Pessoal, minha duvida é assim.
Tenho uma rede aqui na empresa com dois servidores. Um deles é o Windows 2003 Server rodando como servidor de dominio, já o outro esta rolando linux com squid + iptable.
Estou tentando ligar outra estação da trabalho, porem ela tem acesso total a rede, mas não a internet. Na configuração do squid já coloquei entre as maquinas com acesso a internet. Acho que já tentei bastante coisas, mas não consegui. Imagino que deve ser uma besteira que acabei não percebendo, por isso vou deixar aqui as configurações e ver se alguém olhando de fora possa ver.
iptables
#!/bin/bash
###################### Escrevendo um firewall feito para o servidor ######################
###################### Apagando qualquer regra existente ######################
iptables -t filter -F
iptables -t nat -F
iptables -t mangle -F
###################### Apagando regras de terceiros ######################
iptables -t nat -X
iptables -t filter -X
iptables -t mangle -X
iptables -F
###################### Compartilhar uma conexão da internet utilizando duas placas de rede ######################
# eth1 => placa ligada no Speedy / Virtua
# eth0 => placa ligada a rede com ip 192.168.0.1
# ppp0 => tipo de conexao PPOE
#-- Carrega Modulos do Iptables
modprobe ip_tables
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_nat_ftp
modprobe ipt_REJECT
modprobe ipt_MASQUERADE
# -- Habilitando o repasse entre as placas de rede --
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 20 -s 192.168.0.111 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 21 -s 192.168.0.111 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
#### Variaveis para facilitar ######
IF_EXTERNA=eth1
IF_INTERNA=eth0
PORTAS_VNC=5900
#Protege contra os "Ping of Death"
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
#Protege contra os ataques do tipo "Syn-flood, DoS, etc
iptables -A FORWARD -p tcp -m limit --limit 1/s -j ACCEPT
#Permitir repassamento (NAT,DNAT,SNAT) de pacotes estabilizados e os relatados ...
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#Logar os pacotes mortos por inatividade ...
#iptables -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG
#Protege contra port scanners avancados (Ex.: nmap)
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
#Protege contra pacotes que podem procurar e obter informações da rede interna ...
iptables -A FORWARD --protocol tcp --tcp-flags ALL SYN,ACK -j DROP
#ICMP
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp --dport 111 -j ACCEPT
iptables -A INPUT -p udp --dport 111 -j ACCEPT
###################### LIBERACAO DE PORTAS GERAIS MAIS COMUNS ##########################
## OUTLOOK
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 25 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 110 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 110 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 587 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 587 -j ACCEPT
## E-MAILS IMAP
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 143 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -s 63.13.161.0/24 -p tcp --dport 443 -j DROP
iptables -A INPUT -d o.imo.im -p tcp --dport 443 -j DROP
iptables -A INPUT -d imo.im -p tcp --dport 443 -j REJECT
#####Liberar portas Gmail/Outlook####
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 995 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 465 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 995 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 465 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0 -p tcp --dport 1863 -j REJECT
iptables -A FORWARD -s 192.168.1.0 -d loginnet.passport.com -j REJECT
iptables -A FORWARD -s 198.168.1.0/24 -d messenger.hotmail.com -j REJECT
iptables -A FORWARD -s 198.168.1.0/24 -d webmessenger.msn.com -j REJECT
iptables -A FORWARD -p tcp --dport 1080 -j DROP
iptables -A FORWARD -s 198.168.1.0/24 -p tcp --dport 1080 -j REJECT
iptables -A FORWARD -s 198.168.1.0/24 -d imo.im -j REJECT
## VNC E ULTRAVNC - liberar porta
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp -m multiport --dport $PORTAS_VNC -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -d 192.168.0.0/24 -p tcp -m multiport --dport $PORTAS_VNC -j ACCEPT
## REMOTE DESKTOP E ACESSO REMOTO - liberar porta 3389 ######
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 3389 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -d 192.168.0.0/24 -p tcp --dport 3389 -j ACCEPT
## SSH liberar porta #####
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 22 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -d 192.168.0.0/24 -p tcp --dport 22 -j ACCEPT
## VPN liberar porta #####
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 1701 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -d 192.168.0.0/24 -p tcp --dport 1701 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 1723 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -d 192.168.0.0/24 -p tcp --dport 1723 -j ACCEPT
## "Liberar porta para apache"
iptables -A INPUT -p tcp --destination-port 80 -j ACCEPT
## HTTPS - Liberar Porta ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 443 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -d 192.168.0.0/24 -p tcp --dport 443 -j ACCEPT
## SERVIDOR DNS - Liberar Porta##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p udp --dport 53 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -d 192.168.0.0/24 -p tcp --dport 53 -j ACCEPT
## FTP - Liberar Porta ##
iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 20 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 21 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 20 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -d 192.168.0.0/24 -p tcp --dport 20 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 21 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -d 192.168.0.0/24 -p tcp --dport 21 -j ACCEPT
