Bom dia, estou precisando com urgência de uma ajuda.
É um seguinte:
Estou tentando fazer um redirecionameto da porta squid via NAT.
A minha rede interna é: 192.168.0.X, meu squid esta configurado para trabalhar na porta 3128.
Configuro nas estações para utilizarem o proxy para o endereço 192.168.0.1 porta 3128.
Minha interface local no firewall é eth1 192.168.0.1
Tenho as seguintes regras de Firewall:
#!/bin/sh
# Script Firewall
#
#
###################################################
# Definicoes Basicas
###################################################
IPTABLES="/sbin/iptables"
# HABILITANDO ROTEAMENTO
#
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
###################################################
# Limpeza geral
###################################################
$IPTABLES -F
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -F -t mangle
$IPTABLES -F -t nat
$IPTABLES -X
###################################################
#Setup de politicas
###################################################
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
############################################################
# NAT - NETWORK ADRESS TRANSLATION
############################################################
$IPTABLES -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j REDIRECT --to-port 3128
$IPTABLES -t nat -A PREROUTING -p udp -i eth1 --dport 80 -j REDIRECT --to-port 3128
####
# Rede Invalida
####
$IPTABLES -A FORWARD -i eth0 -o eth1 -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT
####
# Loopback interface
####
$IPTABLES -A INPUT -i lo -j ACCEPT
############################################################
# Regras Finais (DROP C/ LOG)
############################################################
$IPTABLES -A INPUT -j dropwall
$IPTABLES -A FORWARD -j dropwall
$IPTABLES -A OUTPUT -j dropwall
**** Dessa forma não a meio de fazer as estações navegarem, a log do squid não registra nada.
O firewall me retorna essa log
Dec 19 09:44:41 fw kernel: Dropwall:IN=eth1 OUT= MAC=00:06:29:26:00:94:00:11:5b:d4:c6:75:08:00 SRC=192.168.0.11 DST=192.168.0.1 LEN=378 TOS=0x00 PREC=0x00 TTL=128 ID=31212 DF PROTO=TCP SPT=1257 DPT=3128 WINDOW=15753 RES=0x00 ACK PSH URGP=0
Se criou uma regra de firewall de forma: (Retirando os DROPs)
#!/bin/sh
# Script Firewall
#
#
###################################################
# Definicoes Basicas
###################################################
IPTABLES="/sbin/iptables"
# HABILITANDO ROTEAMENTO
#
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
###################################################
# Limpeza geral
###################################################
$IPTABLES -F
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -F -t mangle
$IPTABLES -F -t nat
$IPTABLES -X
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
############################################################
# NAT - NETWORK ADRESS TRANSLATION
############################################################
$IPTABLES -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j REDIRECT --to-port 3128
$IPTABLES -t nat -A PREROUTING -p udp -i eth1 --dport 80 -j REDIRECT --to-port 3128
####
# Rede Invalida
####
$IPTABLES -A FORWARD -i eth0 -o eth1 -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT
####
# Loopback interface
####
$IPTABLES -A INPUT -i lo -j ACCEPT
Ai funciona, o que esta faltando tenho q criar mais alguma regra para porta 3128, como faço isso? em que ponto do script ela deve ser incluida...
Agradeço desde já.
WASLEY