Firewall não esta compartilhando a internet
1. Firewall não esta compartilhando a internet
emerson2703
(usa CentOS)
Enviado em 21/09/2011 - 16:33h
Boa tarde,Quando coloquei o script para carregar as regras do firewall, a as maquinas clientes não consegui ascessar a internet, mas pinga para um site normalmente utilizo centos 5.4, segue abaixo meu script:
#!/bin/bash
# Autor: Emerson Guimaraes
#
#
echo -n Aplicando Regras de Firewall...
echo
#### Zera regras
# Removendo regras
iptables -F
iptables -t nat -F
iptables -t mangle -F
# Apagando chains
iptables -X
iptables -t nat -X
iptables -t mangle -X
# Zerando contadores
iptables -Z
iptables -t nat -Z
iptables -t mangle -Z
# Carregando Modulos
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
# Política
# Nat
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
# Liberacao do Sistema Login
iptables -t nat -A PREROUTING -p tcp -d 192.168.0.107 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 192.168.0.138 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.107 -j ACCEPT
# Direcionando para msn-proxy
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1863 -j REDIRECT --to-port 1863
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 1863 -j REDIRECT --to-port 1863
# Caixa conectividade
iptables -t nat -A PREROUTING -i eth0 -p tcp -d ! 200.201.174.207 --dport 80 -j REDIRECT --to-port 1994
iptables -t nat -A PREROUTING -i eth2 -p tcp -d ! 200.201.174.207 --dport 80 -j REDIRECT --to-port 1994
iptables -t nat -I PREROUTING -p tcp -d 200.201.0.0/16 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d 200.223.0.0 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -s 172.16.0.0 --dport 80 -d 200.201.174.207 -j RETURN
iptables -t nat -A PREROUTING -p tcp -d 200.201.0.0/16 -j ACCEPT
# Direcionando tudo para o Squid
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 1994
iptables -t nat -A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 1994
# Liberando acesso loopback
iptables -A INPUT -i lo -j ACCEPT
# Ativando o redirecionamento de pacotes
echo 1 > /proc/sys/net/ipv4/ip_forward
# Compartilhando a Internet
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# Filter
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i eth2 -j ACCEPT
# Internet
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 80 -j ACCEPT
#Liberacao do msn-proxy
iptables -A INPUT -p tcp --dport 25000:30000 -s 172.16.4.0/22 -j ACCEPT
#Conectividade social
iptables -I FORWARD -p tcp -d 200.201.0.0/16 -j ACCEPT
iptables -I FORWARD -p tcp -d 200.223.0.0 -j ACCEPT
iptables -A FORWARD -p tcp -d 200.201.0.0/16 -j ACCEPT
# Liberacao Paygo
iptables -A FORWARD -p udp --dport 500 -j ACCEPT
iptables -A OUTPUT -p udp --dport 500 -j ACCEPT
iptables -A INPUT -p udp --dport 500 -j ACCEPT
iptables -A FORWARD -p udp --dport 4500 -j ACCEPT
iptables -A INPUT -p udp --dport 4500 -j ACCEPT
iptables -A OUTPUT -p udp --dport 4500 -j ACCEPT
# Ping
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# Liberando MSN
iptables -A FORWARD -p tcp -m tcp --dport 1863 -j ACCEPT
# Sistema Login
iptables -A FORWARD -p tcp -m tcp --dport 8080 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 9090 -j ACCEPT
# DNS Firewall
iptables -A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT
# Telefonia PABX
iptables -A FORWARD -p udp --dport 1571 -j ACCEPT
iptables -A FORWARD -p udp --dport 5060 -j ACCEPT
iptables -A FORWARD -p udp --dport 4000 -j ACCEPT
iptables -A FORWARD -p udp --dport 2631 -j ACCEPT
# Servidor de cameras
iptables -A FORWARD -p tcp -m tcp --dport 8672
iptables -A FORWARD -p tcp -m tcp --dport 9670
