPT
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 8011 --destination $CAM_IP -j ACCEPT
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 4550 --destination $CAM_IP -j ACCEPT
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 5550 --destination $CAM_IP -j ACCEPT
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 6550 --destination $CAM_IP -j ACCEPT
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 4431 --destination $CAM_IP -j ACCEPT
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 3390 --destination $FAB_IP -j ACCEPT
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 5555 --destination $FAB_IP -j ACCEPT
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 8021 --destination $FAB_IP -j ACCEPT
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 8085 --destination $FAB_IP -j ACCEPT
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 9011 --destination $FAB_IP -j ACCEPT
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 9013 --destination $FAB_IP -j ACCEPT
$IPT -A FORWARD -p tcp -i $EXT_IF --dport 9090 --destination $FAB_IP -j ACCEPT
# Vnc - somente para o administrador
# $IPT -A FORWARD -s marcosdestro.homelinux.org -p tcp --dport 5801:5901 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# $IPT -A FORWARD -s marcosdestro.homelinux.org -p udp --dport 5801:5901 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# Acesso Liberado - inicio
# Por MAC
# Artur - Pioneira
$IPT -t nat -A PREROUTING -p tcp -m mac --mac-source 00:21:00:38:1B:2C --dport 80 -j RETURN
$IPT -t nat -A PREROUTING -p tcp -m mac --mac-source 00:21:00:38:1B:2C --dport 443 -j RETURN
# Diogo
$IPT -t nat -A PREROUTING -p tcp -m mac --mac-source 00:1C:BF:6C:59:09 --dport 80 -j RETURN
$IPT -t nat -A PREROUTING -p tcp -m mac --mac-source 00:1C:BF:6C:59:09 --dport 443 -j RETURN
# Por IP
# Fabrica - Gateway matriz/fabrica - FTD e servidor Totvs
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.102/32 --destination-port 80 -j RETURN
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.102/32 --destination-port 443 -j RETURN
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.5/32 --destination-port 80 -j RETURN
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.5/32 --destination-port 443 -j RETURN
# Loja - Maquinas Liberadas loja
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.11/32 --destination-port 80 -j RETURN #Leandro
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.11/32 --destination-port 443 -j RETURN #Leandro
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.12/32 --destination-port 80 -j RETURN #Val
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.12/32 --destination-port 443 -j RETURN #Val
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.13/32 --destination-port 80 -j RETURN #Rose
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.13/32 --destination-port 443 -j RETURN #Rose
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.14/32 --destination-port 80 -j RETURN #Jessica
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.14/32 --destination-port 443 -j RETURN #Jessica
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.15/32 --destination-port 80 -j RETURN #Vino
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.15/32 --destination-port 443 -j RETURN #Vino
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.16/32 --destination-port 80 -j RETURN #Luana
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.16/32 --destination-port 443 -j RETURN #Luana
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.19/32 --destination-port 80 -j RETURN #Thaisa
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.19/32 --destination-port 443 -j RETURN #Thaisa
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.20/32 --destination-port 80 -j RETURN #Calinhos
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.20/32 --destination-port 443 -j RETURN #Carlihos
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.23/32 --destination-port 80 -j RETURN #Diogo
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.23/32 --destination-port 443 -j RETURN #Diogo
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.24/32 --destination-port 80 -j RETURN #Bruno
