segunda-feira, 16 de novembro de 2009

PROJETO REDES DMZ

echo "PROJETO REDES DMZ"

echo "Configurando placas de rede"

ifconfig eth0 10.0.0.1/24 up
ifconfig eth3 192.168.0.1/24 up


echo "Habilitando passagem de pacotes!"

echo 1 > /proc/sys/net/ipv4/ip_forward

echo "Carregando os módulos necessários"

modprobe ip_tables
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe iptable_nat
modprobe ip_nat_ftp
modprobe ipt_MASQUERADE

echo "Limpando as regras"

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X

echo "Definindo políticas padrão"

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEP
iptables -P OUTPUT ACCEPT

echo "Definindo regras para lo"

iptables -A INPUT -i lo -j ACCEPT

echo "UDP"

iptables -A INPUT -p udp --dport 67:68 -j ACCEPT
iptables -A INPUT -p udp --dport 137:138 -j ACCEPT
iptables -A INPUT -p udp --sport 67:68 -j ACCEPT
iptables -A INPUT -p udp --sport 137:138 -j ACCEPT
iptables -A OUTPUT -p udp --dport 67:68 -j ACCEPT
iptables -A OUTPUT -p udp --dport 137:138 -j ACCEPT
iptables -A OUTPUT -p udp --sport 67:68 -j ACCEPT
iptables -A OUTPUT -p udp --sport 137:138 -j ACCEPT

echo "Definindo regras de retorno de INPUT"
                        
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

echo "Pingando entre redes"

iptables -A FORWARD -i eth0 -o eth3 -s 10.0.0.0/24 -d 192.168.0.0/24 -p icmp -j ACCEPT
iptables -A FORWARD -i eth3 -o eth0 -s 192.168.0.0/24 -d 10.0.0.0/24 -p icmp -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT

echo "Protocolos Liberados"

iptables -A FORWARD -s 192.168.0.0/24 -d 10.0.0.0/24 -j ACCEPT
iptables -A FORWARD -s 10.0.0.0/24  -d 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -s 10.0.0.0/24 -d 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -d 10.0.0.0/24 -s 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24  -d 10.0.0.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24  -s 10.0.0.0/24 -j ACCEPT

echo " Aceitando os INPUT,OUTPUT,FORWARD"

iptables -A INPUT -j ACCEPT
iptables -A OUTPUT -j ACCEPT
iptables -A FORWARD -j ACCEPT

echo "LOGS DE CONEXÂO"

iptables -A FORWARD -j LOG --log-prefix "AVANCO "
iptables -A INPUT -j LOG --log-prefix "ENTRADA "
iptables -A OUTPUT -j LOG --log-prefix "SAIDA "
Postado por às

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)