Como criar regra de nat para sub rede

1. Como criar regra de nat para sub rede

Alexandre Krieger
lledopote

(usa Outra)

Enviado em 25/11/2014 - 17:54h

Boa tarde, tenho uma rede 192.168.1.0 como primaria,
criei uma rede secundaria que sera minha sub-rede para telefones ip = 192.168.2.0
como faço o nat para a sub rede?
segue abaixo as configurações definidas pela antiga gerencia:



# ESTACAO SEM PROXY - ACESSO IMLIMITADO PARA NAVEGAÇAO
# -------------------------------------------------------
/sbin/iptables -t nat -I PREROUTING -s 192.168.1.234 -p tcp -i eth1 --dport 80 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 192.168.1.233 -p tcp -i eth1 --dport 80 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 192.168.1.207 -p tcp -i eth1 --dport 80 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 192.168.1.126 -p tcp -i eth1 --dport 80 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 192.168.1.60 -p tcp -i eth1 --dport 7000 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 192.168.1.16 -p tcp -i eth1 --dport 80 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 192.168.1.163 -p tcp -i eth1 --dport 80 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 192.168.1.88 -p tcp -i eth1 --dport 80 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 192.168.1.236 -p tcp -i eth1 --dport 80 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 192.168.1.252 -p tcp -i eth1 --dport 80 -j ACCEPT

# BYPASSS PARA O MODEM - GERENCIAMENTO
# -------------------------------------------------------
/sbin/iptables -t nat -I PREROUTING -d 10.1.1.1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.1.1.1:80


# FILTRANDO PORTAS - BLOQUEIOS DE SAIDA
# -------------------------------------------------------
/sbin/iptables -I FORWARD -p tcp -o eth0 --syn -j DROP


# LIBERANDO REDE DA VPN
# -------------------------------------------------------
#/sbin/iptables -I FORWARD -s 192.168.1.0/24 -d 192.168.3.0/24 -j ACCEPT
#/sbin/iptables -I FORWARD -s 192.168.3.0/24 -d 192.168.1.0/24 -j ACCEPT



# LIBERACOES DE PORTAS PARA REDE
# -------------------------------------------------------

/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 80 -j DROP
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 443 -j DROP

/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 20 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 21 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 22 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 25 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 53 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 110 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 587 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 143 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 211 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 993 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 995 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 1975 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 2180 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 8080 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 3389:3395 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 5222:5223 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 61080 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 7000 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 0/0 --dport 9100 -j ACCEPT

# LIBERACOES PARA SERVIDORES E ESTAÇOES - ALL PORTS
# -------------------------------------------------------
# PRODUCAO
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.20 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -d 192.168.1.20 -j ACCEPT

# STANDBY
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.19 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -d 192.168.1.19 -j ACCEPT

#SRV-RDP02
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.18 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -d 192.168.1.18 -j ACCEPT

#SRV-DOM01
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.8 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -d 192.168.1.8 -j ACCEPT

#SRV-RDP01
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.7 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -d 192.168.1.7 -j ACCEPT

#SRV-NCP01
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.26 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -d 192.168.1.26 -j ACCEPT

#CDP5000DC01
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.16 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -d 192.168.1.16 -j ACCEPT


# SETOR TI
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.234 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -d 192.168.1.234 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.233 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -d 192.168.1.233 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.207 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -d 192.168.1.207 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.163 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -d 192.168.1.163 -j ACCEPT

#CENTRAL
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.60 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -d 192.168.1.60 -j ACCEPT

#RH
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.252 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -d 192.168.1.252 -j ACCEPT

#Finaneiro
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.88 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -d 192.168.1.88 -j ACCEPT



# LIBERA PROTOCOLOS
# -------------------------------------------------------
#/sbin/iptables -I FORWARD -m layer7 --l7proto dns -j ACCEPT
#/sbin/iptables -I FORWARD -m layer7 --l7proto ftp -j ACCEPT
#/sbin/iptables -I FORWARD -m layer7 --l7proto h323 -j ACCEPT
#/sbin/iptables -I FORWARD -m layer7 --l7proto imap -j ACCEPT
#/sbin/iptables -I FORWARD -m layer7 --l7proto ipp -j ACCEPT
#/sbin/iptables -I FORWARD -m layer7 --l7proto lpd -j ACCEPT
#/sbin/iptables -I FORWARD -m layer7 --l7proto pop3 -j ACCEPT
#/sbin/iptables -I FORWARD -m layer7 --l7proto smtp -j ACCEPT
#/sbin/iptables -I FORWARD -m layer7 --l7proto ssdp -j ACCEPT
#/sbin/iptables -I FORWARD -m layer7 --l7proto ssh -j ACCEPT
#/sbin/iptables -I FORWARD -m layer7 --l7proto ssl -j ACCEPT
#/sbin/iptables -I FORWARD -m layer7 --l7proto stun -j ACCEPT
#/sbin/iptables -I FORWARD -m layer7 --l7proto telnet -j ACCEPT