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.24/32 --destination-port 443 -j RETURN #Bruno
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.34/32 --destination-port 80 -j RETURN #Gabriel
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.34/32 --destination-port 443 -j RETURN #Gabriel
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.62/32 --destination-port 80 -j RETURN #Caixa
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.62/32 --destination-port 443 -j RETURN #Caixa
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.99/32 --destination-port 80 -j RETURN #Roberta
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.99/32 --destination-port 443 -j RETURN #Roberta
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.100/32 --destination-port 80 -j RETURN #srvdestro
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.100/32 --destination-port 443 -j RETURN #srvdestro
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.101/32 --destination-port 80 -j RETURN #srvdestro1
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.101/32 --destination-port 443 -j RETURN #srvdestro1
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.130/32 --destination-port 80 -j RETURN #CORINGA
$IPT -t nat -A PREROUTING -p tcp -s 192.168.0.130/32 --destination-port 443 -j RETURN #CORINGA
# Acesso liberado - fim
#
# Conectividade
$IPT -t nat -A PREROUTING -s 192.168.0.0/16 -d 200.201.174.0/24 -p tcp --dport 80 -j RETURN
$IPT -t nat -A PREROUTING -s 192.168.0.0/16 -d 200.201.174.0/24 -p tcp --dport 2631 -j RETURN
# Redirecionamento - Squid
$IPT -t nat -A PREROUTING -i $LAN_IF -p tcp --dport 80 -j REDIRECT --to-ports 3128
$IPT -t nat -A PREROUTING -i $LAN_IF -p tcp --dport 443 -j REDIRECT --to-ports 3128
# Travamento da Internet para toda rede
# $IPT -t nat -A PREROUTING -i $EXT_IF -s 192.168.0.0/24 -j DROP
# Telnet redirecionamento direto
# $IPT -t nat -A PREROUTING -s 200.204.77.40/32 -p tcp -m tcp --dport 23 -j DNAT --to-destination 192.168.0.101:23
# $IPT -t nat -A PREROUTING -s 200.204.76.188/32 -p tcp -m tcp --dport 23 -j DNAT --to-destination 192.168.0.101:23
# Cliente servico de terminal direto
# $IPT -t nat -A PREROUTING -s 200.204.77.40/32 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.0.14:3389
# $IPT -t nat -A PREROUTING -s 201.0.166.244/32 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.0.14:3389
# $IPT -t nat -A PREROUTING -d 189.19.51.145/32 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.0.27:3389
# Fabrica - TS e Protheus (redirecionamento)
# $IPT -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -m tcp --dport 3390 -j DNAT --to-destination 192.168.0.102:3390
# $IPT -t nat -A PREROUTING -s 192.168.0.0/16 -p tcp -m tcp --dport 1433 -j DNAT --to-destination 192.168.0.102:1433
## Protheus via navegador
# $IPT -t nat -A PREROUTING -s 189.19.51.145/32 -p tcp -m tcp --dport 9013 -j DNAT --to-destination 192.168.0.102:9013
# $IPT -t nat -A PREROUTING -s 189.19.51.145/32 -p tcp -m tcp --dport 8021 -j DNAT --to-destination 192.168.0.102:8021
## Terminal protheus de fora
# $IPT -t nat -A PREROUTING -s 189.19.51.145/32 -p tcp -m tcp --dport 3390 -j DNAT --to-destination 192.168.0.102:3390
## Terminal fabrica de fora
# $IPT -t nat -A PREROUTING -s 189.19.51.145/32 -p tcp -m tcp --dport 3400 -j DNAT --to-destination 192.168.0.5:3400
## Cameras Fabrica de Fora
# $IPT -t nat -A PREROUTING -s 189.19.51.145/32 -p tcp -m tcp --dport 8011 -j DNAT --to-destination 192.168.0.120:8011
# $IPT -t nat -A PREROUTING -s 189.19.51.145/32 -p tcp -m tcp --dport 4550 -j DNAT --to-destination 192.168.0.120:4550
# $IPT -t nat -A PREROUTING -s 189.19.51.145/32 -p tcp -m tcp --dport 5550 -j DNAT --to-destination 192.168.0.120:5550
# $IPT -t nat -A PREROUTING -s 189.19.51.145/32 -p tcp -m tcp --dport 6550 -j DNAT --to-destination 192.168.0.120:6550
# $IPT -t nat -A PREROUTING -s 189.19.51.145/32 -p tcp -m tcp --dport 4431 -j DNAT --to-destination 192.168.0.120:4431
## Terminal fim
# $IPT -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -m tcp --dport 5555 -j DNAT --to-destination 192.168.0.102:5555
# $IPT -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -m tcp --dport 8021 -j DNAT --to-destination 192.168.0.102:8021
# $IPT -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -m tcp --dport 8085 -j DNAT --to-destination 192.168.0.102:8085
# $IPT -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -m tcp --dport 9011 -j DNAT --to-destination 192.168.0.102:9011
# $IPT -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -m tcp --dport 9013 -j DNAT --to-destination 192.168.0.102:9013
# $IPT -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -m tcp --dport 9090 -j DNAT --to-destination 192.168.0.102:9090
# Sms - Nobreak se for usado outro servidor
# $IPT -t nat -A PREROUTING -d 189.19.51.145/32 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.0.101:8080
# $IPT -t nat -A PREROUTING -d 189.19.51.145/32 -p tcp -m tcp --dport 8005 -j DNAT --to-destination 192.168.0.101:8005
# $IPT -t nat -A PREROUTING -d 189.19.51.145/32 -p tcp -m tcp --dport 4444 -j DNAT --to-destination 192.168.0.101:4444
# $IPT -t nat -A PREROUTING -d 189.19.51.145/32 -p tcp -m tcp --dport 1099 -j DNAT --to-destination 192.168.0.101:1099
# Vpn (wan)
# $IPT -t nat -A PREROUTING -p udp -i $EXT_IF --dport 1193:1193 -j DNAT --to-destination $VPN_IP
# $IPT -t nat -A PREROUTING -p udp -i $EXT_IF --dport 1194:1194 -j DNAT --to-destination $VPN_IP
# $IPT -t nat -A PREROUTING -p udp -i $EXT_IF --dport 1195:1195 -j DNAT --to-destination $VPN_IP
# Telnet (wan)
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 23:23 -j DNAT --to-destination $TEL_IP
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 2208:2208 -j DNAT --to-destination $TEL_IP
# Cups (wan)
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 515 -j DNAT --to-destination $TEL_IP
$IPT -t nat -A PREROUTING -p udp -i $EXT_IF --dport 515 -j DNAT --to-destination $TEL_IP
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 631 -j DNAT --to-destination $TEL_IP
$IPT -t nat -A PREROUTING -p udp -i $EXT_IF --dport 631 -j DNAT --to-destination $TEL_IP
# Firebird (wan)
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 3050:3050 -j DNAT --to-destination $TEL_IP
# Fabrica (wan)
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 3400 -j DNAT --to-destination $WTS_IP
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 3390 -j DNAT --to-destination $FAB_IP
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 5555 -j DNAT --to-destination $FAB_IP
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 8021 -j DNAT --to-destination $FAB_IP
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 8085 -j DNAT --to-destination $FAB_IP
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 9011 -j DNAT --to-destination $FAB_IP
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 9013 -j DNAT --to-destination $FAB_IP
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 9090 -j DNAT --to-destination $FAB_IP
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 8011 -j DNAT --to-destination $CAM_IP
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 4550 -j DNAT --to-destination $CAM_IP
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 5550 -j DNAT --to-destination $CAM_IP
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 6550 -j DNAT --to-destination $CAM_IP
$IPT -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 4431 -j DNAT --to-destination $CAM_IP
# Vpn (lan)
# $IPT -t nat -A PREROUTING -p udp -i $LAN_IF --dport 1193:1193 --destination $EXT_IP -j DNAT --to-destination $VPN_IP
# $IPT -t nat -A PREROUTING -p udp -i $LAN_IF --dport 1194:1194 --destination $EXT_IP -j DNAT --to-destination $VPN_IP
# $IPT -t nat -A PREROUTING -p udp -i $LAN_IF --dport 1195:1195 --destination $EXT_IP -j DNAT --to-destination $VPN_IP
# Telnet (lan)
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 23:23 --destination $EXT_IP -j DNAT --to-destination $TEL_IP
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 2208:2208 --destination $EXT_IP -j DNAT --to-destination $TEL_IP
# Cups (lan)
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 515 --destination $EXT_IP -j DNAT --to-destination $TEL_IP
$IPT -t nat -A PREROUTING -p udp -i $LAN_IF --dport 515 --destination $EXT_IP -j DNAT --to-destination $TEL_IP
