> y cual es el script? , envialo > deberia de funcionar igual en ambos casos
Si, perdon, aqui va. No lo puse porque creo que no es del propio script. #!/bin/bash # Script para generar el firewall de XXXXXXXXXXXXXXXXXXXXX. # Hacer copia de las reglas vigentes, antes de probar esto. # iptables-save > fichero # Operacion anterior # Declaracion de variables #exit RUTA=`which iptables` LAN_IF="eth0" EXT_IF1="eth1" EXT_IF2="ppp0" LAN_SUBNET="192.168.1.0/24" LAN_IP="192.168.1.175" IF1_IP="192.168.5.190" # Vaciado de las cadenas de la tabla filter # Comprobar si habria que hacer lo mismo en las tablas nat y mangle $RUTA --flush INPUT $RUTA --flush FORWARD $RUTA --flush OUTPUT $RUTA -t nat --flush PREROUTING $RUTA -t nat --flush POSTROUTING $RUTA -t nat --flush OUTPUT # Establecimiento de politica por defecto de las cadenas de la tabla filter # por defecto no se permite nada # Comprobar si hay que hacer lo mismo en las tablas nat y mangle $RUTA -P INPUT DROP $RUTA -P FORWARD DROP $RUTA -P OUTPUT DROP $RUTA -t nat -P PREROUTING DROP $RUTA -t nat -P POSTROUTING DROP $RUTA -t nat -P OUTPUT DROP # Reglas de entrada a esta maquina. # Se permiten entradas de la red interna y del loopback $RUTA -A INPUT -s 192.168.5.190 -i lo -j ACCEPT $RUTA -A INPUT -s 192.168.7.1 -i lo -j ACCEPT $RUTA -A INPUT -s 192.168.10.10 -i lo -j ACCEPT $RUTA -A INPUT -s 192.168.1.0/24 -i eth0 -j ACCEPT $RUTA -A INPUT -s 192.9.0.0/16 -j ACCEPT $RUTA -A INPUT -s 192.168.1.0/24 -i eth1 -j ACCEPT $RUTA -A INPUT -s 192.168.7.0/24 -i eth2 -j ACCEPT $RUTA -A INPUT -s 192.168.1.0/24 -i ppp0 -j ACCEPT # Entrada desde Ulma $RUTA -A INPUT -s 192.168.10.0/24 -i eth0 -j ACCEPT $RUTA -A INPUT -i lo -j ACCEPT $RUTA -A INPUT -i 127.0.0.1 -j ACCEPT $RUTA -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT $RUTA -A INPUT -i eth0 -s 192.9.0.0/16 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT $RUTA -A INPUT -i eth0 -s 172.16.2.0/24 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT $RUTA -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT $RUTA -A INPUT -i ppp0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Reglas de salida de esta maquina # Se permiten salidas hacia la red interna y al loopback $RUTA -A OUTPUT -d 192.9.0.0/16 -o eth0 -j ACCEPT $RUTA -A OUTPUT -d 172.16.2.0/24 -o eth0 -j ACCEPT $RUTA -A OUTPUT -d 192.168.1.0/24 -o eth0 -j ACCEPT $RUTA -A OUTPUT -d 192.168.1.0/24 -o ppp0 -j ACCEPT # Salida hacia Ulma $RUTA -A OUTPUT -d 192.168.10.0/24 -o eth0 -j ACCEPT $RUTA -A OUTPUT -o eth1 -j ACCEPT $RUTA -A OUTPUT -o eth2 -j ACCEPT $RUTA -A OUTPUT -o ppp0 -j ACCEPT $RUTA -A OUTPUT -o lo -j ACCEPT $RUTA -A OUTPUT -o 127.0.0.1 -j ACCEPT # Reglas para traspaso. # Maquinas que esta autorizadas a traspasar en direccion a eth1 # Por si se piden informes, se hace LOG de todo lo que traspasa # Lo que no consigue traspasar, no tiene interes. #$RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -j LOG --log-level 6 --log-prefix "Busca 2 " $RUTA -A FORWARD -s 192.168.1.0/24 -o eth0 -d 192.9.0.0/16 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -o eth0 -d 172.16.2.0/24 -j ACCEPT # Actualizacion de clamav $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 213.184.16.3 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 62.26.160.3 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 62.133.206.90 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 80.69.67.3 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 147.229.3.16 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 193.19.98.136 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 194.228.2.38 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 194.242.226.43 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 195.70.36.141 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 195.85.130.84 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 195.184.96.15 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 195.214.240.53 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 213.203.254.4 -j ACCEPT # FORWARD a Windows update $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 207.46.249.56 -j LOG --log-level 4 --log-prefix "Windows : " $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 207.46.249.56 