Olá pessoal;
instalei o iptables com o comando apt-get
ativei o mobulo com o comando modprobe ip_tables
depois usei o chkconfig --add iptables
e adicionei um script em /etc/init.d/ o qual é esse:
############################################################################
#! /bin/sh
# description: Inicialização do iptables
#
# chkconfig: 2345 80 30
# processname: iptables
# pidfile: /var/run/iptabless.pid
. /etc/rc.d/init.d/functions
. /etc/sysconfig/network
if [ ${NETWORKING} = "no" ]
then
exit 0
fi
case "$1" in
start)
gprintf "Iniciando o serviço de %s: " "IPtables"
echo
echo 1 > /proc/sys/net/ipv4/ip_forward
/usr/sbin/iptables -t filter -P INPUT DROP
/usr/sbin/iptables -t filter -A INPUT -j ACCEPT -i lo
/usr/sbin/iptables -t filter -A FORWARD -j ACCEPT -m state\
--state ESTABLISHED,RELATED
/usr/sbin/iptables -t filter -A INPUT -j ACCEPT -m state\
--state ESTABLISHED,RELATED
/usr/sbin/iptables -t filter -A FORWARD -j ACCEPT -m state\
NEW -p tcp --dport http
/usr/sbin/iptables -t filter -A FORWARD -j ACCEPT -m state\
NEW -p tcp --dport auth
/usr/sbin/iptables -t filter -A FORWARD -j REJECT
/usr/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE -o ppp0
/usr/sbin/iptables -t nat -A PREROUTING -j DNAT --to-dest \
192.168.1.200 -i ppp0 -p tcp --dport 80
;;
stop)
gprintf "Parando o serviço de %s: " "IPtables"
echo
/usr/sbin/iptables -F
;;
*)
gprintf "Uso: iptables (start|stop)"
echo
;;
esac
exit 0
###########################################################################################################################
ao executar o comando [EMAIL PROTECTED] init.d]# service iptables start
obtenho essa resposta
Iniciando o serviço de IPtables:
iptables v1.2.9: Couldn't load match `state
':/usr/lib/iptables/libipt_state .so: cannot open shared object file:
No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
/etc/init.d/iptables: line 26: --state: command not found
Bad argument `NEW'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `NEW'
Try `iptables -h' or 'iptables --help' for more information.
[EMAIL PROTECTED] sysconfig]# cat /etc/sysctl.conf |more
# If active, enablles IPv4 packet forwarding
net.ipv4.ip_forward = 1
naum faço ideia do que pode ser, jah confiri com a digitação e
diretorios e naum funciona, nem um ping par o lo funciona
somente desinstalando o iptables volta a pingar e a maq fica mais
rapida. A unica coisa que percebi, tb naum sei como resolver isso, foi
que na linha :
iptables v1.2.9: Couldn't load match `state
':/usr/lib/iptables/libipt_state .so: cannot open shared object file:
No such file or directory
o arquivo la nao tem espaço, ou seja esta assim lá:
/usr/lib/iptables/libipt_state.so e naum /usr/lib/iptables/libipt_state .so
[EMAIL PROTECTED] init.d]# cat /etc/sysconfig/network
NETWORKING=yes
# FORWARD_IPV4=yes # not used anymore. see /etc/sysctl.conf
HOSTNAME="personal.localdomain"
GATEWAY=192.168.1.1
GATEWAYDEV=eth0
se alguem puder me dar uma dica do que pode ser, fico muito grato, uso
o cl10 rodando o samba, dhcp , squid e agora tentando rodar o iptables
pra fazer nat.
té mais.
---------------------------------------------------------------------------
Esta lista é patrocinada pela Conectiva S.A. Visite http://www.conectiva.com.br
Arquivo: http://bazar2.conectiva.com.br/mailman/listinfo/linux-br
Regras de utilização da lista: http://linux-br.conectiva.com.br
FAQ: http://www.zago.eti.br/menu.html
