vagnerslv
(usa Suse)
Enviado em 06/03/2015 - 16:12h
Olá Galera !
Preciso liberar acesso a algumas portas de alguns computadores da rede interna para acesso externo, como acesso remoto, cameras, exchange, etc, crieu um servidor do zero usando o ubuntu consegui liberar o acesso a internet dos usuários internos mas não consigo acessar as portas de fora, segue abaixo meu script:
#!/bin/bash
iniciar(){
iptables -F
iptables -t nat -F
modprobe iptable_nat
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
#iptables -P INPUT ACCEPT
#iptables -P OUTPUT ACCEPT
#iptables -P FORWARD ACCEPT
#iptables -t nat -A PREROUTING -s 192.168.0.181/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j ACCEPT
iptables -A INPUT -p ALL -s 127.0.0.1 -i lo -j ACCEPT
iptables -A INPUT -p ALL -s 192.168.0.184 -i lo -j ACCEPT
iptables -A INPUT -p ALL -s 192.168.0.181 -i lo -j ACCEPT
iptables -A INPUT -p ALL -s 200.150.222.80 -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s 200.204.0.10 --sport 53 -d 200.150.222.80 -j ACCEPT
iptables -A INPUT -p udp -s 200.204.0.138 --sport 53 -d 200.150.222.80 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j ACCEPT
iptables -A INPUT -p TCP -i eth1 --sport 3389 -j ACCEPT
iptables -A INPUT -p TCP -i eth0 --sport 3389 -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
#acesso remoto
iptables -t nat -A PREROUTING -i 200.150.222.80 -p TCP --dport 3389 -j DNAT --to 192.168.0.181
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.181 -j SNAT --to 200.150.222.80:3389
#acesso exchange
iptables -t nat -A PREROUTING -i 200.150.222.80 -p TCP --dport 80 -j DNAT --to 192.168.0.230
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.230 -j SNAT --to 200.150.222.80:80
iptables -t nat -A PREROUTING -i 200.150.222.80 -p TCP --dport 443 -j DNAT --to 192.168.0.230
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.230 -j SNAT --to 200.150.222.80:443
iptables -t nat -A PREROUTING -i 200.150.222.80 -p TCP --dport 110 -j DNAT --to 192.168.0.230
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.230 -j SNAT --to 200.150.222.80:110
iptables -t nat -A PREROUTING -i 200.150.222.80 -p TCP --dport 25 -j DNAT --to 192.168.0.230
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.230 -j SNAT --to 200.150.222.80:25
}
parar(){
iptables -F -t nat
}
case "$1" in
"start") iniciar ;;
"stop") parar ;;
"restart") parar; iniciar ;;
*) echo "Use os parâmetros start ou stop"
esac