Under-Linux.org Fóruns - Ver Resposta Única

alexspe · 13-06-2008, 19:14

bom pessoal consigo pingar os gateways de ambas as redes
e consigo pingar tb os hosts de redes diferentes
mas nao consigo acessar os compartilhamentos de arquivos do windows xp das maquinas host e nem impressoras, mas consigo acessar as maquinhas pelo vnc(por exemplo)
meu iptables ta assim
-----------------------------------
echo "carregando firewall..............."

#limpando cadeias
iptables -t nat -F
iptables -t filter -F
iptables -t mangle -F

#politica padrao
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

#liberando loopback
iptables -A INPUT -i lo -j ACCEPT

#ativando mascaramento e compartilhamento de conexao
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

################ REGRAS INPUT
################

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#Liberando algumas portas no servidor
iptables -A INPUT -p tcp --dport 22 -j ACCEPT ########### SSH
iptables -A INPUT -p tcp --dport 9000 -j ACCEPT ######## WebUI Deluge
#iptables -A INPUT -p tcp --dport 8000 -j ACCEPT ######## Apache
iptables -A INPUT -p tcp --dport 8245 -j ACCEPT ######## Noip
iptables -A INPUT -p udp --dport 8767 -j ACCEPT ######## teamspeak

#abre tudo para rede WLAN 10.1.1.0/8
iptables -A INPUT -s 10.1.1.0/8 -j ACCEPT

#abre tudo para alguns ips da LAN mas com enlace IP-MAC
iptables -A INPUT -s 192.168.1.2 -m mac --mac-source 00:1E:8C:54:34:28 -j ACCEPT ###### ALEX
iptables -A INPUT -s 192.168.1.3 -m mac --mac-source 00:0E:A6:0F:55:A5 -j ACCEPT ###### MAE
iptables -A INPUT -s 192.168.1.4 -m mac --mac-source 00:E0:7D:E5:C5:59 -j ACCEPT ###### PAI
iptables -A INPUT -s 192.168.1.5 -m mac --mac-source 00:08:54:01:58:32 -j ACCEPT ###### PRENSA

################ REGRAS FORWARD
################

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

#ips da LAN com acesso total
iptables -A FORWARD -s 192.168.1.2 -j ACCEPT
iptables -A FORWARD -s 192.168.1.3 -j ACCEPT
iptables -A FORWARD -s 192.168.1.4 -j ACCEPT

#ips da WLAN com acesso total
iptables -A FORWARD -s 10.1.1.0/8 -j ACCEPT ##### (TODOS)

#ips com acesso controlado
iptables -A FORWARD -s 192.168.1.5 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.1.5 -d Uniformes Esportivos, Uniforme Esportivo - Spenassatto -j ACCEPT
iptables -A FORWARD -s 192.168.1.5 -d Google Analytics -j ACCEPT

################ FORWARD DE PORTAS PARA LAN
################
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 6891 -j DNAT --to-dest 192.168.1.2
iptables -A FORWARD -p tcp -i ppp0 --dport 6891 -d 192.168.1.2 -j ACCEPT

13-06-2008, 19:14	#10 (permalink)
bom pessoal consigo pingar os gateways de ambas as redes e consigo pingar tb os hosts de redes diferentes mas nao consigo acessar os compartilhamentos de arquivos do windows xp das maquinas host e nem impressoras, mas consigo acessar as maquinhas pelo vnc(por exemplo) meu iptables ta assim ----------------------------------- echo "carregando firewall..............." #limpando cadeias iptables -t nat -F iptables -t filter -F iptables -t mangle -F #politica padrao iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT #liberando loopback iptables -A INPUT -i lo -j ACCEPT #ativando mascaramento e compartilhamento de conexao echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE ################ REGRAS INPUT ################ iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #Liberando algumas portas no servidor iptables -A INPUT -p tcp --dport 22 -j ACCEPT ########### SSH iptables -A INPUT -p tcp --dport 9000 -j ACCEPT ######## WebUI Deluge #iptables -A INPUT -p tcp --dport 8000 -j ACCEPT ######## Apache iptables -A INPUT -p tcp --dport 8245 -j ACCEPT ######## Noip iptables -A INPUT -p udp --dport 8767 -j ACCEPT ######## teamspeak #abre tudo para rede WLAN 10.1.1.0/8 iptables -A INPUT -s 10.1.1.0/8 -j ACCEPT #abre tudo para alguns ips da LAN mas com enlace IP-MAC iptables -A INPUT -s 192.168.1.2 -m mac --mac-source 00:1E:8C:54:34:28 -j ACCEPT ###### ALEX iptables -A INPUT -s 192.168.1.3 -m mac --mac-source 00:0E:A6:0F:55:A5 -j ACCEPT ###### MAE iptables -A INPUT -s 192.168.1.4 -m mac --mac-source 00:E0:7D:E5:C5:59 -j ACCEPT ###### PAI iptables -A INPUT -s 192.168.1.5 -m mac --mac-source 00:08:54:01:58:32 -j ACCEPT ###### PRENSA ################ REGRAS FORWARD ################ iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT #ips da LAN com acesso total iptables -A FORWARD -s 192.168.1.2 -j ACCEPT iptables -A FORWARD -s 192.168.1.3 -j ACCEPT iptables -A FORWARD -s 192.168.1.4 -j ACCEPT #ips da WLAN com acesso total iptables -A FORWARD -s 10.1.1.0/8 -j ACCEPT ##### (TODOS) #ips com acesso controlado iptables -A FORWARD -s 192.168.1.5 -p udp --dport 53 -j ACCEPT iptables -A FORWARD -s 192.168.1.5 -d Uniformes Esportivos, Uniforme Esportivo - Spenassatto -j ACCEPT iptables -A FORWARD -s 192.168.1.5 -d Google Analytics -j ACCEPT ################ FORWARD DE PORTAS PARA LAN ################ iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 6891 -j DNAT --to-dest 192.168.1.2 iptables -A FORWARD -p tcp -i ppp0 --dport 6891 -d 192.168.1.2 -j ACCEPT	alexspe Registrado em: Jun 2008 Localização: Rio Grande do Sul Idade: 22 Posts: 23 Agradeceu: 0 Agradecido 0 vez(es) em 0 Posts Reputação: 9