- dnat
+ Responder ao Tópico
-
dnat
ola pessoal
não consigo liberar aporta 8090 no speed home utilizando o dnat no cl 9
iptables -t nat -A PREROUTING -i $exit_dev -p tcp --dport 8090 -j DNAT
--to-destination 192.168.0.3:8090
se alguem puder ajudar
tks
-
dnat
-o $ext_if
deve ser isso aí
-
dnat
ola shadow
não deve ser...houve um erro
iptables v1.2.7a can´t use -o with PREROUTING
-
Re: dnat
# Abre algumas portas
iptables -A INPUT -p tcp --destination-port 8090 -j ACCEPT
# Redireciona algumas portas
iptables -t nat -A PREROUTING -i etho -p tcp --dport 8090 -j DNAT --to-dest 192.168.0.2:8090
iptables -A FORWARD -p tcp -i eth0 --dport 8090 -d 192.168.0.2 -j ACCEPT
Tenta essas regras e posta o resultado !!!
-
dnat
ola gatoseco..
as regras que voce sugeriu estão colocadas...mas somente eu consigo acesso digitando o ip(speedy)orta
quem esta fora da rede interna não
tks
-
dnat
ja te ocorreu que a porta pode estar bloqueada na telefonica?
-
dnat
Não acredito que a porta esteja bloqueada....mas testei com a 9000 e
o problema continua..
vai o script que utilizo.
#!/bin/sh
#/
###############################################################################
# #
# Script de inicialização de regras de firewall #
###############################################################################
# #
# Copyright (C) 2003 Free Software Foundation, Inc. #
# #
# This script is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2, or (at your option) #
# any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You find more about GPL at http://www.gnu.org. #
# #
###############################################################################
IPTABLES="/usr/sbin/iptables"
EXIT_DEV="ppp0"
IPNET=`ifconfig ppp0 | grep "end.:" | awk '{ print $3 }' | cut -d: -f 2`
INPUT_DEV="192.168.0.254"
REDE_IP="192.168.0.0/24"
MAQWEB="192.168.0.2"
/sbin/insmod ip_tables
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
#
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F..
$IPTABLES -F
$IPTABLES -X
$IPTABLES -Z
$IPTABLES -L -v -n
#
$IPTABLES -N BLOCK
$IPTABLES -A BLOCK -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A BLOCK -m state --state NEW -i ! $EXIT_DEV -j ACCEPT
$IPTABLES -A BLOCK -j DROP
$IPTABLES -A INPUT
$IPTABLES -A INPUT -j BLOCK
$IPTABLES -A FORWARD -j BLOCK
#
$IPTABLES -A INPUT -p tcp --destination-port 8090 -j ACCEPT
$IPTABLES -I FORWARD -i ppp0 -p tcp --dport 8090 -d $INPUT_DEV -j ACCEPT
$IPTABLES -I FORWARD -p tcp --sport 8090 -s $INPUT_DEV -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp -d $IPNET --dport 8090 -j DNAT --to $MAQWEB
$IPTABLES -t nat -A POSTROUTING -p tcp -d $MAQWEB --dport 8090 -j SNAT --to $IPNET
#
$IPTABLES -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
$IPTABLES -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
$IPTABLES -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT
$IPTABLES -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
$IPTABLES -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
$IPTABLES -t filter -A INPUT -j ACCEPT -i lo
$IPTABLES -t filter -A FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED
$IPTABLES -t filter -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
$IPTABLES -A FORWARD -i $EXIT_DEV -o $INPUT_DEV -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INPUT_DEV -o $EXIT_DEV -j ACCEPT
$IPTABLES -A FORWARD -j LOG
#
$IPTABLES -t nat -A POSTROUTING -o $EXIT_DEV -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -s 0.0.0.0/0 -o $EXIT_DEV -j MASQUERADE
#
$IPTABLES -A INPUT -i $EXIT_DEV -m state --state NEW,INVALID -j DROP
$IPTABLES -A FORWARD -i $EXIT_DEV -m state --state NEW,INVALID -j DROP
$IPTABLES -L -v -n
help..please
tks
-
dnat
Você está conseguindo fazer nat normalmente?
Para fazer mascaramento você precisa carregar o modulo de Nat
#modprobe iptable_nat
Talvez funcione
Abraços
-
dnat
o nat ta funcionando normal....
o que não consigo e liberar a porta 8089 pro apache
tks
-
-