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 207.46.249.57 -j LOG --log-level 4 --log-prefix "Windows : " $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 207.46.249.57 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 207.46.134.92 -j LOG --log-level 4 --log-prefix "Windows : " $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -d 207.46.134.92 -j ACCEPT # FORWARD a internet $RUTA -A FORWARD -s 192.168.1.1 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.1 " $RUTA -A FORWARD -s 192.168.1.1 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.2 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.2 " $RUTA -A FORWARD -s 192.168.1.2 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.3 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.3 " $RUTA -A FORWARD -s 192.168.1.3 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.4 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.4 " $RUTA -A FORWARD -s 192.168.1.4 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.6 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.6 " $RUTA -A FORWARD -s 192.168.1.6 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.9 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.9 " $RUTA -A FORWARD -s 192.168.1.9 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.11 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.11 " $RUTA -A FORWARD -s 192.168.1.11 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.13 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.13 " $RUTA -A FORWARD -s 192.168.1.13 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.14 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.14 " $RUTA -A FORWARD -s 192.168.1.14 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.15 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.15 " $RUTA -A FORWARD -s 192.168.1.15 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.16 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.16 " $RUTA -A FORWARD -s 192.168.1.16 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.17 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.17 " $RUTA -A FORWARD -s 192.168.1.17 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.18 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.18 " $RUTA -A FORWARD -s 192.168.1.18 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.19 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.19 " $RUTA -A FORWARD -s 192.168.1.19 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.20 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.20 " $RUTA -A FORWARD -s 192.168.1.20 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.21 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.21 " $RUTA -A FORWARD -s 192.168.1.21 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.23 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.23 " $RUTA -A FORWARD -s 192.168.1.23 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.24 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.24 " $RUTA -A FORWARD -s 192.168.1.24 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.26 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.26 " $RUTA -A FORWARD -s 192.168.1.26 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.27 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.27 " $RUTA -A FORWARD -s 192.168.1.27 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.28 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.28 " $RUTA -A FORWARD -s 192.168.1.28 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.29 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.29 " $RUTA -A FORWARD -s 192.168.1.29 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.30 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.30 " $RUTA -A FORWARD -s 192.168.1.30 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.32 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.32 " $RUTA -A FORWARD -s 192.168.1.32 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.33 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.33 " $RUTA -A FORWARD -s 192.168.1.33 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.34 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.34 " $RUTA -A FORWARD -s 192.168.1.34 