Firewall Barrando a Net [RESOLVIDO]

1. Firewall Barrando a Net [RESOLVIDO]

xlinux
(usa Ubuntu)

Enviado em 01/10/2013 - 17:56h

Boa tarde pessoal,

Andei adicionando algumas regras no meu fire aqui mas agora não tá compartilhando a net nem a pau... o que tá errado???

fire

#!/bin/sh
# Start/stop/restart the iptables.

# Start firewall:
firewall_start() {
echo "Starting iptables"

## CARREGAR MODULOS DE FIREWALL ##

modprobe ip_nat_ftp
modprobe ip_tables

## LIMPANDO TABELAS ##

/sbin/iptables -t filter -F INPUT
/sbin/iptables -t filter -F FORWARD
/sbin/iptables -t filter -F OUTPUT

/sbin/iptables -t nat -F PREROUTING
/sbin/iptables -t nat -F POSTROUTING
/sbin/iptables -t nat -F OUTPUT

/sbin/iptables -t mangle -F PREROUTING
/sbin/iptables -t mangle -F INPUT
/sbin/iptables -t mangle -F FORWARD
/sbin/iptables -t mangle -F OUTPUT
/sbin/iptables -t mangle -F POSTROUTING

## DEFININDO POLITICA PADRÃO ##

/sbin/iptables -t filter -P INPUT DROP
/sbin/iptables -t filter -P FORWARD DROP
/sbin/iptables -t filter -P OUTPUT ACCEPT

/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT

/sbin/iptables -t mangle -P PREROUTING ACCEPT
/sbin/iptables -t mangle -P INPUT ACCEPT
/sbin/iptables -t mangle -P FORWARD ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT
/sbin/iptables -t mangle -P POSTROUTING ACCEPT

# REGRAS ##

IPTABLES="/sbin/iptables"

IFNET="eth0"
IFLAN="eth1"
#IFVPN="tun0"

## LIBERA LOOPBACK ##

$IPTABLES -t filter -A INPUT -j ACCEPT -i lo

## LIBERA RETORNO DE PACOTES ##

$IPTABLES -t filter -A INPUT -j ACCEPT -i $IFNET -m state --state ESTABLISHED,RELATED
$IPTABLES -t filter -A INPUT -j ACCEPT -i $IFLAN -m state --state ESTABLISHED,RELATED
$IPTABLES -t filter -A FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED

## LIBERA PARA LAN O ENVIO DE PING PARA WAN ##

$IPTABLES -t filter -A FORWARD -j ACCEPT -i $IFLAN -o $IFNET -p icmp

## LIBERA ACESSO AO DNS SERVER PARA LAN##

$IPTABLES -t filter -A INPUT -j ACCEPT -i $IFLAN -s 192.168.1.0/24 -d 8.8.8.8 -p udp --dport 53
$IPTABLES -t filter -A INPUT -j ACCEPT -i $IFLAN -s 192.168.1.0/24 -d 8.8.4.4 -p udp --dport 53

$IPTABLES -t nat -A PREROUTING -p tcp -i eth1 -p tcp --dport 80 -j REDIRECT --to port 3128
$IPTABLES -t nat -A POSTROUTING -o eth1 -j MASQUERADE

}
# Stop firewall:
firewall_stop() {
/sbin/iptables -t filter -F INPUT
/sbin/iptables -t filter -F FORWARD
/sbin/iptables -t filter -F OUTPUT
/sbin/iptables -t nat -F PREROUTING
/sbin/iptables -t nat -F POSTROUTING
/sbin/iptables -t nat -F OUTPUT

/sbin/iptables -t filter -P INPUT ACCEPT
/sbin/iptables -t filter -P FORWARD ACCEPT
/sbin/iptables -t filter -P OUTPUT ACCEPT

/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
}

# Restart firewall:
firewall_restart() {
firewall_stop
sleep 1
firewall_start
}

case "$1" in
'start')
firewall_start
;;
'stop')
firewall_stop
;;
'restart')
firewall_restart
;;
*)
echo "usage $0 start|stop|restart"
esac

0 0

Quote