Public Pastes
daily pastebin goal
26%
SHARE
TWEET

Untitled

a guest Oct 20th, 2012 331 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. modem (192.168.25.1)---- eth0(192.168.25.100)<-->eth1(10.1.1.1)-----router(192.168.0.1)----maquinas
  2.  
  3.  
  4.  
  5. #### Ativa Modulos
  6.  
  7.         /sbin/modprobe ip_conntrack
  8.         /sbin/modprobe ip_conntrack_ftp
  9.         /sbin/modprobe ip_nat_ftp
  10.         /sbin/modprobe ipt_LOG
  11.         /sbin/modprobe ip_conntrack_irc ports=6666,6667,6668,8001
  12.  
  13. #### Limpa tabelas e configura defaults
  14.         iptables -F -t filter
  15.         iptables -F -t nat
  16.         iptables -F -t mangle
  17.  
  18.         ## Delete chains nao defaults
  19.         iptables -X
  20.         iptables -X -t nat
  21.         iptables -X -t mangle
  22.  
  23.         iptables -P INPUT  DROP -t filter
  24.         iptables -P OUTPUT ACCEPT -t filter
  25.         iptables -P FORWARD DROP -t filter
  26.  
  27.         iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  28. # Libera acesso ao ICMP (Ping) nas interfaces LAN e WAN
  29. iptables -A INPUT -i eth0 -p icmp -j ACCEPT
  30. iptables -A INPUT -i eth1 -p icmp -j ACCEPT
  31.  
  32. # Libera SSH na porta 22
  33. iptables -I INPUT -i eth1 -p tcp  -s 0/0 --dport 22 -j ACCEPT
  34. iptables -I INPUT -i eth0 -p tcp  -s 0/0 --dport 22 -j ACCEPT
  35.  
  36. # Libera IRC na porta 8001 nas interfaces LAN e WAN
  37. iptables -I INPUT -i eth1 -p udp -s 0/0 --dport 8001 -j ACCEPT
  38. iptables -I INPUT -i eth0 -p udp -s 0/0 --dport 8001 -j ACCEPT
  39.  
  40. ### Aceitar conexões IRC (porta 6667 a 6669)
  41. iptables -A INPUT -p tcp --destination-port 6667:6669 -j ACCEPT
  42. iptables -A INPUT -p tcp --destination-port 8001 -j ACCEPT
  43.  
  44. iptables -A INPUT -i eth1 -p tcp --dport 6588 -j ACCEPT
  45. iptables -A INPUT -i eth1 -p tcp --dport 3130 -j ACCEPT
  46.  
  47.  
  48. # Libera HTTP e HTTPs para o firewall da rede interna
  49. iptables -I INPUT -i eth1 -p tcp -s 0/0 --dport 80  -j ACCEPT
  50. iptables -I INPUT -i eth1  -p tcp -s 0/0 --dport 443 -j ACCEPT
  51.  
  52. # Libera DNS (rede interna para externa)
  53. iptables -I INPUT -i eth1 -p udp -s 0/0 --dport 53  -j ACCEPT
  54.  
  55. # Libera acesso ao proxy (rede interna)
  56. iptables -I INPUT -i eth1 -p tcp -s 0/0 --dport 3128  -j ACCEPT
  57.  
  58. # Mantem o estado das conexoes da interface de loopback
  59. iptables -I INPUT  -s 127.0.0.1  -m state --state RELATED,ESTABLISHED -j ACCEPT
  60. iptables -I OUTPUT  -s 127.0.0.1  -m state --state RELATED,ESTABLISHED -j ACCEPT
  61.  