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 631 --destination $EXT_IP -j DNAT --to-destination $TEL_IP
$IPT -t nat -A PREROUTING -p udp -i $LAN_IF --dport 631 --destination $EXT_IP -j DNAT --to-destination $TEL_IP
# Firebird (lan)
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 3050:3050 --destination $EXT_IP -j DNAT --to-destination $TEL_IP
# Fabrica (lan)
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 3400 --destination $EXT_IP -j DNAT --to-destination $WTS_IP
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 8011 --destination $EXT_IP -j DNAT --to-destination $CAM_IP
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 4550 --destination $EXT_IP -j DNAT --to-destination $CAM_IP
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 5550 --destination $EXT_IP -j DNAT --to-destination $CAM_IP
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 6550 --destination $EXT_IP -j DNAT --to-destination $CAM_IP
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 4431 --destination $EXT_IP -j DNAT --to-destination $CAM_IP
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 3390 --destination $EXT_IP -j DNAT --to-destination $FAB_IP
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 5555 --destination $EXT_IP -j DNAT --to-destination $FAB_IP
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 8021 --destination $EXT_IP -j DNAT --to-destination $FAB_IP
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 8085 --destination $EXT_IP -j DNAT --to-destination $FAB_IP
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 9011 --destination $EXT_IP -j DNAT --to-destination $FAB_IP
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 9013 --destination $EXT_IP -j DNAT --to-destination $FAB_IP
$IPT -t nat -A PREROUTING -p tcp -i $LAN_IF --dport 9090 --destination $EXT_IP -j DNAT --to-destination $FAB_IP
# Nat postrouting chain
# $IPT -t nat -A POSTROUTING -s 10.7.0.0/24 -o $EXT_IF -j MASQUERADE
# $IPT -t nat -A POSTROUTING -s 10.9.0.0/24 -o $EXT_IF -j MASQUERADE
# Vpn - Outros
$IPT -t nat -A POSTROUTING -s 10.7.0.0/24 -o $LAN_IF -j MASQUERADE
# Vpn - Deposito
$IPT -t nat -A POSTROUTING -s 10.8.0.0/24 -o $LAN_IF -j MASQUERADE
# Vpn - Atibaia
$IPT -t nat -A POSTROUTING -s 10.9.0.0/24 -o $LAN_IF -j MASQUERADE
# Internet - Todos via rota default
$IPT -t nat -A POSTROUTING -s 0/0 -j MASQUERADE
# Modprobe
/sbin/modprobe ip_gre
/sbin/modprobe ip_nat_pptp
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_pptp
/sbin/modprobe ip_nat_ftp
;;
stop)
echo "Parando o servico: " "Iptables"
echo
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -F
$IPT -F INPUT
$IPT -F FORWARD
$IPT -F OUTPUT
$IPT -t nat -F
$IPT -t mangle -F
$IPT -X
$IPT -t nat -X
$IPT -t mangle -X
/sbin/rmmod ip_nat_ftp
/sbin/rmmod ip_conntrack
/sbin/rmmod ip_conntrack_ftp
/sbin/rmmod ip_nat_pptp
/sbin/rmmod ip_conntrack_pptp
/sbin/rmmod ip_conntrack_proto_gre
;;
*)
echo "Uso: iptables (start|stop)"
echo
;;
esac
exit 0
----
DESDE JÁ OBRIGADO !
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Artigos
Enviar mensagem ao usuário trabalhando com as opções do php.ini
Meu Fork do Plugin de Integração do CVS para o KDevelop
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Dicas
Criando uma VPC na AWS via CLI
Multifuncional HP imprime mas não digitaliza
Dica básica para escrever um Artigo.
Como Exibir Imagens Aleatórias no Neofetch para Personalizar seu Terminal
Tópicos
Instalação Uefi com o instalador clássico do Mageia [RESOLVIDO] (2)
Melhorando a precisão de valores flutuantes em python[AJUDA] (11)
GLPI - Configuração de destinatário com conta Microsoft Exchange (0)
Top 10 do mês
-
Xerxes
1° lugar - 67.739 pts -
Fábio Berbert de Paula
2° lugar - 51.667 pts -
Buckminster
3° lugar - 19.186 pts -
Mauricio Ferrari
4° lugar - 16.006 pts -
Alberto Federman Neto.
5° lugar - 14.875 pts -
Diego Mendes Rodrigues
6° lugar - 13.387 pts -
Daniel Lara Souza
7° lugar - 13.812 pts -
edps
8° lugar - 11.622 pts -
Andre (pinduvoz)
9° lugar - 11.273 pts -
Alessandro de Oliveira Faria (A.K.A. CABELO)
10° lugar - 11.110 pts
Scripts
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
