RE: iptables segun la version del kernel

Angel Vicente Perez Sun, 17 Apr 2005 23:50:03 -0700

> y cual es el script? , envialo
> deberia de funcionar igual en ambos casos


Si, perdon, aqui va. No lo puse porque creo que no es del propio script.

#!/bin/bash
# Script para generar el firewall de XXXXXXXXXXXXXXXXXXXXX.
# Hacer copia de las reglas vigentes, antes de probar esto.
# iptables-save > fichero
# Operacion anterior

# Declaracion de variables
#exit
RUTA=`which iptables`
LAN_IF="eth0"
EXT_IF1="eth1"
EXT_IF2="ppp0"
LAN_SUBNET="192.168.1.0/24"
LAN_IP="192.168.1.175"
IF1_IP="192.168.5.190"

# Vaciado de las cadenas de la tabla filter
# Comprobar si habria que hacer lo mismo en las tablas nat y mangle
$RUTA --flush INPUT
$RUTA --flush FORWARD
$RUTA --flush OUTPUT

$RUTA -t nat --flush PREROUTING
$RUTA -t nat --flush POSTROUTING
$RUTA -t nat --flush OUTPUT

# Establecimiento de politica por defecto de las cadenas de la tabla filter
# por defecto no se permite nada
# Comprobar si hay que hacer lo mismo en las tablas nat y mangle
$RUTA -P INPUT DROP
$RUTA -P FORWARD DROP
$RUTA -P OUTPUT DROP

$RUTA -t nat -P PREROUTING DROP
$RUTA -t nat -P POSTROUTING DROP
$RUTA -t nat -P OUTPUT DROP

# Reglas de entrada a esta maquina.
# Se permiten entradas de la red interna y del loopback
$RUTA -A INPUT -s 192.168.5.190 -i lo -j ACCEPT
$RUTA -A INPUT -s 192.168.7.1 -i lo -j ACCEPT
$RUTA -A INPUT -s 192.168.10.10 -i lo -j ACCEPT
$RUTA -A INPUT -s 192.168.1.0/24 -i eth0 -j ACCEPT
$RUTA -A INPUT -s 192.9.0.0/16 -j ACCEPT
$RUTA -A INPUT -s 192.168.1.0/24 -i eth1 -j ACCEPT
$RUTA -A INPUT -s 192.168.7.0/24 -i eth2 -j ACCEPT
$RUTA -A INPUT -s 192.168.1.0/24 -i ppp0 -j ACCEPT
# Entrada desde Ulma
$RUTA -A INPUT -s 192.168.10.0/24 -i eth0 -j ACCEPT
$RUTA -A INPUT -i lo -j ACCEPT
$RUTA -A INPUT -i 127.0.0.1 -j ACCEPT
$RUTA -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
$RUTA -A INPUT -i eth0 -s 192.9.0.0/16 -m state --state
ESTABLISHED,RELATED,NEW -j ACCEPT
$RUTA -A INPUT -i eth0 -s 172.16.2.0/24 -m state --state
ESTABLISHED,RELATED,NEW -j ACCEPT
$RUTA -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$RUTA -A INPUT -i ppp0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# Reglas de salida de esta maquina
# Se permiten salidas hacia la red interna y al loopback
$RUTA -A OUTPUT -d 192.9.0.0/16 -o eth0 -j ACCEPT
$RUTA -A OUTPUT -d 172.16.2.0/24 -o eth0 -j ACCEPT
$RUTA -A OUTPUT -d 192.168.1.0/24 -o eth0 -j ACCEPT
$RUTA -A OUTPUT -d 192.168.1.0/24 -o ppp0 -j ACCEPT
# Salida hacia Ulma
$RUTA -A OUTPUT -d 192.168.10.0/24 -o eth0 -j ACCEPT
$RUTA -A OUTPUT -o eth1 -j ACCEPT
$RUTA -A OUTPUT -o eth2 -j ACCEPT
$RUTA -A OUTPUT -o ppp0 -j ACCEPT
$RUTA -A OUTPUT -o lo -j ACCEPT
$RUTA -A OUTPUT -o 127.0.0.1 -j ACCEPT

