Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #ETH0 = Interface Internet
- #ETH1 = Interface Local
- # CRIANDO AS VARIAVEIS
- WAN=MEU_LINK
- LOCAL="10.0.0.104"
- INTERNA=eth1
- CAIXA=200.201.174.0/24
- DOMINUS=IP-CLIENTE
- # Limpando todas as tabelas e regras
- iptables -F
- iptables -X
- iptables -t nat -F
- iptables -t nat -X
- # Carregando o modulo NAT e ModProb do GRE
- modprobe=iptables
- modprobe=iptable=nat
- #/sbin/modprobe iptable_nat
- /sbin/modprobe ip_conntrack
- /sbin/modprobe ip_gre
- /sbin/modprobe ip_nat_pptp
- /sbin/modprobe ip_conntrack_pptp
- /sbin/modprobe ip_conntrack_sip
- /sbin/modprobe ip_nat_sip
- # PSAD
- iptables -A INPUT -j LOG
- iptables -A FORWARD -j LOG
- # Setando as politicas padroes
- iptables -A INPUT -j ACCEPT
- iptables -A FORWARD -j ACCEPT
- iptables -A OUTPUT -j ACCEPT
- # Liberando a interface de loopback
- iptables -A INPUT -i Io -j ACCEPT
- # Status da conexao
- iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- # Liberando a internet para a rede
- echo "1" > /proc/sys/net/ipv4/ip_forward
- # Mascarando os ips da intranet
- iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
- # Liberando o DNS
- iptables -A FORWARD -p udp --dport 53 -j ACCEPT
- iptables -t nat -A POSTROUTING -s 10.0.0.3/24 -o eth0 -j ACCEPT
- ############ VOIP - VONO ############
- iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 5060 -j DNAT --to-destination 10.0.0.5:5060
- iptables -A FORWARD -p tcp -i eth0 -o eth1 -d 10.0.0.5 --dport 5060 -j ACCEPT
- iptables -A INPUT -p udp --dport 5060 -j ACCEPT
- iptables -A FORWARD -o eth0 -p udp --dport 5060 -j ACCEPT
- #iptables -A FORWARD -s 10.0.0.5 -d 0/0 -j ACCEPT
- #iptables -A FORWARD -s 0/0 -d 10.0.0.5 -j ACCEPT
- iptables -A INPUT -i eth0 -p tcp --dport 5060:5070 -j ACCEPT
- iptables -A INPUT -i eth0 -p udp --dport 5060:5070 -j ACCEPT
- iptables -A INPUT -i eth0 -p udp --dport 1571 -j ACCEPT
- iptables -A INPUT -i eth0 -p tcp --dport 1571 -j ACCEPT
- iptables -t nat -A PREROUTING -p tcp --dport 5060:5070 -j DNAT --to 10.0.0.5
- iptables -t nat -A PREROUTING -p udp --dport 5060:5070 -j DNAT --to 10.0.0.5
- iptables -t nat -A PREROUTING -p udp --dport 1571 -j DNAT --to 10.0.0.5
- iptables -t nat -A PREROUTING -p tcp --dport 1571 -j DNAT --to 10.0.0.5
- iptables -t nat -A PREROUTING -p udp --dport 2543 -j DNAT --to 10.0.0.5
- iptables -t nat -A PREROUTING -p tcp --dport 2543 -j DNAT --to 10.0.0.5
- iptables -t nat -A PREROUTING -p udp --dport 8000:8050 -j DNAT --to 10.0.0.5
- iptables -t nat -A PREROUTING -p tcp --dport 8000:8050 -j DNAT --to 10.0.0.5
- iptables -A FORWARD -p udp --dport 2543 -j ACCEPT
- iptables -t nat -A PREROUTING -p udp --dport 5 -j DNAT --to 10.0.0.5
- ############# CAIXA - CONECTIVIDADE SOCIAL ################
- iptables -t nat -A PREROUTING -i $LOCAL -p tcp -d ! 200.201.0.0/16 --dport 80 -j REDIRECT --to-port 8080
