All pastes #2098686 Raw Edit

Mine

public text v1 · immutable
#2098686 ·published 2012-01-03 17:47 UTC
rendered paste body
#!/bin/bash

# modprobe eh usado para carregar modulos do kernel
MOD=$(which modprobe)

# iptables
IPT=$(which iptables)

# Interfaces de rede
I_LINK1="eth0"
I_LINK2="eth2"
I_LAN="eth1"

function start() {
# Carrega o modulo do kernel
  $MOD ip_tables

  # Limpa as regras anteriores
  stop;

  # Habilita redirecionamento de IP
  echo 1 > /proc/sys/net/ipv4/ip_forward

  # Saida dos pacotes pela ADSL
  $IPT -t mangle -A PREROUTING -i $I_LAN -p tcp --dport 3389 -j MARK --set-mark 2
  $IPT -t mangle -A PREROUTING -i $I_LAN -p tcp --dport 80 -j MARK --set-mark 2
  #$IPT -t mangle -A PREROUTING -i $I_LAN -p tcp --dport ! 22 -j MARK --set-mark 2
  #$IPT -t mangle -A PREROUTING -i $I_LAN -p tcp --dport ! 142 -j MARK --set-mark 2
  $IPT -t mangle -A PREROUTING -i $I_LAN -p tcp --dport 0:65535 -j MARK --set-mark 2
  $IPT -t mangle -A PREROUTING -i $I_LAN -p udp --dport 0:65535 -j MARK --set-mark 2
  iptables -A INPUT -p tcp --destination-port 22 -j ACCEPT

  # Toda navegacao sai pela ADSL, o resto pelo link dedicado
  # Saida dos pacotes pelo Link Dedicado
  $IPT -t mangle -A PREROUTING -i $I_LAN -p tcp --dport 22 -j MARK --set-mark 1
  $IPT -t mangle -A PREROUTING -i $I_LAN -p tcp --dport 142 -j MARK --set-mark 1
  $IPT -t mangle -A PREROUTING -i $I_LAN -p tcp --dst irc.freenode.org -j MARK --set-mark 1

  #Forward de portas para o servidor de backup
  iptables -t nat -A PREROUTING -d 187.5.250.106 -p tcp --dport 22 -j DNAT --to 10.1.1.52:22
  iptables -t nat -A PREROUTING -p tcp --dport 34684 -j DNAT --to 10.1.1.30

#Mandar trafego para o servidor web via rede local
  iptables -t nat -A PREROUTING -s 10.1.1.0/8 -d 187.53.232.107 -j DNAT --to-destination 10.1.1.249
#teste do lyric
  iptables -t nat -A PREROUTING -i eth1 -d 74.125.65.141 -j DNAT --to-destination 10.1.1.249

   echo "Firewall iniciado."

  modprobe iptable_nat
 echo "1" > /proc/sys/net/ipv4/ip_forward

#Compartilhando linksiptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A INPUT -p tcp -s 10.1.1.0/255.0.0.0 -j ACCEPT
iptables -A INPUT -p udp -s 10.1.1.0/255.0.0.0 -j ACCEPT

iptables -A FORWARD -d 10.1.1.249 -j ACCEPT
iptables -A FORWARD -s 10.1.1.249 -j ACCEPT
}

function stop() {
# Limpa a tabela mangle
  $IPT -t mangle -F
  $IPT -t mangle -X
  $IPT -F
  $IPT -X
  echo "Firewall parado."

}

case $1 in
  'start') start; exit ;;
  'stop') stop; exit ;;
  'restart') stop; start; exit ;;
  *) start; exit ;;
esac