# Reglas para traspaso.
# Maquinas que esta autorizadas a traspasar en direccion a eth1
# Por si se piden informes, se hace LOG de todo lo que traspasa
# Lo que no consigue traspasar, no tiene interes.
#$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -j LOG --log-level 6
--log-prefix "Busca 2 "
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth0 -d 192.9.0.0/16 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth0 -d 172.16.2.0/24 -j ACCEPT
# Actualizacion de clamav
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 213.184.16.3 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 62.26.160.3 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 62.133.206.90 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 80.69.67.3 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 147.229.3.16 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 193.19.98.136 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 194.228.2.38 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 194.242.226.43 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 195.70.36.141 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 195.85.130.84 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 195.184.96.15 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 195.214.240.53 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 213.203.254.4 -j ACCEPT
# FORWARD a Windows update
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 207.46.249.56 -j LOG
--log-level 4 --log-prefix "Windows : "
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 207.46.249.56 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 207.46.249.57 -j LOG
--log-level 4 --log-prefix "Windows : "
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 207.46.249.57 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 207.46.134.92 -j LOG
--log-level 4 --log-prefix "Windows : "
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 207.46.134.92 -j ACCEPT
# FORWARD a internet
$RUTA -A FORWARD -s 192.168.1.1 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.1 "
$RUTA -A FORWARD -s 192.168.1.1 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.2 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.2 "
$RUTA -A FORWARD -s 192.168.1.2 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.3 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.3 "
$RUTA -A FORWARD -s 192.168.1.3 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.4 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.4 "
$RUTA -A FORWARD -s 192.168.1.4 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.6 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.6 "
$RUTA -A FORWARD -s 192.168.1.6 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.9 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.9 "
$RUTA -A FORWARD -s 192.168.1.9 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.11 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.11 "
$RUTA -A FORWARD -s 192.168.1.11 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.13 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.13 "
$RUTA -A FORWARD -s 192.168.1.13 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.14 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.14 "
$RUTA -A FORWARD -s 192.168.1.14 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.15 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.15 "
$RUTA -A FORWARD -s 192.168.1.15 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.16 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.16 "
$RUTA -A FORWARD -s 192.168.1.16 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.17 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.17 "
$RUTA -A FORWARD -s 192.168.1.17 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.18 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.18 "
$RUTA -A FORWARD -s 192.168.1.18 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.19 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.19 "
$RUTA -A FORWARD -s 192.168.1.19 -o eth1 -j ACCEPT          
$RUTA -A FORWARD -s 192.168.1.20 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.20 "
$RUTA -A FORWARD -s 192.168.1.20 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.21 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.21 "
$RUTA -A FORWARD -s 192.168.1.21 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.23 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.23 "
$RUTA -A FORWARD -s 192.168.1.23 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.24 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.24 "
$RUTA -A FORWARD -s 192.168.1.24 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.26 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.26 "
$RUTA -A FORWARD -s 192.168.1.26 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.27 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.27 "
$RUTA -A FORWARD -s 192.168.1.27 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.28 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.28 "
$RUTA -A FORWARD -s 192.168.1.28 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.29 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.29 "
$RUTA -A FORWARD -s 192.168.1.29 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.30 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.30 "
$RUTA -A FORWARD -s 192.168.1.30 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.32 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.32 "
$RUTA -A FORWARD -s 192.168.1.32 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.33 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.33 "
$RUTA -A FORWARD -s 192.168.1.33 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.34 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.34 "
$RUTA -A FORWARD -s 192.168.1.34 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.35 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.35 "
$RUTA -A FORWARD -s 192.168.1.35 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.37 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.37 "
$RUTA -A FORWARD -s 192.168.1.37 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.38 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.38 "
$RUTA -A FORWARD -s 192.168.1.38 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.39 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.39 "
$RUTA -A FORWARD -s 192.168.1.39 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.41 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.41 "
$RUTA -A FORWARD -s 192.168.1.41 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.43 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.43 "
$RUTA -A FORWARD -s 192.168.1.43 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.46 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.46 "
$RUTA -A FORWARD -s 192.168.1.46 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.47 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.47 "
$RUTA -A FORWARD -s 192.168.1.47 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.48 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.48 "
$RUTA -A FORWARD -s 192.168.1.48 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.49 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.49 "
$RUTA -A FORWARD -s 192.168.1.49 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.52 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.52 "
$RUTA -A FORWARD -s 192.168.1.52 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.53 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.53 "
$RUTA -A FORWARD -s 192.168.1.53 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.54 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.54 "
$RUTA -A FORWARD -s 192.168.1.54 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.55 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.55 "
$RUTA -A FORWARD -s 192.168.1.55 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.57 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.57 "
$RUTA -A FORWARD -s 192.168.1.57 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.61 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.61 "
$RUTA -A FORWARD -s 192.168.1.61 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.64 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.64 "   
$RUTA -A FORWARD -s 192.168.1.64 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.66 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.66 "
$RUTA -A FORWARD -s 192.168.1.66 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.68 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.68 "
$RUTA -A FORWARD -s 192.168.1.68 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.74 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.74 "
$RUTA -A FORWARD -s 192.168.1.74 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.170 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.171 -o eth1 -j LOG --log-level 6 --log-prefix
"iptables : 192.168.1.171 "
$RUTA -A FORWARD -s 192.168.1.171 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.176 -o eth1 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -d 192.168.7.0/24 -o eth2 -j ACCEPT
$RUTA -A FORWARD -s 192.168.5.0/24 -d 192.168.1.0/24 -j ACCEPT
$RUTA -A FORWARD -s 192.168.7.0/24 -d 192.168.1.0/24 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -d 192.168.10.0/24 -j ACCEPT
# Paquetes desde internet para repartir
$RUTA -A FORWARD -i eth1 -d 192.168.1.0/24 -m state --state
ESTABLISHED,RELATED -j ACCEPT
$RUTA -A FORWARD -i eth2 -d 192.168.1.0/24 -m state --state
ESTABLISHED,RELATED -j ACCEPT
$RUTA -A FORWARD -i eth0 -d 192.168.1.0/24 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
$RUTA -A FORWARD -i ppp0 -d 192.168.1.0/24 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
$RUTA -A FORWARD -o ppp0 -s 192.168.1.0/24 -d 192.168.1.170 -j ACCEPT
$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -j LOG --log-level 6 --log-prefix
"ííí ATENCION !!!"

