[GTER] Regras Nat
thiago at kionux.com.br
thiago at kionux.com.br
Thu Dec 2 16:48:58 -02 2004
#Servicos Permitidos
#DNS
$IPTABLES -t nat -A PREROUTING -p tcp -d $NS1_SERVER --dport 53 -j DNAT --to
$NS1:53
$IPTABLES -t nat -A PREROUTING -p udp -d $NS1_SERVER --dport 53 -j DNAT --to
$NS1:53
$IPTABLES -t nat -A PREROUTING -p tcp -d $NS2_SERVER --dport 53 -j DNAT --to
$NS2:53
$IPTABLES -t nat -A PREROUTING -p udp -d $NS2_SERVER --dport 53 -j DNAT --to
$NS2:53
# WWW
$IPTABLES -t nat -A PREROUTING -p tcp -d $WEB_SERVER --dport 80 -j DNAT --to
$WEB:80
#FTP (ftp, ftp-data)
$IPTABLES -t nat -A PREROUTING -p tcp -d $FTP_SERVER --dport 20 -j DNAT --to
$FTP:20
$IPTABLES -t nat -A PREROUTING -p tcp -d $FTP_SERVER --dport 21 -j DNAT --to
$FTP:21
# EMAIL (smtp, pop3)
$IPTABLES -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport 25 -j DNAT --to
$MAIL:25
$IPTABLES -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport 110 -j DNAT --to
$MAIL:110
#SSH
$IPTABLES -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport 22 -j DNAT --to
$MAIL:22
###Postrouting para o Servidor interno
$IPTABLES -t nat -A POSTROUTING -o $ETH_ARPA -s 192.168.100.249 -j SNAT --to
200.xxx.xxx.xxx
###Configuracao do SQUID Proxy Transparente
$IPTABLES -t nat -A PREROUTING -s $LOCAL_NET -p tcp --dport 80 -j REDIRECT
--to-port 8080
###Configuracao das maquinas do clientes
$IPTABLES -t nat -A POSTROUTING -o $ETH_ARPA -s $LOCAL_NET -j SNAT --to
200.xxx.xxx.xxx
aonde ETH_ARPA e interface para internet
Desde ja muito obrigado Thiago.
Thiago Cesar de Oliveira Rodrigues
ICQ 41369776
MSN thiago_rodrigues at hotmail.com
Yahoo Messeger thiago_ce at yahoo.com
http://www.kionux.com.br
----------------------------<br>
http://kionux.com.br
More information about the gter
mailing list