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.35 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.35 " $RUTA -A FORWARD -s 192.168.1.35 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.37 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.37 " $RUTA -A FORWARD -s 192.168.1.37 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.38 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.38 " $RUTA -A FORWARD -s 192.168.1.38 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.39 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.39 " $RUTA -A FORWARD -s 192.168.1.39 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.41 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.41 " $RUTA -A FORWARD -s 192.168.1.41 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.43 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.43 " $RUTA -A FORWARD -s 192.168.1.43 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.46 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.46 " $RUTA -A FORWARD -s 192.168.1.46 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.47 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.47 " $RUTA -A FORWARD -s 192.168.1.47 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.48 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.48 " $RUTA -A FORWARD -s 192.168.1.48 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.49 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.49 " $RUTA -A FORWARD -s 192.168.1.49 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.52 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.52 " $RUTA -A FORWARD -s 192.168.1.52 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.53 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.53 " $RUTA -A FORWARD -s 192.168.1.53 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.54 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.54 " $RUTA -A FORWARD -s 192.168.1.54 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.55 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.55 " $RUTA -A FORWARD -s 192.168.1.55 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.57 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.57 " $RUTA -A FORWARD -s 192.168.1.57 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.61 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.61 " $RUTA -A FORWARD -s 192.168.1.61 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.64 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.64 " $RUTA -A FORWARD -s 192.168.1.64 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.66 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.66 " $RUTA -A FORWARD -s 192.168.1.66 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.68 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.68 " $RUTA -A FORWARD -s 192.168.1.68 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.74 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.74 " $RUTA -A FORWARD -s 192.168.1.74 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.170 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.171 -o eth1 -j LOG --log-level 6 --log-prefix "iptables : 192.168.1.171 " $RUTA -A FORWARD -s 192.168.1.171 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.176 -o eth1 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -d 192.168.7.0/24 -o eth2 -j ACCEPT $RUTA -A FORWARD -s 192.168.5.0/24 -d 192.168.1.0/24 -j ACCEPT $RUTA -A FORWARD -s 192.168.7.0/24 -d 192.168.1.0/24 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -d 192.168.10.0/24 -j ACCEPT # Paquetes desde internet para repartir $RUTA -A FORWARD -i eth1 -d 192.168.1.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT $RUTA -A FORWARD -i eth2 -d 192.168.1.