# Regla para salir a internet
# Todo lo que esta autorizado a traspasar sale haciendo MASQUERADE
$RUTA -t nat -A PREROUTING -s 192.9.0.0/16 -d 192.168.0.1/24 -p tcp --sport
3128 -j REDIRECT --dport 80
$RUTA -t nat -A PREROUTING -s 192.168.1.0/24 -d 192.9.222.248 -p tcp --sport
80 -j DNAT --to 192.9.222.225:3128
$RUTA -t nat -A PREROUTING -s 172.16.2.0/24 -d 192.168.1.0/24 -i eth0 -j
ACCEPT
$RUTA -t nat -A PREROUTING -s 192.9.0.0/16 -i eth0 -j ACCEPT
$RUTA -t nat -A PREROUTING -s 192.168.5.0/24 -i eth1 -j ACCEPT
$RUTA -t nat -A PREROUTING -s 192.168.7.0/30 -i eth2 -j ACCEPT
$RUTA -t nat -A PREROUTING -s 192.168.1.0/24 -i eth0 -j ACCEPT
$RUTA -t nat -A PREROUTING -d 192.168.1.175 -i lo -j ACCEPT
$RUTA -t nat -A PREROUTING -d 192.168.1.175 -i 127.0.0.1 -j ACCEPT
$RUTA -t nat -A PREROUTING -s 192.168.1.170 -i ppp0 -j ACCEPT
$RUTA -t nat -A PREROUTING -s 192.168.1.0/24 -d 192.168.1.170 -j ACCEPT
#$RUTA -t nat -A PREROUTING -s 192.168.1.0/24 -d 192.168.5.0/24 -j ACCEPT
$RUTA -t nat -A PREROUTING -s localhost -d localhost -j ACCEPT
$RUTA -t nat -A PREROUTING -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
$RUTA -t nat -A PREROUTING -s 192.168.1.175 -d 192.168.1.175 -j ACCEPT
$RUTA -t nat -A PREROUTING -s 192.168.10.0/24 -i eth0 -j ACCEPT

