Enviado em 28/10/2015 - 10:58h
Olá pessoal,###################################### # Compartilhamento da Internet # modprobe iptable_nat echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE ######################################## # Variaveis # IF_EXT=eth0 IF_IN=eth1 IP_EXT=221.54.182.4 IP_IN=192.168.50.1 IP_CASERVER=192.168.50.200 PORTAS_DE_SERVICOS_1=80,443,8080,53,8081,20,21,22,3389,5432,25,465,995,222 PORTAS_DE_SERVICOS_2=34567,161,162,10050,10051 case "$1" in start) echo "Firewall Ligado!" ######################################## # Definir politicas BLOQUEIO # iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP ######################################## # REGRAS DE NAT # #NAT - CAServer (Porta: 2020) iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2020 -j DNAT --to 192.168.50.200:3389 # IMPUT ###################################################### #statefull iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #icmp (ping) iptables -A INPUT -p icmp -j ACCEPT #ntop iptables -A INPUT -p tcp --dport 3000 -j ACCEPT iptables -A INPUT -p udp --dport 3000 -j ACCEPT #ssh iptables -A INPUT -p tcp --dport 222 -j ACCEPT #Zabbix iptables -A INPUT -p tcp --dport 10050 -j ACCEPT iptables -A INPUT -p tcp --dport 10051 -j ACCEPT # iptables -A INPUT -p tcp --dport 2020 -j ACCEPT ############################################################## ############################################################## # OUTPUT ##################################################### #statefull iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #icmp (ping) iptables -A OUTPUT -p icmp -j ACCEPT #DNS iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT iptables -A OUTPUT -p udp --dport 53 -j ACCEPT #NTP iptables -A OUTPUT -p tcp --dport 123 -j ACCEPT iptables -A OUTPUT -p udp --dport 123 -j ACCEPT #HTTP iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT #HTTPS iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT ############################################################## ############################################################## # FORWARD #################################################### #statefull iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT #HTTP,HTTPS e outros serviços tradicionais para navegacao. iptables -A FORWARD -p tcp -m multiport --dport $PORTAS_DE_SERVICOS_1 -i $IF_IN -j ACCEPT iptables -A FORWARD -p udp -m multiport --dport $PORTAS_DE_SERVICOS_1 -i $IF_IN -j ACCEPT iptables -A FORWARD -p tcp -m multiport --dport $PORTAS_DE_SERVICOS_2 -i $IF_IN -j ACCEPT iptables -A FORWARD -p udp -m multiport --dport $PORTAS_DE_SERVICOS_2 -i $IF_IN -j ACCEPT #whois iptables -A FORWARD -p tcp --dport 43 -j ACCEPT #ping para fora iptables -A FORWARD -p icmp -i $IF_IN -j ACCEPT iptables -A FORWARD -p icmp -o $IF_IN -j ACCEPT #NTP iptables -A FORWARD -p udp --dport 123 -o $IF_EXT -j ACCEPT ;; stop) echo "Firewall Desligado!" ###################################### # Zerar Regras # ###################################### iptables -F iptables -X iptables -F -t nat iptables -X -t nat iptables -F -t mangle iptables -X -t mangle iptables -t nat -F ###################################### # Definir politicas ACEITA TUDO # iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT modprobe iptable_nat echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE ;; restart) /etc/init.d/firewall.sh stop /etc/init.d/firewall.sh start ;; *) echo "Use: /etc/init.d/firewall.sh {start | stop | restart}" exit 1 ;; esac
Enviado em 28/10/2015 - 13:53h
seguinte, quando vc coloca FORWARD -P DROP (policita padrão dropando) ao fazer um nat, vc precisa liberar tambem o FORWARD para o ip internto, exemplo:Enviado em 28/10/2015 - 15:03h
Isto aquiResolver problemas de Internet
Como compartilhar a tela do Ubuntu com uma Smart TV (LG, Samsung, etc.)
Descritores de Arquivos e Swappiness
Solução rápida para o problema do Network Manager conectar mas não navegar
Como instalar no Linux Jogos da Steam só para Windows
Instalando o Team Viewer no Debian Trixie - problema no Policykit
Problemas latentes de performance no Ubuntu 25.04 (2)
Como rodo essa suinaria? [RESOLVIDO] (6)