ederlopes7
(usa CentOS)
Enviado em 01/08/2012 - 13:49h
Pessoal,
estou precisando de um HELP aqui.
Preciso fazer um redirecionamento de umas portas no iptables, porem esta dando um erro..
root@SQSERVER:/etc/squid3/acls# /etc/init.d/firewall reload
iptables v1.4.8: option `PREROUTING' requires an argument
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.8: option `PREROUTING' requires an argument
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.8: option `PREROUTING' requires an argument
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `PREROUTING'
Try `iptables -h' or 'iptables --help' for more information.
estes erro ocorreram depois que eu coloquei as regras de NAT, mas nao sei aonde eu errei.
segue meu firewall
#!/bin/sh
modprobe iptable_nat
iptables -F
iptables -t nat -F
iptables -X
echo "1" > /proc/sys/net/ipv4/ip_forward
# jogando internet para o proxy
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j REDIRECT --to 3128
# Liberar Outlook
www.vivaolinux.com.br/dica/Faca-seu-Outlook-funcionar-com-o-iptables
iptables -A FORWARD -p udp -s 192.168.1.0/24 -d 8.8.4.4 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 8.8.4.4 --sport 53 -d 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -p TCP -s 192.168.1.0/24 --dport 25 -j ACCEPT
iptables -A FORWARD -p TCP -s 192.168.1.0/24 --dport 587 -j ACCEPT
iptables -A FORWARD -p TCP -s 192.168.1.0/24 --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp --sport 25 -j ACCEPT
iptables -A FORWARD -p tcp --sport 587 -j ACCEPT
iptables -A FORWARD -p tcp --sport 110 -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
# Direcionar internet para eth0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#Liberar MSN Ip especifico
iptables -I FORWARD -s 192.168.1.127 -p tcp --dport 1863 -j ACCEPT
iptables -I FORWARD -s 192.168.1.127 -d loginnet.password.com -j ACCEPT
iptables -I FORWARD -s 192.168.1.127 -d hotmail.com -j ACCEPT
iptables -I FORWARD -s 192.168.1.127 -d hotmail.com.br -j ACCEPT
iptables -I FORWARD -s 192.168.1.127 -d login.live.com -j ACCEPT
iptables -A FORWARD -s 192.168.1.127 -d messenger.hotmail.com -j ACCEPT
iptables -A FORWARD -s 192.168.1.127 -d webmessenger.msn.com -j ACCEPT
#Libera Porta CONECTIVIDADE
iptables -A INPUT -j ACCEPT -p tcp -i eth0 --sport 2631
iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport 2631
iptables -A INPUT -j ACCEPT -p tcp -i eth0 -s 200.201.174.0/24
iptables -A INPUT -j ACCEPT -p tcp -i eth0 -d 200.201.174.0/24
#=======================================================================
iptables -A FORWARD -j ACCEPT -p tcp --sport 2631
iptables -A FORWARD -j ACCEPT -p tcp --dport 2631
#=======================================================================
#iptables -t nat -A PREROUTING -i eth0 -p tcp -d ! 200.201.174.0/24 --dport 80 -j REDIRECT --to-port 3128
#=======================================================================
#NAT
#========================================================================
iptables -t nat -A PREROUTING -eth1 -p tcp --dport 5432 -j DNAT --to-destination 192.168.1.254
iptables -t nat -A PREROUTING -eth1 -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.118
iptables -t nat -A PREROUTING -eth1 -p tcp --dport 2222 -j DNAT --to-destination 192.168.1.254
iptables -t nat PREROUTING -i eth1 -p tcp --dport 3389 -j DNAT --to-destination 192.168.1.5
iptables -t nat -A POSTROUTING -s 192.168.1.254 -j MASQUERADE
#========================================================================
iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT
iptables -A FORWARD -p tcp --sport 3389 -j ACCEPT
PLACA LAN - eth0
PLACA WAN - eth1