$RUTA -t nat -A POSTROUTING -s localhost -d localhost -j ACCEPT
$RUTA -t nat -A POSTROUTING -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
$RUTA -t nat -A POSTROUTING -s 192.168.1.175 -d 192.168.1.175 -j ACCEPT
$RUTA -t nat -A POSTROUTING -s 192.9.0.0/16 -d 192.9.0.0/16 -j ACCEPT
$RUTA -t nat -A POSTROUTING -s 192.168.5.190 -d 192.168.5.190 -j ACCEPT
$RUTA -t nat -A POSTROUTING -s 192.168.7.1 -d 192.168.7.1 -j ACCEPT
$RUTA -t nat -A POSTROUTING -s 192.168.10.1 -d 192.168.10.1 -j ACCEPT
$RUTA -t nat -A POSTROUTING -s 192.168.7.0/30 -d 192.168.7.0/30 -j ACCEPT
$RUTA -t nat -A POSTROUTING -s 192.168.5.0/24 -d 192.168.5.0/24 -j ACCEPT
$RUTA -t nat -A POSTROUTING -s 192.168.1.0/24 -d 192.168.1.0/24 -o eth0 -j
ACCEPT
$RUTA -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j ACCEPT
$RUTA -t nat -A POSTROUTING -s 192.168.1.175 -o lo -j ACCEPT
$RUTA -t nat -A POSTROUTING -s 192.168.1.175 -o 127.0.0.1 -j ACCEPT
$RUTA -t nat -A POSTROUTING -s 192.168.5.0/24 -o eth1 -j ACCEPT
$RUTA -t nat -A POSTROUTING -s 192.168.7.0/30 -o eth2 -j ACCEPT
$RUTA -t nat -A POSTROUTING -s 192.168.1.0/24 -d 192.168.10.0/24 -o eth0 -j
ACCEPT
$RUTA -t nat -A POSTROUTING -d 192.9.0.0/16 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -d 172.16.2.0/24 -j MASQUERADE
# MASQUERADING para Clamav
$RUTA -t nat -A POSTROUTING -d 213.184.96.209 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -d 62.26.160.3 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -d 62.133.206.90 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -d 80.69.67.3 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -d 147.229.3.16 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -d 193.19.98.136 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -d 194.228.2.38 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -d 194.242.226.43 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -d 195.70.36.141 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -d 195.85.130.84 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -d 195.184.96.15 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -d 195.214.240.53 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -d 213.184.16.3 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -d 213.203.254.4 -j MASQUERADE
# MASQUERADING para Windows Update
$RUTA -t nat -A POSTROUTING -d 207.46.249.56 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -d 207.46.249.57 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -d 207.46.134.92 -j MASQUERADE
#$RUTA -t nat -A POSTROUTING -s 192.168.1.0/24 -d 192.9.0.0/16 -j MASQUERADE
$RUTA -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE

> 
>  
> On 4/15/05, Angel Vicente Perez <[EMAIL PROTECTED]> wrote: 
> 
>       Hola a todos....
>       
>       tengo un problema con un script de iptables, que me 
> trae de cabeza. Es un
>       script que he hecho a mano (quiero decir que no he 
> usado ninguna herramienta 
>       de generacion de scripts), y resulta que me funciona 
> fenomenal con el kernel
>       2.6.9, pero que sin embargo cuando lo lanzo desde el 
> 2.6.11, no puedo hacer
>       ping, ni interrogar a los DNS, ni nada. Estoy trazando 
> la ejecucion del 
>       script, pero no veo nada extrańo.
>       
>       żExsite algun comportamiento diferente en estos dos kernels?
>       
>       Saludos.
>       
>       
> 
> 
>

RE: iptables segun la version del kernel

Responder a