Imagine um cenário onde teremos uma interface de rede voltada para o roteador de saída(INTERNET) com o ip 192.168.100.2
eem eth1 para rede 192.168.254.0/24 em eth0 para rede local.
Segue um exemplode firewall para esta situação.
Módulos necessários:
iptable_nat
ip_tables
ipt_state
ip_conntrack
ip_conntrack_ftp
ipt_multiport
ip_nat_ftp
iptable_mangle
ipt_tos
ipt_limit
ipt_ttl
iptable_filter
ipt_MASQUERADE
ipt_LOG
#ipt_layer7
nf_nat
iptable_mangle
xt_string
ts_kmp
xt_MARK
xt_mark
xt_CONNMARK
######## SCRIPT DE FIREWALL #################
#!/bin/bash
################################ Limpa tables e seta variaveis do kernel ############################
echo "Iniciando firewall.."
echo "Limpando tabelas e setando variaveis do kernel.."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
### Variaveis ###
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 2 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 2 > /proc/sys/net/ipv4/conf/eth1/rp_filter
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo "0" > /proc/sys/net/ipv4/conf/eth0/accept_source_route
echo "0" > /proc/sys/net/ipv4/conf/eth1/accept_source_route
### Seta Politicas de privacidade ###
echo "Setando politicas de privacidade.."
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# Abre a interface de loopback.
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
########################## SNAT - COMPARTILHAMENTO ########################
echo "Habilitando compartilhamento.."
iptables -t nat -A POSTROUTING -s 192.168.254.0/24 -j SNAT –to-source 192.168.100.2
0 comentário ↓
There are no comments yet...Kick things off by filling out the form below.
Deixe um comentário