# Bancos e Financeiras
iptables -A FORWARD -p tcp -m tcp --dport 5190 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 20000 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 5432 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 809 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 1665 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 443 -j ACCEPT
# Caixa Economica
iptables -A FORWARD -p tcp -m tcp --dport 2681 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 2631 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 2631 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 2631 -j ACCEPT
# Liberacao de Envio e Recebimento de E-mail
# Recebimento
iptables -A FORWARD -p tcp -m tcp --dport 110 -j ACCEPT
# Envio
iptables -A FORWARD -p tcp -m tcp --dport 465 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 945 -j ACCEPT
# Liberacao Conexao Remota (Teminal Server, VNC e Puty)
# Acesso e Mapeamento Remoto
iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT
iptables -A FORWARD -p tcp --sport 3389 -j ACCEPT
iptables -A FORWARD -p udp --sport 3389 -j ACCEPT
iptables -A FORWARD -p udp --dport 3389 -j ACCEPT
iptables -A INPUT -p udp --sport 3389 -j ACCEPT
iptables -A INPUT -p udp --dport 3389 -j ACCEPT
iptables -A INPUT -p tcp --sport 3389 -j ACCEPT
iptables -A INPUT -p tcp --dport 3389 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 3389 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 3389 -j ACCEPT
iptables -A OUTPUT -p udp --sport 3389 -j ACCEPT
iptables -A OUTPUT -p udp --dport 3389 -j ACCEPT
#LSM
iptables -A FORWARD -p tcp --dport 8000 -j ACCEPT
iptables -A FORWARD -p udp --dport 8000 -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
iptables -A INPUT -p udp --dport 8000 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 8000 -j ACCEPT
iptables -A OUTPUT -p udp --dport 8000 -j ACCEPT
iptables -A FORWARD -p tcp --dport 8001 -j ACCEPT
iptables -A FORWARD -p udp --dport 8001 -j ACCEPT
iptables -A INPUT -p tcp --dport 8001 -j ACCEPT
iptables -A INPUT -p udp --dport 8001 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 8001 -j ACCEPT
iptables -A OUTPUT -p udp --dport 8001 -j ACCEPT
#Telnet
iptables -A FORWARD -p tcp --dport 23 -j ACCEPT
iptables -A FORWARD -p udp --dport 23 -j ACCEPT
iptables -A INPUT -p tcp --dport 23 -j ACCEPT
iptables -A INPUT -p udp --dport 23 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 23 -j ACCEPT
iptables -A OUTPUT -p udp --dport 23 -j ACCEPT
#Mysql
iptables -A FORWARD -p tcp --dport 3306 -j ACCEPT
iptables -A FORWARD -p udp --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -p udp --dport 3306 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 3306 -j ACCEPT
iptables -A OUTPUT -p udp --dport 3306 -j ACCEPT
#vpn auditoria
iptables -A INPUT -p tcp --dport 4500 -j ACCEPT
iptables -A INPUT -p udp --dport 4500 -j ACCEPT
iptables -A FORWARD -p tcp --dport 4500 -j ACCEPT
iptables -A FORWARD -p udp --dport 4500 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 4500 -j ACCEPT
iptables -A OUTPUT -p udp --dport 4500 -j ACCEPT
iptables -A FORWARD -p udp --dport 161 -j ACCEPT
iptables -A INPUT -p udp --dport 137 -j ACCEPT
iptables -A INPUT -p udp --dport 138 -j ACCEPT
iptables -A FORWARD -p udp --dport 139 -j ACCEPT
iptables -A FORWARD -p udp --dport 137 -j ACCEPT
iptables -A FORWARD -p udp --dport 138 -j ACCEPT
iptables -A FORWARD -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -p udp --dport 137 -j ACCEPT
iptables -A INPUT -p udp --dport 138 -j ACCEPT
iptables -A INPUT -p udp --dport 139 -j ACCEPT
iptables -A INPUT -p tcp --dport 445 -j ACCEPT