# GERENCIADORES DE DOWNLOADS
# -------------------------------------------------------
#/sbin/iptables -I FORWARD -m layer7 --l7proto http-dap -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto http-freshdownload -j DROP


# CONEXOES REMOTAS
# -------------------------------------------------------
#/sbin/iptables -I FORWARD -m layer7 --l7proto citrix -j ACCEPT
#/sbin/iptables -I FORWARD -m layer7 --l7proto pcanywhere -j ACCEPT
#/sbin/iptables -I FORWARD -m layer7 --l7proto radmin -j ACCEPT
#/sbin/iptables -I FORWARD -m layer7 --l7proto rdp -j ACCEPT
#/sbin/iptables -I FORWARD -m layer7 --l7proto vnc -j ACCEPT


# BLOQUEIO DE PROTOCOLOS
# -------------------------------------------------------
#/sbin/iptables -I FORWARD -m layer7 --l7proto 100bao -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto aim -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto aimwebcontent -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto applejuice -j DROP
/sbin/iptables -I FORWARD -m layer7 --l7proto ares -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto armagetron -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto audiogalaxy -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto battlefield1942 -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto battlefield2 -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto battlefield2142 -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto biff -j DROP
/sbin/iptables -I FORWARD -m layer7 --l7proto bittorrent -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto chikka -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto cimd -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto code_red -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto counterstrike-source -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto dayofdefeat-source -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto directconnect -j DROP
/sbin/iptables -I FORWARD -m layer7 --l7proto doom3 -j DROP
/sbin/iptables -I FORWARD -m layer7 --l7proto edonkey -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto fasttrack -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto freenet -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto gkrellm -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto gnucleuslan -j DROP
/sbin/iptables -I FORWARD -m layer7 --l7proto gnutella -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto goboogy -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto gopher -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto halflife2-deathmatch -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto hotline -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto httpaudio -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto httpcachehit -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto httpcachemiss -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto http-itunes -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto httpvideo -j DROP
/sbin/iptables -I FORWARD -m layer7 --l7proto imesh -j DROP
/sbin/iptables -I FORWARD -m layer7 --l7proto irc -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto jabber -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto kugoo -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto live365 -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto liveforspeed -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto mohaa -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto mute -j DROP
/sbin/iptables -I FORWARD -m layer7 --l7proto napster -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto nimda -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto openft -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto poco -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto pressplay -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto qq -j DROP
/sbin/iptables -I FORWARD -m layer7 --l7proto quake1 -j DROP
/sbin/iptables -I FORWARD -m layer7 --l7proto quake-halflife -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto quicktime -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto replaytv-ivs -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto rtp -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto rtsp -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto shoutcast -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto soribada -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto soulseek -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto subspace -j DROP
/sbin/iptables -I FORWARD -m layer7 --l7proto subversion -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto teamfortress2 -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto teamspeak -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto tesla -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto thecircle -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto tor -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto ventrilo -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto worldofwarcraft -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto x11 -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto xboxlive -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto xunlei -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto yahoo -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto zmaap -j DROP


# MSN E SKYPE
# -------------------------------------------------------
/sbin/iptables -I FORWARD -m layer7 --l7proto msn-filetransfer -j DROP
/sbin/iptables -I FORWARD -m layer7 --l7proto msnmessenger -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto skypeout -j DROP
#/sbin/iptables -I FORWARD -m layer7 --l7proto skypetoskype -j DROP


# MSN - LIBERAÇÀO POR IP
# -------------------------------------------------------
# TI - Albinice
/sbin/iptables -I FORWARD -m layer7 --l7proto msn-filetransfer -s 192.168.1.234/32 -j ACCEPT
/sbin/iptables -I FORWARD -m layer7 --l7proto msnmessenger -s 192.168.1.234/32 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.234/32 --dport 1863 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.234/32 --dport 443 -j ACCEPT


# TI
/sbin/iptables -I FORWARD -m layer7 --l7proto msn-filetransfer -s 192.168.1.207/32 -j ACCEPT
/sbin/iptables -I FORWARD -m layer7 --l7proto msnmessenger -s 192.168.1.207/32 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.207/32 --dport 1863 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.207/32 --dport 443 -j ACCEPT


# SUPRIMENTOS
/sbin/iptables -I FORWARD -m layer7 --l7proto msn-filetransfer -s 192.168.1.114/32 -j ACCEPT
/sbin/iptables -I FORWARD -m layer7 --l7proto msnmessenger -s 192.168.1.114/32 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.114/32 --dport 1863 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.114/32 --dport 443 -j ACCEPT


# ti
/sbin/iptables -I FORWARD -m layer7 --l7proto msn-filetransfer -s 192.168.1.163/32 -j ACCEPT
/sbin/iptables -I FORWARD -m layer7 --l7proto msnmessenger -s 192.168.1.163/32 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.163/32 --dport 1863 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.1.163/32 --dport 443 -j ACCEPT


# CONECTIVIDADE SOCIAL - CAIXA
# -------------------------------------------------------
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.201.174.207 -p tcp --dport 80 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -p tcp --dport 1049 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -p tcp --dport 3456 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.194.179.90 -p tcp --dport 80 -j ACCEPT


# CEF
# -------------------------------------------------------
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.201.160.0/24 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.201.161.0/24 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.201.162.0/24 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.201.163.0/24 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.201.164.0/24 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.201.165.0/24 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.201.166.0/24 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.201.167.0/24 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.201.168.0/24 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.201.169.0/24 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.201.170.0/24 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.201.171.0/24 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.201.172.0/24 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.201.173.0/24 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.201.174.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.201.160.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.201.161.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.201.162.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.201.163.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.201.164.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.201.165.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.201.166.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.201.167.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.201.168.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.201.169.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.201.170.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.201.171.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.201.172.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.201.173.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.201.174.0/24 -j ACCEPT


# Rede sem fio navegacao liberada
# -------------------------------------------------------
/sbin/iptables -t nat -I PREROUTING -s 192.168.100.0/24 -p tcp -i eth2 --dport 1:65535 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -o eth0 -s 192.168.100.0/24 --dport 1:65535 -j ACCEPT


# CAT 4.0 - Acidente de trabalho
# -------------------------------------------------------
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.152.32.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.152.32.0/24 -j ACCEPT


# GDRAIS
# -------------------------------------------------------
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 161.148.174.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 161.148.174.0/24 -j ACCEPT


# RAISNET 2013
# -------------------------------------------------------
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 161.148.0.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 161.148.0.0/24 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 189.9.71.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 189.9.71.0/24 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.198.239.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.198.239.0/24 -j ACCEPT

# Sped - EFD Contribuiçoes
# -------------------------------------------------------
/sbin/iptables -t nat -I PREROUTING -s 0/0 -d 200.198.239.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -s 0/0 -d 200.198.239.0/24 -j ACCEPT



#Liberação SNMP
# -------------------------------------------------------
iptables -I INPUT -p udp --dport 161 -j ACCEPT
iptables -I FORWARD -p udp --dport 161 -j ACCEPT

#Liberação UPD SNTP
# -------------------------------------------------------
/sbin/iptables -I FORWARD -p udp -o eth0 -s 0/0 --dport 123 -j ACCEPT




  


2. Re: Como criar regra de nat para sub rede

Natanael Henrique
natanaelhenrique

(usa Arch Linux)

Enviado em 04/12/2014 - 20:10h

Fala, Alexandre.

Adiciona as regras

#Para acesso direto, sem precisar de passar pelo proxy
/sbin/iptables -t nat -I PREROUTING -s 192.168.2.0/24 -j ACCEPT

#Caso sua política de FORWARD seja mudada para DROP, essas regras vão garantir que sua rede 192.168.2.0 continue funcionando.
/sbin/iptables -I FORWARD -s 192.168.2.0/24 -j ACCEPT
/sbin/iptables -I FORWARD -d 192.168.2.0/24 -j ACCEPT


#Essa é a regra que faz o NAT para a rede. Sem ela não há internet (a não ser por proxy).
/sbin/iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE








Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts