xlinux
(usa Ubuntu)
Enviado em 01/10/2013 - 17:56h
Boa tarde pessoal,
Andei adicionando algumas regras no meu fire aqui mas agora não tá compartilhando a net nem a pau... o que tá errado???
fire
#!/bin/sh
# Start/stop/restart the iptables.
# Start firewall:
firewall_start() {
echo "Starting iptables"
## CARREGAR MODULOS DE FIREWALL ##
modprobe ip_nat_ftp
modprobe ip_tables
## LIMPANDO TABELAS ##
/sbin/iptables -t filter -F INPUT
/sbin/iptables -t filter -F FORWARD
/sbin/iptables -t filter -F OUTPUT
/sbin/iptables -t nat -F PREROUTING
/sbin/iptables -t nat -F POSTROUTING
/sbin/iptables -t nat -F OUTPUT
/sbin/iptables -t mangle -F PREROUTING
/sbin/iptables -t mangle -F INPUT
/sbin/iptables -t mangle -F FORWARD
/sbin/iptables -t mangle -F OUTPUT
/sbin/iptables -t mangle -F POSTROUTING
## DEFININDO POLITICA PADRÃO ##
/sbin/iptables -t filter -P INPUT DROP
/sbin/iptables -t filter -P FORWARD DROP
/sbin/iptables -t filter -P OUTPUT ACCEPT
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
/sbin/iptables -t mangle -P PREROUTING ACCEPT
/sbin/iptables -t mangle -P INPUT ACCEPT
/sbin/iptables -t mangle -P FORWARD ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT
/sbin/iptables -t mangle -P POSTROUTING ACCEPT
# REGRAS ##
IPTABLES="/sbin/iptables"
IFNET="eth0"
IFLAN="eth1"
#IFVPN="tun0"
## LIBERA LOOPBACK ##
$IPTABLES -t filter -A INPUT -j ACCEPT -i lo
## LIBERA RETORNO DE PACOTES ##
$IPTABLES -t filter -A INPUT -j ACCEPT -i $IFNET -m state --state ESTABLISHED,RELATED
$IPTABLES -t filter -A INPUT -j ACCEPT -i $IFLAN -m state --state ESTABLISHED,RELATED
$IPTABLES -t filter -A FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED
## LIBERA PARA LAN O ENVIO DE PING PARA WAN ##
$IPTABLES -t filter -A FORWARD -j ACCEPT -i $IFLAN -o $IFNET -p icmp
## LIBERA ACESSO AO DNS SERVER PARA LAN##
$IPTABLES -t filter -A INPUT -j ACCEPT -i $IFLAN -s 192.168.1.0/24 -d 8.8.8.8 -p udp --dport 53
$IPTABLES -t filter -A INPUT -j ACCEPT -i $IFLAN -s 192.168.1.0/24 -d 8.8.4.4 -p udp --dport 53
$IPTABLES -t nat -A PREROUTING -p tcp -i eth1 -p tcp --dport 80 -j REDIRECT --to port 3128
$IPTABLES -t nat -A POSTROUTING -o eth1 -j MASQUERADE
}
# Stop firewall:
firewall_stop() {
/sbin/iptables -t filter -F INPUT
/sbin/iptables -t filter -F FORWARD
/sbin/iptables -t filter -F OUTPUT
/sbin/iptables -t nat -F PREROUTING
/sbin/iptables -t nat -F POSTROUTING
/sbin/iptables -t nat -F OUTPUT
/sbin/iptables -t filter -P INPUT ACCEPT
/sbin/iptables -t filter -P FORWARD ACCEPT
/sbin/iptables -t filter -P OUTPUT ACCEPT
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
}
# Restart firewall:
firewall_restart() {
firewall_stop
sleep 1
firewall_start
}
case "$1" in
'start')
firewall_start
;;
'stop')
firewall_stop
;;
'restart')
firewall_restart
;;
*)
echo "usage $0 start|stop|restart"
esac