- iptables -t nat -A PREROUTING -i $LOCAL -p tcp -d ! 200.201.174.207 --dport 80 -j REDIRECT --to-port 8080
- iptables -t nat -I PREROUTING -p tcp -d 200.201.0.0/16 -j ACCEPT
- iptables -t nat -I PREROUTING -p tcp -d 200.223.0.0 -j ACCEPT
- iptables -I FORWARD -p tcp -d 200.201.0.0/16 -j ACCEPT
- iptables -I FORWARD -p tcp -d 200.223.0.0 -j ACCEPT
- ###### LIBERAR TUDO PARA A MAQUINA 118 ##########
- iptables -t nat -A POSTROUTING -d 0/0 -s 10.0.0.118 -j SNAT --to $WAN
- iptables -t filter -A FORWARD -d 10.0.0.118 -j ACCEPT
- iptables -t filter -A FORWARD -s 10.0.0.118 -j ACCEPT
- ################### PROXY ######################
- iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
- #################### PROTECAO ######################
- iptables -A INPUT -m state --state INVALID -j DROP
- #################### IMSPECTOR - (Captura MSN) #####################
- iptables -t nat -A PREROUTING -p tcp --destination-port 1863 -j REDIRECT --to-port 16667
- iptables -t nat -A PREROUTING -p tcp --destination-port 5222 -j REDIRECT --to-port 16667
- iptables -t nat -A PREROUTING -p tcp --destination-port 5223 -j REDIRECT --to-port 16667
- iptables -t nat -A PREROUTING -p tcp --destination-port 5190 -j REDIRECT --to-port 16667
- iptables -t nat -A PREROUTING -p udp --destination-port 5050 -j REDIRECT --to-port 16667
- iptables -t nat -A PREROUTING -p udp --destination-port 6667 -j REDIRECT --to-port 16667
- iptables -t nat -A PREROUTING -p udp --destination-port 8074 -j REDIRECT --to-port 16667
- iptables -t nat -A PREROUTING -p udp --destination-port 1080 -j REDIRECT --to-port 16667
- ######## Liberando o Acesso a WEB
- iptables -A INPUT -p tcp --dport 80 --syn -j ACCEPT
- iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 10.0.0.118
- ################# LIBERANDO WEBMAIL - EXCHANGE ###################
- iptables -t nat -A PREROUTING -p tcp --dport 6969 -j DNAT --to 10.0.0.3
- iptables -t nat -A PREROUTING -p tcp --dport 995 -j DNAT --to 10.0.0.3
- ################### EXCHANGE #####################
- iptables -A FORWARD -p tcp -s 10.0.0.0/24 --dport 25 -j ACCEPT
- iptables -A FORWARD -p tcp -s 10.0.0.0/24 --dport 110 -j ACCEPT
- iptables -A FORWARD -p tcp --sport 25 -j ACCEPT
- iptables -A FORWARD -p tcp --sport 110 -j ACCEPT
- iptables -t nat -A POSTROUTING -d $WAN/255.255.255.252 -p tcp --dport 443 -j SNAT --to 10.0.0.3
- iptables -t nat -A PREROUTING -d $WAN/255.255.255.252 -p tcp --dport 1110 -j DNAT --to 10.0.0.3
- ############################# CAMERAS SEGURANCA ##################
- iptables -t nat -A PREROUTING -p tcp --dport 8089 -j DNAT --to 10.0.0.7:8080
- # SITE 2 com No-IP
- iptables -t nat -A PREROUTING -p tcp --dport 9099 -j DNAT --to 10.0.0.4:80
- # Setando a politica padrao para DROPAR o que não estiver liberado
- # BLOQUEANDO TUDO O QUE NÃO FOI LIBERADO
- iptables -A INPUT -j DROP
- iptables -A FORWARD -j DROP
- iptables -A OUTPUT -j DROP
- # FIM
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