  62. # Libera acesso do proprio servidor para servicos locais
  63. iptables -I INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1  --dport 22 -j ACCEPT
  64. iptables -A INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 --dport 25 -j ACCEPT
  65. iptables -I INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 --dport 53 -j ACCEPT
  66. iptables -I INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1  --dport 80 -j ACCEPT
  67. iptables -I INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1  --dport 110 -j ACCEPT
  68. iptables -A INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 --dport 443 -j ACCEPT
  69. iptables -A INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 --dport 8001 -j ACCEPT
  70. iptables -I INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1  --dport 3128 -j ACCEPT
  71. iptables -I INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1  -j ACCEPT
  72. iptables -I INPUT -p udp -s 127.0.0.1 -d 127.0.0.1  -j ACCEPT
  73.  
  74. # Ativa mascaramento (rede interna para o IP da WAN)
  75. iptables -A POSTROUTING -t nat -o eth0 -s 10.1.1.0/24 -j MASQUERADE
  76.  
  77. # para manter as conexoes existentes com o proprio servidor (entrada)
  78. iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  79. # para manter as conexoes existentes com o proprio servidor (saida)
  80. iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  81.  
  82. # Libera a resolucao de DNS no servidor local
  83. iptables -I INPUT -i eth1 -p udp -s 10.1.1.0/24 -d 0/0 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  84.  
  85. # Redireciona os acessos a porta 80 para o SQUID local (proxy transparente)
  86. # Libera do proxy transparente esta faixa
  87. iptables -t nat -A PREROUTING -i eth1 -p tcp -s 0/0 -d 10.1.1.0/24 -j ACCEPT
  88. # Redireciona os acessos da porta 80 para a porta 3128 (SQUID)
  89. iptables -t nat -A PREROUTING -i eth1 -p tcp -s 10.1.1.0/24 --dport 80 -j REDIRECT --to-port 3128
  90.  
  91. ### Liberacoes (rede interna para fora)
  92. # SSH
  93. iptables -A FORWARD -i eth1 -p tcp -s 10.1.1.0/24 -d 0/0 --dport 22 -j ACCEPT
  94. # ICMP
  95. iptables -A FORWARD -i eth1 -p icmp -s 10.1.1.0/24 -d 0/0 -j ACCEPT
  96. # DNS
  97. iptables -A FORWARD -i eth1 -p udp -s 10.1.1.0/24 -d 0/0 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  98.  
  99. # Redireciona portas
  100. #Terminal Service - RDP
  101. #iptables -A FORWARD -i eth0 -d 10.1.1.253/32 -j ACCEPT
  102. #iptables -A PREROUTING -t nat -p tcp -d 192.168.25.254 --dport 3389 -j DNAT --to 10.1.1.253:3389
  103. #VNC
  104. #iptables -A FORWARD -i eth0 -d 10.1.1.252/32 -j ACCEPT
  105. #iptables -A PREROUTING -t nat -p tcp -d 192.168.25.254 --dport 5900 -j DNAT --to 10.1.1.252:5900
  106. #DVR
  107. #iptables -A FORWARD -i eth0 -d 10.1.1.251/32 -j ACCEPT
  108. #iptables -A PREROUTING -t nat -p tcp -d 192.168.25.254 --dport 8880 -j DNAT --to 10.1.1.251:80
  109. #iptables -A PREROUTING -t nat -p tcp -d 192.168.25.254 --dport 37777 -j DNAT --to 10.1.1.251:37777
  110. #BD - Postgresql
  111. #iptables -A FORWARD -i eth0 -d 10.1.1.250/32 -j ACCEPT
  112. #iptables -A PREROUTING -t nat -p tcp -d 192.168.25.254 --dport 5531 -j DNAT --to 10.1.1.250:5432
  113. #FTP Server
  114. iptables -A FORWARD -i eth0 -d 10.1.1.249/32 -j ACCEPT
  115. iptables -A PREROUTING -t nat -p tcp -d 192.168.25.254 --dport 221 -j DNAT --to 10.1.1.249:21
  116. #Fim do script
RAW Paste Data
Pastebin PRO WINTER Special!
Get 40% OFF Pastebin PRO accounts!
Top