Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *filter
- :INPUT DROP [0:0]
- :FORWARD DROP [0:0]
- :OUTPUT ACCEPT [0:0]
- -A INPUT -i lo -j ACCEPT
- -A FORWARD -i lo -j ACCEPT
- -A INPUT -m state --state INVALID -j DROP
- -A INPUT -p icmp -m icmp --icmp-type 0 -m length --length 30:1100 -m limit --limit 4/sec -j ACCEPT
- -A INPUT -p icmp -m icmp --icmp-type 0 -j DROP
- -A INPUT -p icmp -m icmp --icmp-type 8 -m length --length 30:1100 -m limit --limit 4/sec -j ACCEPT
- -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -p tcp --dport 2250 -j ACCEPT
- -A INPUT -p tcp -m multiport --dports 22,53,67,80,953 -j ACCEPT
- -A INPUT -p udp -m multiport --dports 53,67,80,953 -j ACCEPT
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- ####################################################
- ### Coloquei essa linho por indicação de colegas ###
- ####################################################
- -A INPUT -s 10.172.13.111 -p tcp --dport 3128 -j ACCEPT
- #####################################################################
- ### Inicio das configuracoes para o AltecnetCard na tabela filter ###
- #####################################################################
- #
- # Cria a chain ALTECNETCARD na tabela filter
- -N ALTECNETCARD
- #
- ### Acesso aos radios
- #
- #-A FORWARD -s 172.16.0.0/16 -d 192.168.1.0/24 -j ACCEPT
- #-A FORWARD -d 172.16.0.0/16 -s 192.168.1.0/24 -j ACCEPT
- #
- # Redireciona o resto do FORWARD (trafego entrante e sainte) para ALTECNETCARD
- -A FORWARD -j ALTECNETCARD
- # Permite acesso livre ao login.altecnetcard.com.br
- -A ALTECNETCARD -s 187.17.96.84 -j ACCEPT
- -A ALTECNETCARD -d 187.17.96.84 -j ACCEPT
- #-A ALTECNETCARD -s 72.232.181.75 -j ACCEPT
- #-A ALTECNETCARD -d 72.232.181.75 -j ACCEPT
- #-A ALTECNETCARD -s 72.232.38.195 -j ACCEPT
- #-A ALTECNETCARD -d 72.232.38.195 -j ACCEPT
- # Bloqueia o resto
- -A ALTECNETCARD -j DROP
- #############################################################
- ### Final das configuracoes para o AltecnetCard na filter ###
- #############################################################
- #
- COMMIT
- *nat
- :PREROUTING ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A POSTROUTING -o eth0 -j MASQUERADE
- ##########################################################################################################################################
- ## Com essas regras habilitadas as maquinas que se conectam a eth1 que recebem a faixa de ip 10.172.13.x passam direto para a internet ##
- ## O certo seria ser redirecionado para a pagina do apache2 login1.altecnologic.com.br ##
- ##
- ## Sem as regras abaixo os clientges são redirecionados para o apache2 mas o squid pára de funcionar ##
- ##########################################################################################################################################
- -A PREROUTING -i eth1 -s 10.172.13.111 -p tcp --dport 80 -j REDIRECT --to-port 3128
- -A PREROUTING -s 10.172.13.111 -p tcp --dport 3128 -d 187.17.96.84 -j ACCEPT
- #
- ##################################################################
- ### Inicio das configuracoes para o AltecnetCard na tabela nat ###
- ##################################################################
- #
- # Cria a chain ALTECNETCARD na tabela nat
- -N ALTECNETCARD
- #
- # Redireciona o resto da PREROUTING (trafego sainte) para ALTECNETCARD
- -A PREROUTING -i eth1 -j ALTECNETCARD
- # Permite acesso livre ao login.altecnetcard.com.br
- -A ALTECNETCARD -d 187.17.96.84 -j ACCEPT
- # Captura pacotes DNS e HTTP
- -A ALTECNETCARD -p tcp -m multiport --dports 53,80 -j REDIRECT
- -A ALTECNETCARD -p udp -m multiport --dports 53,80 -j REDIRECT
- #-A ALTECNETCARD -p tcp --dport 3128 -j REDIRECT --to 80
- #################################################################
- ### Final das configuracoes para o AltecnetCard na tabela nat ###
- #################################################################
- #
- COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