iptables -I INPUT 1 -j ACCEPT -p 20
iptables -I OUTPUT 1 -j ACCEPT -p 20
iptables -I INPUT 1 -j ACCEPT -p 21
iptables -I OUTPUT 1 -j ACCEPT -p 21
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -p udp --dport 21 -j ACCEPT
iptables -A INPUT -p udp --dport 20 -j ACCEPT
iptables -A OUTPUT -p udp --dport 21 -j ACCEPT
iptables -A OUTPUT -p udp --dport 20 -j ACCEPT
iptables -A FORWARD -p udp --dport 21 -j ACCEPT
iptables -A FORWARD -p udp --dport 20 -j ACCEPT
# Liberar rede virtual privada - VPN
iptables -A INPUT -j ACCEPT -p tcp --dport 1701
iptables -A INPUT -j ACCEPT -p tcp --dport 1723
iptables -A INPUT -i $IF_EXTERNA -s 0/0 -d 0/0 -p 43 -j ACCEPT
iptables -A INPUT -i eth1 -s 0/0 -d 0/0 -p 43 -j ACCEPT
iptables --append INPUT --protocol 47 --jump ACCEPT
iptables --append INPUT --protocol tcp --match tcp --destination-port 1723 --jump ACCEPT
iptables -A FORWARD -i $IF_EXTERNA -j ACCEPT
iptables -A FORWARD -o $IF_EXTERNA -j ACCEPT
### Liberar Bit Torrent ####
iptables -A FORWARD -o $IF_EXTERNA -p tcp --dport 6881:6889 -j ACCEPT
iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 6881:6889 -j DNAT --to-dest 192.168.0.240
iptables -A FORWARD -p tcp -i $IF_EXTERNA --dport 6881:6889 -d 192.168.0.240 -j ACCEPT
iptables -t nat -A PREROUTING -i $IF_EXTERNA -p udp --dport 6881:6889 -j DNAT --to-dest 192.168.0.240
iptables -A FORWARD -p udp -i $IF_EXTERNA --dport 6881:6889 -d 192.168.0.240 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 6881 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 6882 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 6883 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 6884 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 6885 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 6886 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 6887 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 6888 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 6889 -j ACCEPT
########## LIBERAR LOGMEIN #################
#iptables -A FORWARD -d www.logmein.com -j ACCEPT
#iptables -A FORWARD -d secure.logmein.com -j ACCEPT
#iptables -A FORWARD -p tcp --dport 2002 -j ACCEPT
#iptables -A FORWARD -d 69.209.251.0/24 -j ACCEPT
#iptables -A FORWARD -s 69.209.251.0/24 -j ACCEPT
#iptables -A FORWARD -d asterisk.app01.logmein.com -j ACCEPT
#iptables -A FORWARD -d asterisk.app02.logmein.com -j ACCEPT
#iptables -A FORWARD -d asterisk.app03.logmein.com -j ACCEPT
#iptables -A FORWARD -d asterisk.app04.logmein.com -j ACCEPT
#iptables -A FORWARD -d asterisk.app05.logmein.com -j ACCEPT
#iptables -A FORWARD -d asterisk.app06.logmein.com -j ACCEPT
########## LIBERAR KITMAR #################
iptables -A FORWARD -d www.maritima.com.br -j ACCEPT
iptables -A FORWARD -d kitmar.maritima.com.br -j ACCEPT
iptables -A FORWARD -s kitmar.maritima.com.br -j ACCEPT
iptables -A FORWARD -d 200.185.135.0/24 -j ACCEPT
iptables -A FORWARD -s 200.185.135.0/24 -j ACCEPT
iptables -A FORWARD -d kitmar3.maritima.com.br -j ACCEPT
iptables -A FORWARD -d kitmar2.maritima.com.br -j ACCEPT
############# LIBERACAO DE PORTAS ESPECIFICAS ###############
### BANCO REAL - Liberar Portas
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 4675 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 4675 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 4976 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 4976 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 443 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 443 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 1992 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 1992 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 4977 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 4977 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 4074 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 4074 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 5004 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 5004 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p udp --dport 5060 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p udp --dport 5060 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p udp --dport 5062 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p udp --dport 5062 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p udp --dport 5004 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p udp --dport 5004 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 3306 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 3306 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 4137 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 4137 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p udp --dport 4137 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p udp --dport 4137 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p udp --dport 8443 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p udp --dport 8443 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 8443 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 8443 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p udp --dport 34000:65000 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p udp --dport 34000:65000 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 5060 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 5062 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 5004 -j ACCEPT
iptables -A OUTPUT -d 192.168.0.0/24 -p tcp --dport 5060 -j ACCEPT
iptables -A OUTPUT -d 192.168.0.0/24 -p tcp --dport 5062 -j ACCEPT
iptables -A OUTPUT -d 192.168.0.0/24 -p tcp --dport 5004 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 8008 -j ACCEPT
iptables -A OUTPUT -d 192.168.0.0/24 -p tcp --dport 8008 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p udp --dport 5060 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p udp --dport 5062 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p udp --dport 5004 -j ACCEPT
iptables -A OUTPUT -d 192.168.0.0/24 -p udp --dport 5060 -j ACCEPT
iptables -A OUTPUT -d 192.168.0.0/24 -p udp --dport 5062 -j ACCEPT
iptables -A OUTPUT -d 192.168.0.0/24 -p udp --dport 5004 -j ACCEPT
iptables -A INPUT -d 192.168.0.0/24 -p udp --dport 30000:65000 -j ACCEPT
iptables -A OUTPUT -d 192.168.0.0/24 -p udp --dport 30000:65000 -j ACCEPT
## liberacao da porta 211 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 211 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 211 -j ACCEPT
## liberacao da porta 220 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 220 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 220 -j ACCEPT
## liberacao da porta 6000 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 6000 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 6000 -j ACCEPT
## liberacao da porta 5900 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 5900 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 5900 -j ACCEPT
## liberacao da porta 5060 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 5060 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 5060 -j ACCEPT
## liberacao da porta 5062 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 5062 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 5062 -j ACCEPT
## liberacao da porta 5500 ##
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 5500 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 5500 -j ACCEPT
### SPTRANS - Liberar Porta 809
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 809 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -d 200.189.189.94 -p tcp --dport 809 -j ACCEPT
### Portas Especificas
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 2020 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 2020 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 2023 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 2023 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 2010 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 2010 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 2021 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 2021 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 3110 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 3110 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 3210 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 3210 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 3310 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 3310 -j ACCEPT
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 8080 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 8080 -j ACCEPT
## LIBERAR PORTA VIVO GESTAO ####
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 7003 -o $IF_EXTERNA
iptables -A FORWARD -s 192.168.0.0/24 -d 192.168.0.0/24 -p tcp --dport 7003 -j ACCEPT
## CAMERAS GEOVISION 3550 ###
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 3550 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 4550 -o $IF_EXTERNA
iptables -I POSTROUTING -j MASQUERADE -t nat -s 192.168.0.0/24 -p tcp --dport 5550 -o $IF_EXTERNA
## BANCO CENTRAL
#iptables -I POSTROUTING -j MASQUERADE -t nat -s $IP -p tcp --dport 5024 -o $EXTERNAL
#iptables -I POSTROUTING -j MASQUERADE -t nat -s $IP -p tcp --dport 1024 -o $EXTERNAL
## Porta 3007 associacao comercial
#iptables -I POSTROUTING -j MASQUERADE -t nat -p tcp --dport 3007 -o $IF_EXTERNA
## SUFRAMA
#iptables -I POSTROUTING -j MASQUERADE -t nat -p tcp --dport 7778 -o $IF_EXTERNA
#iptables -I POSTROUTING -j MASQUERADE -t nat -p udp --dport 7778 -o $IF_EXTERNA
#Intranets porta 8080
#iptables -I POSTROUTING -j MASQUERADE -t nat -s $IP -p tcp --dport 8080 -o $EXTERNAL
#CONECTIVIDADE CAIXA ECONOMICA
#iptables -I POSTROUTING -j MASQUERADE -t nat -s $IP -p tcp -d 200.201.174.207 --dport 80 -o $EXTERNAL
#
#CPANEL
#iptables -I POSTROUTING -j MASQUERADE -t nat -s $IP -p tcp --dport 2082 -o $EXTERNAL
## LIBERACAO DA PORTA 5617
iptables -I POSTROUTING -j MASQUERADE -t nat -p tcp --dport 5617 -o $IF_EXTERNA
###################### REDIRECIONAMENTO DE PORTAS ##################
#### SSH redirecionar porta #####
iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 22 -j DNAT --to 192.168.0.1
## VPN redirecionar porta
iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 1701 -j DNAT --to 192.168.0.10
iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 1723 -j DNAT --to 192.168.0.10
iptables -t nat -A PREROUTING -i $IF_EXTERNA -p 47 -j DNAT --to 192.168.0.10
## VNC redirecionar porta
iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 5900 -j DNAT --to 192.168.0.10
## Remote Desktop #######
iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 3389 -j DNAT --to-destination 192.168.0.1:3389
iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 8008 -j DNAT --to-destination 192.168.0.1:8008
iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 443 -j DNAT --to-destination 192.168.0.1:8008
iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 5000 -j DNAT --to-destination 192.168.0.112:3389
iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 4444 -j DNAT --to-destination 192.168.0.112:5900
iptables -t nat -A PREROUTING -i $IF_EXTERNA -p tcp --dport 4445 -j DNAT --to-destination 192.168.0.112:5800