Iptables básico. [RESOLVIDO]

danniel-lara
(usa Fedora)

Enviado em 19/05/2011 - 08:18h

#!/bin/bash
FWVER=0.63
echo -e "\n\nLoading simple rc.firewall version $FWVER..\n"
IPTABLES="/sbin/iptables"
EXTIF="eth0" # Interface Externa
INTIF="eth1" # Interface Interna

echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
echo " enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo " clearing any existing rules and setting default policy.."
echo "Ativando protecao contra ataques."
#echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "0" > /proc/sys/net/ipv4/tcp_syncookies

##carregando modulos
/sbin/modprobe ip_gre
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_tftp
/sbin/modprobe ip_conntrack_pptp
/sbin/modprobe ip_nat_pptp

# Ativando politica e limpeza de tabelas
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

# Adicionar regras....
# Proxy Transparente
$IPTABLES -t nat -A PREROUTING -i $INTIF -s 192.168.200.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128
$IPTABLES -t filter -A INPUT -i $INTIF -s 192.168.200.0/24 -p tcp --dport 3128 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

#Redirecionamentos
###Servidor Dominio 2003
$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp --dport 3389 -j DNAT --to-destination 192.168.200.10:3389

# HAbilita MASQUERADE
echo "Enabled MASQUERADE on interface $EXTIF..."
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.200.0/24 -j MASQUERADE

echo -e "\nrc.firewall-2.4 v$FWVER done.\n"


Salva o arquivo de permissão de execusão e coloca ele no rc.local da maquina .