You are on page 1of 3

#!

/bin/bash

# variaveis/constantes

IPTABLES="/sbin/iptables"

### limpando tabela filter

$IPTABLES -t filter -F
$IPTABLES -t filter -P INPUT ACCEPT
$IPTABLES -t filter -P OUTPUT ACCEPT
$IPTABLES -t filter -P FORWARD ACCEPT
$IPTABLES -t filter -X

### limpando tabela nat

$IPTABLES -t nat -F
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -X

### limpando tabela mangle

$IPTABLES -t mangle -F
$IPTABLES -t mangle -P PREROUTING ACCEPT

$IPTABLES -t mangle -P INPUT ACCEPT


$IPTABLES -t mangle -P FORWARD ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT
$IPTABLES -t mangle -P POSTROUTING ACCEPT
$IPTABLES -t mangle -X

### ativando ip forward

echo 1 > /proc/sys/net/ipv4/ip_forward

### Fazendo redirecionamento para servidores na rede interna

# tratando a ida
$IPTABLES -t nat -A PREROUTING -i eth2 -d 200.252.xxx.xxx -p tcp -m tcp
--dport 80 -j DNAT --to-destination 10.1.0.20:80

# tratando a volta
$IPTABLES -t mangle -A PREROUTING -i eth0 -s 10.1.0.20 -p tcp --sport 80 -j
MARK --set-mark 1

### Marcando pacotes que serao direcionados para tabela


BALANCEAMENTO

# especificando uma maquina da rede para usar balanceamento


$IPTABLES -A PREROUTING -t mangle -s 10.1.0.100/32 -d 0/0 -j MARK --setmark 2

# Mascarando conexoes

$IPTABLES -t nat -A POSTROUTING -s 10.1.0.20/24 -j MASQUERADE


$IPTABLES -t nat -A POSTROUTING -s 10.1.0.100/24 -j MASQUERADE