iptables -A INPUT -p udp --dport 445 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 137 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 138 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 139 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 445 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 389 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 445 -j ACCEPT
#VPN
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p udp --dport 1723 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1723 -j ACCEPT
iptables -A FORWARD -p udp --dport 1723 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 1723 -j ACCEPT
iptables -A OUTPUT -p udp --dport 1723 -j ACCEPT
# Liberando Redes Externas
iptables -A FORWARD -d 10.101.0.0/24 -j ACCEPT
iptables -A FORWARD -d 10.102.0.0/24 -j ACCEPT
iptables -A FORWARD -d 10.103.0.0/24 -j ACCEPT
iptables -A FORWARD -d 10.104.0.0/24 -j ACCEPT
iptables -A FORWARD -d 10.105.0.0/24 -j ACCEPT
iptables -A FORWARD -d 10.106.0.0/24 -j ACCEPT
iptables -A FORWARD -d 10.107.0.0/24 -j ACCEPT
iptables -A FORWARD -d 172.16.0.0/22 -j ACCEPT
iptables -A FORWARD -d 172.16.8.0/22 -j ACCEPT
iptables -A FORWARD -d 172.16.12.0/22 -j ACCEPT
iptables -A FORWARD -d 172.16.16.0/22 -j ACCEPT
iptables -A FORWARD -d 172.16.20.0/22 -j ACCEPT
iptables -A FORWARD -d 172.16.27.0/22 -j ACCEPT
iptables -A FORWARD -d 172.16.39.0/22 -j ACCEPT
#FTp
iptables -A FORWARD -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 20 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# VNC
iptables -A FORWARD -p tcp -m tcp --dport 4901 -j ACCEPT
# Puty
iptables -A FORWARD -p tcp -m tcp --dport 754 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 754 -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Rede Local
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o eth0 -j ACCEPT
iptables -A OUTPUT -o eth1 -j ACCEPT
iptables -A OUTPUT -o eth2 -j ACCEPT
# Internet
iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
# Ping
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
# Proteção contra Ataques
iptables -A INPUT -m state --state INVALID -j DROP
# Proteção contra Port Scanner
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 5/m -j ACCEPT
# Proteção contra os "Ping of Death"
iptables -A INPUT -i inet -p icmp --icmp-type 8 -m limit --limit 5/m -j DROP
iptables -A INPUT -i inet -p icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -i ilan -p icmp -j ACCEPT
#Contra syp floop
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 9666 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 9666 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 9666 -j ACCEPT
# Protecao contra worms
iptables -A FORWARD -p tcp --dport 135 -i eth1 -j DROP
#Salvando arquivo contendo as regras
/sbin/iptables-save > /etc/sysconfig/iptables
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Artigos
Atualizar o macOS no Mac - Opencore Legacy Patcher
Crie alias para as tarefas que possuam longas linhas de comando - bash e zsh
Criando um gateway de internet com o Debian
Configuração básica do Conky para mostrar informações sobre a sua máquina no Desktop
Aprenda a criar músicas com Inteligência Artificial usando Suno AI
Dicas
Instalando Zoom Client no Ubuntu 24.04 LTS
Instalando Zoom Client no Fedora 40
Instalando Navegador Firefox no Debian 12
Bloqueando propagandas no Youtube e outros sites com o uBlocker Origin
Tópicos
Top 10 do mês
-
Xerxes
1° lugar - 68.728 pts -
Fábio Berbert de Paula
2° lugar - 61.122 pts -
Clodoaldo Santos
3° lugar - 51.312 pts -
Sidnei Serra
4° lugar - 34.382 pts -
Buckminster
5° lugar - 23.201 pts -
Alberto Federman Neto.
6° lugar - 17.163 pts -
Mauricio Ferrari
7° lugar - 16.200 pts -
Daniel Lara Souza
8° lugar - 15.190 pts -
Diego Mendes Rodrigues
9° lugar - 14.944 pts -
edps
10° lugar - 14.679 pts
Scripts
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
