-
liberar ssh
opa pessoal la vem eu outra vez
estou com um firewall que configurei com a ajuda de voceis é um firewall DROP esta funcionando do jeito que eu queri so falta uma coisa eu poder acessar de qualquer lugar da internet via ssh mas isso não acontece na rede inter eu tenho o acesso segue o script
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t nat -P POSTROUTING DROP
iptables -t filter -A INPUT -p ALL -i lo -j ACCEPT
iptables -t filter -A OUTPUT -p ALL -o lo -j ACCEPT
iptables -t filter -A INPUT -p tcp -s 0/0 -d 192.168.0.1 --destination-port 22 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp -d 0/0 -s 192.168.0.1 --source-port 22 -j ACCEPT
iptables -t filter -A INPUT -p tcp -s 0/0 -d 192.168.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A INPUT -p icmp -s 0/0 -d 192.168.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A OUTPUT -p tcp -s 192.168.0.0/24 -d 0/0 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -s 192.168.0.0/24 -d 0/0 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -t filter -A FORWARD -p tcp -s 192.168.0.0/24 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A FORWARD -p udp -s 192.168.0.0/24 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A FORWARD -p icmp -s 192.168.0.0/24 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A FORWARD -p tcp -s 0/0 -d 192.168.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A FORWARD -p udp -s 0/0 -d 192.168.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A FORWARD -p icmp -s 0/0 -d 192.168.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A FORWARD -p icmp --icmp-type echo-request -s 192.168.0.0/24 -d 0/0 -m limit --limit 1/s -j ACCEPT
iptables -t nat -A POSTROUTING -p ALL -o ppp0 -s 192.168.0.0/24 -d 0/0 -j MASQUERADE
iptables -t filter -A FORWARD -p tcp -s 192.168.0.0/24 -d 0/0 -m multiport --dports 80,53,443 -j ACCEPT
iptables -t filter -A FORWARD -p udp -s 192.168.0.0/24 -d 0/0 -m multiport --dports 80,53,443 -j ACCEPT
me de uma luz no que eu estou errando
obrigado
-
opa consegui fazer funcionar so queria saber agora como eu fasso para meu firewall pingar para a internet e fazer meu apt-get funcionar
obrigado
-
Verifica as linhas de icmp, com relação ao apt-get, verifica se o firewall tem acesso as portas 80 e 21 (web e ftp)
Falow ...