SIMPLIFICAR AS REGRAS [RESOLVIDO]

1. SIMPLIFICAR AS REGRAS [RESOLVIDO]

Fernanda Montovani Albuquerk
fernanda_mon

(usa Debian)

Enviado em 19/04/2018 - 15:36h

Boa tarde Pessoal, é possível refatorar as regras abaixo e reduzir os números de linhas ou coloca-las no segundo scripts e chama-la pelo script principal que esta no systemd.

iptables -t nat -A PREROUTING -s 198.20.1.36 -d 182.6.34.81 -p TCP --dport 30050 -j DNAT --to 192.168.0.5:30050
iptables -t nat -A PREROUTING -s 198.20.1.36 -d 182.6.34.81 -p TCP --dport 30051 -j DNAT --to 192.168.0.5:30051
iptables -t nat -A PREROUTING -s 198.20.1.36 -d 182.6.34.81 -p TCP --dport 30043 -j DNAT --to 192.168.0.5:30043
iptables -t nat -A PREROUTING -s 198.20.1.38 -d 182.6.34.81 -p TCP --dport 30050 -j DNAT --to 192.168.0.5:30050
iptables -t nat -A PREROUTING -s 198.20.1.38 -d 182.6.34.81 -p TCP --dport 30051 -j DNAT --to 192.168.0.5:30051
iptables -t nat -A PREROUTING -s 198.20.1.38 -d 182.6.34.81 -p TCP --dport 30043 -j DNAT --to 192.168.0.5:30043
iptables -t nat -A PREROUTING -s 198.20.6.40 -d 182.6.34.81 -p TCP --dport 30050 -j DNAT --to 192.168.0.5:30050
iptables -t nat -A PREROUTING -s 198.20.6.40 -d 182.6.34.81 -p TCP --dport 30051 -j DNAT --to 192.168.0.5:30051
iptables -t nat -A PREROUTING -s 198.20.6.40 -d 182.6.34.81 -p TCP --dport 30043 -j DNAT --to 192.168.0.5:30043
iptables -t nat -A PREROUTING -s 198.20.7.42 -d 182.6.34.81 -p TCP --dport 30050 -j DNAT --to 192.168.0.5:30050
iptables -t nat -A PREROUTING -s 198.20.7.42 -d 182.6.34.81 -p TCP --dport 30051 -j DNAT --to 192.168.0.5:30051
iptables -t nat -A PREROUTING -s 198.20.7.42 -d 182.6.34.81 -p TCP --dport 30043 -j DNAT --to 192.168.0.5:30043
iptables -t nat -A PREROUTING -s 198.20.5.31 -d 182.6.34.81 -p TCP --dport 30050 -j DNAT --to 192.168.0.5:30050
iptables -t nat -A PREROUTING -s 198.20.5.31 -d 182.6.34.81 -p TCP --dport 30051 -j DNAT --to 192.168.0.5:30051
iptables -t nat -A PREROUTING -s 198.20.5.31 -d 182.6.34.81 -p TCP --dport 30043 -j DNAT --to 192.168.0.5:30043
iptables -t nat -A PREROUTING -s 198.20.5.32 -d 182.6.34.81 -p TCP --dport 30050 -j DNAT --to 192.168.0.5:30050
iptables -t nat -A PREROUTING -s 198.20.5.32 -d 182.6.34.81 -p TCP --dport 30051 -j DNAT --to 192.168.0.5:30051
iptables -t nat -A PREROUTING -s 198.20.5.32 -d 182.6.34.81 -p TCP --dport 30043 -j DNAT --to 192.168.0.5:30043
iptables -t nat -A PREROUTING -s 198.20.5.33 -d 182.6.34.81 -p TCP --dport 30050 -j DNAT --to 192.168.0.5:30050
iptables -t nat -A PREROUTING -s 198.20.5.33 -d 182.6.34.81 -p TCP --dport 30051 -j DNAT --to 192.168.0.5:30051
iptables -t nat -A PREROUTING -s 198.20.5.33 -d 182.6.34.81 -p TCP --dport 30043 -j DNAT --to 192.168.0.5:30043
iptables -t nat -A PREROUTING -s 198.20.5.34 -d 182.6.34.81 -p TCP --dport 30050 -j DNAT --to 192.168.0.5:30050
iptables -t nat -A PREROUTING -s 198.20.5.34 -d 182.6.34.81 -p TCP --dport 30051 -j DNAT --to 192.168.0.5:30051
iptables -t nat -A PREROUTING -s 198.20.5.34 -d 182.6.34.81 -p TCP --dport 30043 -j DNAT --to 192.168.0.5:30043
iptables -t nat -A PREROUTING -s 198.20.5.35 -d 182.6.34.81 -p TCP --dport 30050 -j DNAT --to 192.168.0.5:30050
iptables -t nat -A PREROUTING -s 198.20.5.35 -d 182.6.34.81 -p TCP --dport 30051 -j DNAT --to 192.168.0.5:30051
iptables -t nat -A PREROUTING -s 198.20.5.35 -d 182.6.34.81 -p TCP --dport 30043 -j DNAT --to 192.168.0.5:30043
iptables -t nat -A PREROUTING -s 198.20.5.36 -d 182.6.34.81 -p TCP --dport 30050 -j DNAT --to 192.168.0.5:30050
iptables -t nat -A PREROUTING -s 198.20.5.36 -d 182.6.34.81 -p TCP --dport 30051 -j DNAT --to 192.168.0.5:30051
iptables -t nat -A PREROUTING -s 198.20.5.36 -d 182.6.34.81 -p TCP --dport 30043 -j DNAT --to 192.168.0.5:30043
iptables -t nat -A PREROUTING -s 198.20.5.37 -d 182.6.34.81 -p TCP --dport 30050 -j DNAT --to 192.168.0.5:30050
iptables -t nat -A PREROUTING -s 198.20.5.37 -d 182.6.34.81 -p TCP --dport 30051 -j DNAT --to 192.168.0.5:30051
iptables -t nat -A PREROUTING -s 198.20.5.37 -d 182.6.34.81 -p TCP --dport 30043 -j DNAT --to 192.168.0.5:30043
iptables -t nat -A PREROUTING -s 198.20.5.38 -d 182.6.34.81 -p TCP --dport 30050 -j DNAT --to 192.168.0.5:30050
iptables -t nat -A PREROUTING -s 198.20.5.38 -d 182.6.34.81 -p TCP --dport 30051 -j DNAT --to 192.168.0.5:30051
iptables -t nat -A PREROUTING -s 198.20.5.38 -d 182.6.34.81 -p TCP --dport 30043 -j DNAT --to 192.168.0.5:30043

