[GTER] Regras Nat

thiago at kionux.com.br thiago at kionux.com.br
Thu Dec 2 16:48:58 -02 2004


#Servicos Permitidos 
  #DNS 
  $IPTABLES -t nat -A PREROUTING -p tcp -d $NS1_SERVER --dport 53 -j DNAT --to

$NS1:53 
  $IPTABLES -t nat -A PREROUTING -p udp -d $NS1_SERVER --dport 53 -j DNAT --to

$NS1:53 
  $IPTABLES -t nat -A PREROUTING -p tcp -d $NS2_SERVER --dport 53 -j DNAT --to

$NS2:53 
  $IPTABLES -t nat -A PREROUTING -p udp -d $NS2_SERVER --dport 53 -j DNAT --to

$NS2:53 
  # WWW 
  $IPTABLES -t nat -A PREROUTING -p tcp -d $WEB_SERVER --dport 80 -j DNAT --to

$WEB:80 
  #FTP (ftp, ftp-data) 
  $IPTABLES -t nat -A PREROUTING -p tcp -d $FTP_SERVER --dport 20 -j DNAT --to

$FTP:20 
  $IPTABLES -t nat -A PREROUTING -p tcp -d $FTP_SERVER --dport 21 -j DNAT --to

$FTP:21 
  # EMAIL (smtp, pop3) 
  $IPTABLES -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport 25 -j DNAT --to

$MAIL:25 
  $IPTABLES -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport 110 -j DNAT --to

$MAIL:110 
  #SSH 
  $IPTABLES -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport 22 -j DNAT --to

$MAIL:22 

  ###Postrouting para o Servidor interno 
  $IPTABLES -t nat -A POSTROUTING -o $ETH_ARPA -s 192.168.100.249 -j SNAT --to

200.xxx.xxx.xxx 


  ###Configuracao do SQUID Proxy Transparente 
  $IPTABLES -t nat -A PREROUTING -s $LOCAL_NET -p tcp --dport 80 -j REDIRECT 
--to-port 8080 

  ###Configuracao das maquinas do clientes 
  $IPTABLES -t nat -A POSTROUTING -o $ETH_ARPA -s $LOCAL_NET -j SNAT --to 
200.xxx.xxx.xxx 

aonde ETH_ARPA e interface para internet 

Desde ja muito obrigado Thiago. 

Thiago Cesar de Oliveira Rodrigues
ICQ 41369776
MSN thiago_rodrigues at hotmail.com
Yahoo Messeger thiago_ce at yahoo.com
http://www.kionux.com.br

----------------------------<br>
http://kionux.com.br



More information about the gter mailing list