OK minha
# /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
echo 1 > /proc/sys/net/conf/default/rp_filter
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --syn -j DROP
iptables -A INPUT -p -tcp --dport 3128 -j ACCEPT
#liberar portas
# iptables -A INPUT -p -tcp --dport XX -j ACCEPT
exit 0
#/etc/default/isc-dhcp-server
# Defaults for isc-dhcp-server initscript
# sourced by /etc/init.d/isc-dhcp-server
# installed at /etc/default/isc-dhcp-server by the maintainer scripts
#
# This is a POSIX shell fragment
#
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPD_CONF=/etc/dhcp/dhcpd.conf
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPD_PID=/var/run/dhcpd.pid
# Additional options to start dhcpd with.
# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES="eth0"
#/etc/dhcp/dhcpd.conf
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.11 192.168.1.245;
option routers 192.168.1.1;
option domain-name-servers 192.168.1.2 , 208.67.222.222 , 208.67.220.220;
option netbios-name-servers 192.168.1.254;
option broadcast-address 192.168.1.255;
}
Bom esses são meus codigos do DHCP e da rede sou novo nesse mundo de servidores linux, queria saber onde coloca a porta a ser aberta e redirecionar ao IP correto, como expliquei a cima!
Eu fiz essa configuração no #etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
echo 1 > /proc/sys/net/conf/default/rp_filter
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --syn -j DROP
#liberar portas
iptables -A INPUT -p -tcp --dport 3333 -j ACCEPT
iptables -A INPUT -p -tcp --dport 1234 -j ACCEPT
iptables -A INPUT -p -tcp --dport 2000 -j ACCEPT
iptables -A INPUT -p -udp --dport 3333 -j ACCEPT
iptables -A INPUT -p -udp --dport 1234 -j ACCEPT
iptables -A INPUT -p -udp --dport 2000 -j ACCEPT
#Redirecionamento de portas
iptables -t nat -A PREROUTING -p tcp --dport 2000 -j DNAT --to 192.168.1.11:2000
iptables -t nat -A PREROUTING -p udp --dport 2000 -j DNAT --to 192.168.1.11:2000
iptables -t nat -A PREROUTING -p tcp --dport 1234 -j DNAT --to 192.168.1.2:1234
iptables -t nat -A PREROUTING -p udp --dport 1234 -j DNAT --to 192.168.1.2:1234
iptables -t nat -A PREROUTING -p tcp --dport 3333 -j DNAT --to 192.168.1.2:3333
iptables -t nat -A PREROUTING -p udp --dport 3333 -j DNAT --to 192.168.1.2:3333
é assim?