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT $RUTA -A FORWARD -i eth0 -d 192.168.1.0/24 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $RUTA -A FORWARD -i ppp0 -d 192.168.1.0/24 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $RUTA -A FORWARD -o ppp0 -s 192.168.1.0/24 -d 192.168.1.170 -j ACCEPT $RUTA -A FORWARD -s 192.168.1.0/24 -o eth1 -j LOG --log-level 6 --log-prefix "ííí ATENCION !!!" # Regla para salir a internet # Todo lo que esta autorizado a traspasar sale haciendo MASQUERADE $RUTA -t nat -A PREROUTING -s 192.9.0.0/16 -d 192.168.0.1/24 -p tcp --sport 3128 -j REDIRECT --dport 80 $RUTA -t nat -A PREROUTING -s 192.168.1.0/24 -d 192.9.222.248 -p tcp --sport 80 -j DNAT --to 192.9.222.225:3128 $RUTA -t nat -A PREROUTING -s 172.16.2.0/24 -d 192.168.1.0/24 -i eth0 -j ACCEPT $RUTA -t nat -A PREROUTING -s 192.9.0.0/16 -i eth0 -j ACCEPT $RUTA -t nat -A PREROUTING -s 192.168.5.0/24 -i eth1 -j ACCEPT $RUTA -t nat -A PREROUTING -s 192.168.7.0/30 -i eth2 -j ACCEPT $RUTA -t nat -A PREROUTING -s 192.168.1.0/24 -i eth0 -j ACCEPT $RUTA -t nat -A PREROUTING -d 192.168.1.175 -i lo -j ACCEPT $RUTA -t nat -A PREROUTING -d 192.168.1.175 -i 127.0.0.1 -j ACCEPT $RUTA -t nat -A PREROUTING -s 192.168.1.170 -i ppp0 -j ACCEPT $RUTA -t nat -A PREROUTING -s 192.168.1.0/24 -d 192.168.1.170 -j ACCEPT #$RUTA -t nat -A PREROUTING -s 192.168.1.0/24 -d 192.168.5.0/24 -j ACCEPT $RUTA -t nat -A PREROUTING -s localhost -d localhost -j ACCEPT $RUTA -t nat -A PREROUTING -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT $RUTA -t nat -A PREROUTING -s 192.168.1.175 -d 192.168.1.175 -j ACCEPT $RUTA -t nat -A PREROUTING -s 192.168.10.0/24 -i eth0 -j ACCEPT $RUTA -t nat -A POSTROUTING -s localhost -d localhost -j ACCEPT $RUTA -t nat -A POSTROUTING -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT $RUTA -t nat -A POSTROUTING -s 192.168.1.175 -d 192.168.1.175 -j ACCEPT $RUTA -t nat -A POSTROUTING -s 192.9.0.0/16 -d 192.9.0.0/16 -j ACCEPT $RUTA -t nat -A POSTROUTING -s 192.168.5.190 -d 192.168.5.190 -j ACCEPT $RUTA -t nat -A POSTROUTING -s 192.168.7.1 -d 192.168.7.1 -j ACCEPT $RUTA -t nat -A POSTROUTING -s 192.168.10.1 -d 192.168.10.1 -j ACCEPT $RUTA -t nat -A POSTROUTING -s 192.168.7.0/30 -d 192.168.7.0/30 -j ACCEPT $RUTA -t nat -A POSTROUTING -s 192.168.5.0/24 -d 192.168.5.0/24 -j ACCEPT $RUTA -t nat -A POSTROUTING -s 192.168.1.0/24 -d 192.168.1.0/24 -o eth0 -j ACCEPT $RUTA -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j ACCEPT $RUTA -t nat -A POSTROUTING -s 192.168.1.175 -o lo -j ACCEPT $RUTA -t nat -A POSTROUTING -s 192.168.1.175 -o 127.0.0.1 -j ACCEPT $RUTA -t nat -A POSTROUTING -s 192.168.5.0/24 -o eth1 -j ACCEPT $RUTA -t nat -A POSTROUTING -s 192.168.7.0/30 -o eth2 -j ACCEPT $RUTA -t nat -A POSTROUTING -s 192.168.1.0/24 -d 192.168.10.0/24 -o eth0 -j ACCEPT $RUTA -t nat -A POSTROUTING -d 192.9.0.0/16 -j MASQUERADE $RUTA -t nat -A POSTROUTING -d 172.16.2.0/24 -j MASQUERADE # MASQUERADING para Clamav $RUTA -t nat -A POSTROUTING -d 213.184.96.209 -j MASQUERADE $RUTA -t nat -A POSTROUTING -d 62.26.160.3 -j MASQUERADE $RUTA -t nat -A POSTROUTING -d 62.133.206.90 -j MASQUERADE $RUTA -t nat -A POSTROUTING -d 80.69.67.3 -j MASQUERADE $RUTA -t nat -A POSTROUTING -d 147.229.3.16 -j MASQUERADE $RUTA -t nat -A POSTROUTING -d 193.19.98.136 -j MASQUERADE $RUTA -t nat -A POSTROUTING -d 194.228.2.38 -j MASQUERADE $RUTA -t nat -A POSTROUTING -d 194.242.226.43 -j MASQUERADE $RUTA -t nat -A POSTROUTING -d 195.70.36.141 -j MASQUERADE $RUTA -t nat -A POSTROUTING -d 195.85.130.84 -j MASQUERADE $RUTA -t nat -A POSTROUTING -d 195.184.96.15 -j MASQUERADE $RUTA -t nat -A POSTROUTING -d 195.214.240.53 -j MASQUERADE $RUTA -t nat -A POSTROUTING -d 213.184.16.3 -j MASQUERADE $RUTA -t nat -A POSTROUTING -d 213.203.254.4 -j MASQUERADE # MASQUERADING para Windows Update $RUTA -t nat -A POSTROUTING -d 207.46.249.56 -j MASQUERADE $RUTA -t nat -A POSTROUTING -d 207.46.249.57 -j MASQUERADE $RUTA -t nat -A POSTROUTING -d 207.46.134.92 -j MASQUERADE #$RUTA -t nat -A POSTROUTING -s 192.168.1.0/24 -d 192.9.0.0/16 -j MASQUERADE $RUTA -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE > > > On 4/15/05, Angel Vicente Perez <[EMAIL PROTECTED]> wrote: > > Hola a todos.... > > tengo un problema con un script de iptables, que me > trae de cabeza. Es un > script que he hecho a mano (quiero decir que no he > usado ninguna herramienta > de generacion de scripts), y resulta que me funciona > fenomenal con el kernel > 2.6.9, pero que sin embargo cuando lo lanzo desde el > 2.6.11, no puedo hacer > ping, ni interrogar a los DNS, ni nada. Estoy trazando > la ejecucion del > script, pero no veo nada extraño. > > ¿Exsite algun comportamiento diferente en estos dos kernels? > > Saludos. > > > > >