[Ubuntu-BR] Help IPTABLES

Flávio Alexandre falexandre.reis.listas em gmail.com
Segunda Julho 7 17:02:29 UTC 2008 

Olá pessoal,
estou com algumas dúvidas aqui no iptables, podem me ajudar ?

Estou instalando um novo servidor que irá compartilhar um linka a EMBRATEL
com duas redes, a pricipaio preciso fazer ele funcionar com apenas uma rede,
segue minhas chains, porém nao está dando certo, estou estudando o Iptbales
pra melhorar cada vez mais meu firewall.

peguei ums maquina da intranet pra testar o compartilhamento da conexão,
configurei a mesma a seguinte forma

ip: 192.168.0.4
gateway : 192.168.0.1
dns:  informados pela embratel

alguem pode me ajduar no que estou errando, pois a maq cliente naotem acesso
a internet.

#!/bin/bash

echo "Iniciando o IPTables..."
echo

##############
##Variáveis##
#############
ip_adm='192.168.0.0'
it_ext='eth0'   # ip da embratel
it_int='eth1'    # intranet
it_com='eth2' # servidor de comunicação
cmd_iptables='/sbin/iptables'

###########################################
##   Limpa todas as regras               ##
###########################################
echo "Limpando as regras..."
$cmd_iptables -F
$cmd_iptables -X
$cmd_iptables -t nat -F
echo

####################################
##Habilita roteamento entre placas##
####################################
echo "1" > /proc/sys/net/ipv4/ip_forward

######################
##Carrega os módulos##
######################
echo "Carregando novas regras..."
echo
/sbin/modprobe iptable_natt
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp

#########################################################
##Trava o envio de entrada/saida de pacotes no Firewall##
#########################################################
$cmd_iptables -P INPUT DROP
$cmd_iptables -P FORWARD DROP
$cmd_iptables -P OUTPUT ACCEPT

#########################
##Rede Administrativa  ##
#########################
#NAT
$cmd_iptables -t nat -A POSTROUTING -s $ip_adm/24 -o $it_ext -j MASQUERADE

#DNS 53
$cmd_iptables -A FORWARD -p tcp -s $ip_adm/24 -d 0/0 --dport 53 -j ACCEPT
$cmd_iptables -A FORWARD -p udp -s $ip_adm/24 -d 0/0 --dport 53 -j ACCEPT

# Web 80/8080/8081
$cmd_iptables -A FORWARD -p tcp -s $ip_adm/24 -d 0/0 --dport 80 -j ACCEPT
$cmd_iptables -A FORWARD -p tcp -s $ip_adm/24 -d 0/0 --dport 8080 -j ACCEPT
$cmd_iptables -A FORWARD -p tcp -s $ip_adm/24 -d 0/0 --dport 8081 -j ACCEPT

echo " ############################### "
echo " # FINAL DO SCRIPT DE FIREWALL # "
echo " ############################### "

att:

Flavio Alexandre

More information about the ubuntu-br mailing list