Boas.
Venho revelar aqui alguns segredos, já que debian nos tem revelado todo o seu codigo fonte...
temos definido o 192.168.2.10 como gateway, e nele temos:
--
root@gateway:~# crontab -l
# m h dom mon dow command
# MRTG
0-55/5 * * * * env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg >> /var/log/mrtg/mrtg.log 2>&1;
01-56/5 * * * * env LANG=C /usr/bin/mrtg /etc/mrtg/mem.cfg >> /var/log/mrtg/mem.log 2>&1;
# DDCLIENT
*/20 * * * * bash /usr/local/bin/update-ip >> /var/log/ddclient/update-ip.log 2>&1;
# GATEWAY
@reboot /usr/local/bin/gateway >> /var/log/gateway/gateway.log 2>&1;
--
root@gateway:~# cat /usr/local/bin/gateway
#!/bin/sh
PATH=/usr/sbin:/sbin:/bin:/usr/bin
#
# delete all existing rules.
#
iptables -F;
iptables -t nat -F;
iptables -t mangle -F;
iptables -X;
# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT;
# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT;
iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT;
iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT;
# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT;
# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE;
# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth1 -o eth1 -j REJECT;
# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward;
###########
## Squid ##
###########
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3129;
###########
## Proxy ##
###########
ip route del 10.100.100.0/24;
ip route add 10.100.100.0/24 dev eth0 via 192.168.2.253;
--
root@gateway:~# cat /usr/local/bin/ARtelecom
#!/bin/sh
PATH=/usr/sbin:/sbin:/bin:/usr/bin
#
# delete all existing rules.
#
iptables -F;
iptables -t nat -F;
iptables -t mangle -F;
iptables -X;
# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT;
# Allow established connections, and those not coming from the outside
#iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
#iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow outgoing connections from the LAN side.
#iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
# Masquerade.
#iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# Don't forward from the outside to the inside.
#iptables -A FORWARD -i eth1 -o eth1 -j REJECT
# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward;
route del default;
route add default gw 192.168.2.253;
###########
## Squid ##
###########
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3129;
echo -e "Ligacao alterada para ARtelecom\nVamos testar:\n";
#IP=`curl checkip.dyndns.org |cut -d " " -f 6|cut -d "<" -f 1`;
IP=`lynx --dump checkip.dyndns.org|head -n 1|cut -d " " -f 7`;
echo "IP externo: $IP";
--
root@gateway:~# cat /usr/local/bin/Vodafone
#!/bin/sh
PATH=/usr/sbin:/sbin:/bin:/usr/bin
#
# delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT
# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth1 -o eth1 -j REJECT
# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Gateway
route del default;
route add default gw 192.168.1.1;
###########
## Squid ##
###########
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3129
echo -e "Ligacao alterada para VODAFONE\nVamos testar:\n";
#IP=`curl checkip.dyndns.org |cut -d " " -f 6|cut -d "<" -f 1`
IP=`lynx --dump checkip.dyndns.org|head -n 1|cut -d " " -f 7`
echo "IP externo: $IP";
--
root@gateway:~# cat /etc/squid/extra.conf
################
# Apt-Cacher #
################
#redirect_program /usr/lib/squid/jesred
#redirect_children 15
#cache_peer aptcacher parent 3142 7 proxy-only no-query no-netdb-exchange connect-timeout=15
#acl aptget browser #-i apt-get apt-http apt-cacher apt-proxy
#acl deburl urlpath_regex /(Packages|Sources|Release|Translations-.*)\(.(gpg|gz|bz2))?$ /pool/.*/\.deb$ /(Sources|Packages)\.diff/ /dists/[^/]*/[^/]*/(binary-.*|source)/.
#cache_peer_access aptcacher allow aptget
#cache_peer_access aptcacher allow deburl
#cache_peer_access aptcacher deny all
#never_direct allow aptget
#never_direct allow deburl
#never_direct deny all
################
# Interception #
################
http_port 3129 transparent
#################
# Reverse Proxy #
#################
#http_port 192.168.1.51:80 accel defaultsite=pcmedic.pt
#cache_peer 192.168.2.25 parent 80 0 no-query originserver name=pcmedicAccel
#cache_peer 192.168.2.25 parent 80 0 no-query originserver name=pcmedic.ath.cx
#acl our_website dstdomain pcmedic.pt
#http_access allow our_website
#cache_peer_access pcmedicAccel allow our_website
#cache_peer_access pcmedicAccel deny all
#################
# Blocks #
#################
# Media Streams
#rui.ferreira: desbloquiei o mms
## MediaPlayer MMS Protocol
#acl media rep_mime_type mms
#acl mediapr url_regex dvrplayer mediastream ^mms://
## (Squid does not yet handle the URI as a known proto type.)
## Active Stream Format (Windows Media Player)
#acl media rep_mime_type x-ms-asf
#acl mediapr2 urlpath_regex \.(afx|asf)(\?.*)?$
## Flash Video Format
#acl media rep_mime_type video/flv video/x-flv
#acl mediapr3 urlpath_regex \.flv(\?.*)?$
## Others currently unknown
acl media rep_mime_type ms-hdr
acl media rep_mime_type x-fcs
# Bloqueios
#http_access deny mediapr
#http_access deny mediapr2
#http_access deny mediapr3
#http_reply_access deny media
acl blocksites dstdomain -i "/etc/squid/squid-block.acl"
http_reply_access deny blocksites
## Flash General Media Scripts (Animation)
acl blockflash dstdomain -i "/etc/squid/block-flash.acl"
acl blockfl rep_mime_type application/x-shockwave-flash
acl blockedflash urlpath_regex \.swf(\?.*)?$
#http_reply_access deny blockfl blockfl
#################
# Normal Config #
#################
acl pcmedic_intra src 192.168.2.0/24
http_access allow pcmedic_intra
##debug
#debug_options ALL,1 33,2
--
root@gateway:~# cat /usr/local/bin/update-ip
#!/bin/bash
IP=`curl checkip.dyndns.org --interface eth1 2>/dev/null|cut -d " " -f 6|cut -d "<" -f 1`
echo "______________";
date +%F\ -\ %T;
/usr/sbin/ddclient -verbose -use=ip -ip $IP;
echo "--------------";