akilesbrasil
(usa Debian)
Enviado em 27/10/2008 - 18:11h
Enviado em 14/10/2008 - 11:05h:
Interligação de Redes!!!!
matriz
eth0 200.xxx.xxx.xxx
eth1 192.168.4.1
eth2 172.16.0.2
Filial 1
eth0 172.16.0.3
eth1 192.168.5.1
Filial 2
eth0 172.16.0.4
na matriz fasso um "nat" (da eth0 para eth1) pra libera net pra rede local (eth1) funciona agora vem a pergunta
como liberar a net para as filiais que se conectam por outra interface (eth2)??
ja tentei usas o mesmo comando que uso na eth1 mais não da certo esse e meu firewall:
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
#----Libera Regras do Kernel----#
iptables -F
iptables -t nat -F
#-----Libera Internet-----#
echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
echo 1 > /proc/sys/net/ipv4/ip_forward
#---Desativar Redirecionador de ICMP:---#
if [ -e /proc/sys/net/ipv4/conf/all/accept_redirects ] ; then
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do
echo 0 > $f
done
#
for f in /proc/sys/net/ipv4/conf/*/send_redirects; do
echo 0 > $f
done
fi
#
#---Desativar Rota de Origem dos pacotes:---#
if [ -e /proc/sys/net/ipv4/conf/all/accept_source_route ]; then
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
echo 0 > $f
done
fi
#
#------------------------------------------#
#
#----Carrega Modulor do Kernel----#
modprobe ip_vs_ftp
modprobe ipt_REDIRECT
modprobe xt_conntrack
modprobe ip_tables
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe iptable_filter
modprobe iptable_mangle
modprobe iptable_nat
modprobe ip_nat_ftp
modprobe ipt_LOG
modprobe ipt_limit
modprobe ipt_state
modprobe ipt_owner
modprobe ipt_REJECT
modprobe ipt_MASQUERADE
### Libera A Internet para a rede LAN ###
iptables -t nat -A POSTROUTING -s 192.168.4.0/24 -o eth0 -j SNAT --to 200.xxx.xxx.xxx
iptables -t nat -A POSTROUTING -s 172.16.0.0/16 -o eth0 -j SNAT --to 200.xxx.xxx.xxx
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#---Libera Internet para os servidores da Imobiliaira e da Info---#
iptables -t nat -A PREROUTING -s 192.168.4.2 -d 0.0.0.0/0 -j ACCEPT
iptables -t nat -A PREROUTING -s 192.168.4.3 -d 0.0.0.0/0 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.3 -d 0.0.0.0/0 -j ACCEPT
iptables -t nat -A PREROUTING -s 172.16.0.4 -d 0.0.0.0/0 -j ACCEPT
#---Libera Aceso ao terminal Server---#
iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 192.168.4.1 --dport 3389 -j DNAT --to 192.168.4.200
iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 200.xxx.xxx.xxx --dport 3389 -j DNAT --to 192.168.4.200
iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 172.16.0.2 --dport 3389 -j DNAT --to 192.168.4.200
#---------LIBERA POP E SMTP----------#
iptables -A FORWARD -p udp -s 192.168.4.0/24 -d 200.xxx.xxx.xxx --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 200.1xxx.xxx.xxx --sport 53 -d 192.168.4.0/24 -j ACCEPT
iptables -A FORWARD -p TCP -s 192.168.4.0/24 --dport 25 -j ACCEPT
iptables -A FORWARD -p TCP -s 192.168.4.0/24 --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp --sport 25 -j ACCEPT
iptables -A FORWARD -p tcp --sport 110 -j ACCEPT
#----------ROTAS DA VPN--------------#
#route add -net 192.168.6.0 netmask 255.255.255.0 gw 172.16.0.3
#------Redirecionamento do portal----#
#iptables -t nat -A PREROUTING -d 200.xxx.xxx.xxx -p tcp -m tcp --dport 21 -j DNAT --to-destination 192.168.4.81:21
#iptables -t nat -A PREROUTING -d 200.xxx.xxx.xxx -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.4.81:80
exit 0
Contato:
msn: lg_luiz_gustavo_@hotmail.com
desde ja agradeço...
Muito Obrigado a todos!!!