se algum puder me ajudar, eu fico agradecida.
:)
bjs


  


2. MELHOR RESPOSTA

Perfil removido
removido

(usa Nenhuma)

Enviado em 19/04/2018 - 16:22h

Outra sugestão:

source="198.20.1.36,198.20.1.38,198.20.6.40,198.20.7.42,198.20.5.31,198.20.5.32,198.20.5.33,198.20.5.34,198.20.5.35,198.20.5.36,198.20.5.37,198.20.5.38"
iptables -t nat -A PREROUTING -s ${source} -d 182.6.34.81 -p TCP --dport 30050 -j DNAT --to 192.168.0.5:30050
iptables -t nat -A PREROUTING -s ${source} -d 182.6.34.81 -p TCP --dport 30051 -j DNAT --to 192.168.0.5:30051
iptables -t nat -A PREROUTING -s ${source} -d 182.6.34.81 -p TCP --dport 30043 -j DNAT --to 192.168.0.5:30043

3. Re: SIMPLIFICAR AS REGRAS [RESOLVIDO]

Perfil removido
removido

(usa Nenhuma)

Enviado em 19/04/2018 - 16:13h

iptables -t nat -A PREROUTING -s 198.20.1.36,198.20.1.38,198.20.6.40,198.20.7.42,198.20.5.31,198.20.5.32,198.20.5.33,198.20.5.34,198.20.5.35,198.20.5.36,198.20.5.37,198.20.5.38 -d 182.6.34.81 -p TCP --dport 30050 -j DNAT --to 192.168.0.5:30050
iptables -t nat -A PREROUTING -s 198.20.1.36,198.20.1.38,198.20.6.40,198.20.7.42,198.20.5.31,198.20.5.32,198.20.5.33,198.20.5.34,198.20.5.35,198.20.5.36,198.20.5.37,198.20.5.38 -d 182.6.34.81 -p TCP --dport 30051 -j DNAT --to 192.168.0.5:30051
iptables -t nat -A PREROUTING -s 198.20.1.36,198.20.1.38,198.20.6.40,198.20.7.42,198.20.5.31,198.20.5.32,198.20.5.33,198.20.5.34,198.20.5.35,198.20.5.36,198.20.5.37,198.20.5.38 -d 182.6.34.81 -p TCP --dport 30043 -j DNAT --to 192.168.0.5:30043

# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 2 packets, 257 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 198.20.1.36 182.6.34.81 tcp dpt:30050 to:192.168.0.5:30050
0 0 DNAT tcp -- * * 198.20.1.38 182.6.34.81 tcp dpt:30050 to:192.168.0.5:30050
0 0 DNAT tcp -- * * 198.20.6.40 182.6.34.81 tcp dpt:30050 to:192.168.0.5:30050
0 0 DNAT tcp -- * * 198.20.7.42 182.6.34.81 tcp dpt:30050 to:192.168.0.5:30050
0 0 DNAT tcp -- * * 198.20.5.31 182.6.34.81 tcp dpt:30050 to:192.168.0.5:30050
0 0 DNAT tcp -- * * 198.20.5.32 182.6.34.81 tcp dpt:30050 to:192.168.0.5:30050
0 0 DNAT tcp -- * * 198.20.5.33 182.6.34.81 tcp dpt:30050 to:192.168.0.5:30050
0 0 DNAT tcp -- * * 198.20.5.34 182.6.34.81 tcp dpt:30050 to:192.168.0.5:30050
0 0 DNAT tcp -- * * 198.20.5.35 182.6.34.81 tcp dpt:30050 to:192.168.0.5:30050
0 0 DNAT tcp -- * * 198.20.5.36 182.6.34.81 tcp dpt:30050 to:192.168.0.5:30050
0 0 DNAT tcp -- * * 198.20.5.37 182.6.34.81 tcp dpt:30050 to:192.168.0.5:30050
0 0 DNAT tcp -- * * 198.20.5.38 182.6.34.81 tcp dpt:30050 to:192.168.0.5:30050
0 0 DNAT tcp -- * * 198.20.1.36 182.6.34.81 tcp dpt:30051 to:192.168.0.5:30051
0 0 DNAT tcp -- * * 198.20.1.38 182.6.34.81 tcp dpt:30051 to:192.168.0.5:30051
0 0 DNAT tcp -- * * 198.20.6.40 182.6.34.81 tcp dpt:30051 to:192.168.0.5:30051
0 0 DNAT tcp -- * * 198.20.7.42 182.6.34.81 tcp dpt:30051 to:192.168.0.5:30051
0 0 DNAT tcp -- * * 198.20.5.31 182.6.34.81 tcp dpt:30051 to:192.168.0.5:30051
0 0 DNAT tcp -- * * 198.20.5.32 182.6.34.81 tcp dpt:30051 to:192.168.0.5:30051
0 0 DNAT tcp -- * * 198.20.5.33 182.6.34.81 tcp dpt:30051 to:192.168.0.5:30051
0 0 DNAT tcp -- * * 198.20.5.34 182.6.34.81 tcp dpt:30051 to:192.168.0.5:30051
0 0 DNAT tcp -- * * 198.20.5.35 182.6.34.81 tcp dpt:30051 to:192.168.0.5:30051
0 0 DNAT tcp -- * * 198.20.5.36 182.6.34.81 tcp dpt:30051 to:192.168.0.5:30051
0 0 DNAT tcp -- * * 198.20.5.37 182.6.34.81 tcp dpt:30051 to:192.168.0.5:30051
0 0 DNAT tcp -- * * 198.20.5.38 182.6.34.81 tcp dpt:30051 to:192.168.0.5:30051
0 0 DNAT tcp -- * * 198.20.1.36 182.6.34.81 tcp dpt:30043 to:192.168.0.5:30043
0 0 DNAT tcp -- * * 198.20.1.38 182.6.34.81 tcp dpt:30043 to:192.168.0.5:30043
0 0 DNAT tcp -- * * 198.20.6.40 182.6.34.81 tcp dpt:30043 to:192.168.0.5:30043
0 0 DNAT tcp -- * * 198.20.7.42 182.6.34.81 tcp dpt:30043 to:192.168.0.5:30043
0 0 DNAT tcp -- * * 198.20.5.31 182.6.34.81 tcp dpt:30043 to:192.168.0.5:30043
0 0 DNAT tcp -- * * 198.20.5.32 182.6.34.81 tcp dpt:30043 to:192.168.0.5:30043
0 0 DNAT tcp -- * * 198.20.5.33 182.6.34.81 tcp dpt:30043 to:192.168.0.5:30043
0 0 DNAT tcp -- * * 198.20.5.34 182.6.34.81 tcp dpt:30043 to:192.168.0.5:30043
0 0 DNAT tcp -- * * 198.20.5.35 182.6.34.81 tcp dpt:30043 to:192.168.0.5:30043
0 0 DNAT tcp -- * * 198.20.5.36 182.6.34.81 tcp dpt:30043 to:192.168.0.5:30043
0 0 DNAT tcp -- * * 198.20.5.37 182.6.34.81 tcp dpt:30043 to:192.168.0.5:30043
0 0 DNAT tcp -- * * 198.20.5.38 182.6.34.81 tcp dpt:30043 to:192.168.0.5:30043



4. SIMPLIFICAR AS REGRAS

Fernanda Montovani Albuquerk
fernanda_mon

(usa Debian)

Enviado em 19/04/2018 - 17:44h

Estouro!!!

muito obrigada, ficou show.






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner
Linux banner
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts