Re: [ml] Problema con Iptables

Questo è il nuovo script...
...va un po' meglio?
Ancora grazie mille...
Michele

#!/bin/bash

LAN=eth0
INET=eth1

modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians

iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# INPUT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT          -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT          -p tcp --sport 20 -m state --state RELATED -j 
ACCEPT
iptables -A INPUT          -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -i $INET -p tcp --dport 22 -j ULOG --ulog-nlgroup 1 
--ulog-prefix="SSH: "
iptables -A INPUT          -p tcp --dport 22 -j ACCEPT
iptables -A INPUT          -p tcp --dport 80 -j ACCEPT
iptables -A INPUT          -p tcp --dport 81 -j ACCEPT
iptables -A INPUT -i $INET -p tcp --dport 9898 -j ULOG --ulog-nlgroup 1 
--ulog-prefix="WEBMIN: "
iptables -A INPUT          -p tcp --dport 9898 -j ACCEPT
iptables -A INPUT          -p tcp -m tcp --sport 1024:65535 --dport 
20:21 -m state --state NEW -j ACCEPT
iptables -A INPUT -i $INET -p tcp --dport 1220 -j ULOG --ulog-nlgroup 1 
--ulog-prefix="DARWIN: "
iptables -A INPUT          -p tcp --dport 1220 -j ACCEPT
iptables -A INPUT          -p tcp --dport 554 -j ACCEPT
iptables -A INPUT          -p udp --dport 1024:65533 -j ACCEPT

# FORWARD
iptables -A FORWARD -i $INET -o $LAN -p tcp --dport 143  -j ACCEPT
iptables -A FORWARD -i $INET -o $LAN -m state --state 
ESTABLISHED,RELATED -j ACCEPT

# NAT
iptables -t nat -A PREROUTING -p tcp -i $INET --dport 143 -j DNAT 
--to-destination 192.168.0.3