xlinux
(usa Ubuntu)
Enviado em 17/01/2015 - 20:27h
Entendi amigo obrigado pela resposta, à proposito tem firewall poderia dar uma olhada nele por favor..ele tem atendido minhas necessidades aqui é bom uma opinião pra ver se estou fazendo as coisas corretas mesmo.
#!/bin/bash
iptables -F
iptables -X
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_tables
modprobe ipt_string
# Bloqueando a ultra surf
#iptables -A FORWARD -d 65.49.14.0/24 -j LOG --log-prefix "=ultraSurf="
#Forçando a passar pelo proxy
iptables -A FORWARD -p tcp --dport 80 -j REJECT
iptables -A FORWARD -p tcp --dport 8080 -j REJECT
iptables -A FORWARD -p tcp --dport 21 -j REJECT
#iptables -t nat -A PREROUTING -p tcp -i eth1 -p tcp --dport 80 -j REDIRECT --to port 3128
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A FORWARD -d 65.49.14.0/24 -j LOG --log-prefix "=ultraSurf="
iptables -A FORWARD -t filter -j ACCEPT
iptables -A FORWARD -t filter -j ACCEPT -m state --state ESTABLISHED,RELATED,NEW
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#LIBERA DNS SERVER PARA A REDE
iptables -A INPUT -p tcp -s 192.168.1.250 --sport 53 -d 192.168.1.0/24 -j ACCEPT
# LIBERA PORTA PARA CAMERA
iptables -t nat -A PREROUTING -j DNAT --to 192.168.0.191 -i eth0 -d 192.168.1.9 -p tcp --dport 7000
iptables -A FORWARD -j ACCEPT -i eth0 -o eth1 -s 0/0 -d 192.168.1.191 -p tcp --dport 7000
# Libera Web Service
#iptables -t nat -A PREROUTING -i eth1 -d !189.38.91.114 -p tcp --dport 80 -j REDIRECT --to 3128
##PROTECOES
#PROTEGE CONTRA OS "PING OF DEATH"
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 20/m -j REJECT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 20/m -j REJECT
# Protege contra port scanners avan�ados (Ex.: nmap)
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 20/m -j ACCEPT
# Bloqueando tracertroute
iptables -A INPUT -p udp -s 0/0 -i eth0 --dport 33435:33525 -j REJECT
# Protecoes contra ataques
iptables -A INPUT -m state --state INVALID -j REJECT
#BARRANDO ACESSO AO NTOP PARA O MUNDO E LIBERANDO PARA REDE INTERNA
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3000 -j DROP
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 3000 -j ACCEPT
iptables -t filter -A INPUT -i eth1 -p tcp --dport 3000 -j ACCEPT
#iMesh:
iptables -A FORWARD -d 216.35.208.0/24 -j REJECT
#Bloqueando os -:P2P:- (se voce deseja utilizar um desses softwares, apenas retire o comentario e substitua a condicao de: REJECT, para ACCEPT)
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 6881:6889 -j DNAT --to-dest 192.168.1.250
iptables -A FORWARD -p tcp -i eth0 --dport 6881:6889 -d 192.168.1.250 -j REJECT
#BearShare:
iptables -A FORWARD -p tcp --dport 6346 -j REJECT
#WinMX:
iptables -A FORWARD -d 209.61.186.0/24 -j REJECT
iptables -A FORWARD -d 64.49.201.0/24 -j REJECT
#Napigator:
iptables -A FORWARD -d 209.25.178.0/24 -j REJECT
#Morpheus:
iptables -A FORWARD -d 206.142.53.0/24 -j REJECT
iptables -A FORWARD -p tcp --dport 1214 -j REJECT
#KaZaA:
iptables -A FORWARD -d 213.248.112.0/24 -j REJECT
iptables -A FORWARD -p tcp --dport 1214 -j REJECT
#Limewire:
iptables -A FORWARD -p tcp --dport 6346 -j REJECT
#Audiogalaxy:
iptables -A FORWARD -d 64.245.58.0/23 -j REJECT
iptables -A FORWARD -m string --string "find_node" --algo bm -j DROP
Obrigado