kazz
(usa Linux Mint)
Enviado em 31/01/2014 - 08:18h
ubuntu 12.04 LTS server 32 bit
/etc/network/interfaces
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.25.11
netmask 255.255.255.0
broadcast 192.168.25.255
gateway 192.168.25.1
# The secondary network interface
auto eth1
iface eth1 inet static
address 10.0.0.1
netmask 255.255.255.0
broadcast 10.0.0.255
/etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
"obs: eu uso as config do firewall no /etc/rc.firewall e não no /etc/init.d/firewall.sh não sei se tem alguma diferença"
/etc/rc.firewall
#ifinternet "eth0"
#Configuração de rede WAN
#IP: 192.168.25.11
#Mascara: 255.255.255.0
#Gateway: 192.168.25.1
#iflocal "eth1"
#IP: 10.0.0.1
#Mascara: 255.255.255.0
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -P INPUT DROP
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A POSTROUTING -t nat -s 10.0.0.0/24 -d 0/0 -j MASQUERADE
iptables -A INPUT -s 127.0.0.1 -d 0/0 -j ACCEPT
iptables -t filter -A FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -t filter -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A INPUT -s 10.0.0.0/24 -p icmp --icmp-type echo-request -m limit --limit 10/s -j ACCEPT
iptables -A INPUT -s 10.0.0.0/24 -p icmp --icmp-type echo-request -m limit --limit 10/s -j RETURN
iptables -A FORWARD -s 10.0.0.0/24 -p tcp -d 0/0 --dport 110 -j ACCEPT
iptables -A FORWARD -s 10.0.0.0/24 -p tcp -d 0/0 --dport 143 -j ACCEPT
iptables -A FORWARD -s 10.0.0.0/24 -p tcp -d 0/0 --dport 25 -j ACCEPT
iptables -A FORWARD -s 10.0.0.0/24 -p tcp -d 0/0 --dport 587 -j ACCEPT
iptables -A FORWARD -s 10.0.0.0/24 -p tcp -d 0/0 --dport 21 -j ACCEPT
iptables -A FORWARD -s 10.0.0.0/24 -p tcp -d 0/0 --dport 80 -j ACCEPT
iptables -A FORWARD -s 10.0.0.0/24 -p tcp -d 0/0 --dport 443 -j ACCEPT
iptables -A FORWARD -s 10.0.0.0/24 -p tcp -d 0/0 --dport 22 -j ACCEPT
iptables -A FORWARD -s 10.0.0.0/24 -p tcp -d 0/0 --dport 23 -j ACCEPT
iptables -A INPUT -p TCP -s 10.0.0.0/24 -d 0/0 --dport 137:139 -j ACCEPT
iptables -A INPUT -p UDP -s 10.0.0.0/24 -d 0/0 --dport 137:139 -j ACCEPT
iptables -A INPUT -p TCP -s 10.0.0.0/24 -d 0/0 --dport 445 -j ACCEPT
iptables -A INPUT -p TCP -s 10.0.0.0/24 -d 0/0 --dport 22 -j ACCEPT
iptables -A INPUT -p TCP -s 10.0.0.0/24 -d 0/0 --dport 80 -j ACCEPT