Boa noite pessoal !
Depois de de pesquisar muito aqui no forum e na net resolvi postar esta duvida
A situação é a seguinte eu estou na rede 200.164.xxx.180 preciso acessar com o vnc uma maquina que ta com windows Xp numa rede interna atras de firewall e gateway desta rede eth0 189.3.xxx.119 eth1 192.168.10.0
a maquina em questão tem o seguinte IP 192.168.10.158
Já testei centenas de regras mas nenhuma funcionou e gostaria que alguem me desse uma luz
abaixo tem meu script de firewall que roda no slackware 10.2
desde de já agradeço a todos !!
IPT=/usr/sbin/iptables
PROGRAMA=/firewall
NET_IFACE=eth0
LAN_IFACE=eth1
LAN_V=eth1.1
MACLIST=/etc/maclist
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
modprobe ip_conntrack
modprobe iptable_nat
case $1 in
start)
$IPT -F
$IPT -t nat -F
$IPT -t filter -P FORWARD DROP
for i in `cat $MACLIST`; do
STATUS=`echo $i | cut -d ';' -f 1`
IPSOURCE=`echo $i | cut -d ';' -f 3`
MACSOURCE=`echo $i | cut -d ';' -f 2`
#echo $STATUS
#echo $IPSOURCE
#echo $MACSOURCE>>mac.txt
#sleep 1s
#Se status = a então eu libera a conexao
if [ $STATUS = "a" ]; then
$IPT -t filter -A FORWARD -d 0/0 -s $IPSOURCE -m mac --mac-source $MACSOURCE -j ACCEPT
$IPT -t filter -A FORWARD -d $IPSOURCE -s 0/0 -j ACCEPT
$IPT -t nat -A POSTROUTING -s $IPSOURCE -o $NET_IFACE -j MASQUERADE
$IPT -t filter -A INPUT -s $IPSOURCE -d 0/0 -m mac --mac-source $MACSOURCE -j ACCEPT
$IPT -t filter -A OUTPUT -s $IPSOURCE -d 0/0 -j ACCEPT
# Se for = b então bloqueia o MAC
else
$IPT -t filter -A FORWARD -m mac --mac-source $MACSOURCE -j DROP
$IPT -t filter -A INPUT -m mac --mac-source $MACSOURCE -j DROP
$IPT -t filter -A OUTPUT -m mac --mac-source $MACSOURCE -j DROP
fi
done
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
#Proteçao contra Syn-floods
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
#Port scanners ocultos
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
#Ping da morte
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
#Proteçao Contra IP Spoofing
iptables -A INPUT -s 10.0.0.0/8 -i eth1 -j DROP
#echo "Bloqueando P2P"
$IPT -A FORWARD -p TCP --dport 7778 -j ACCEPT
$IPT -A FORWARD -p TCP --dport 1030 -j ACCEPT
#iMesh
$IPT -A FORWARD -d 216.35.208.0/24 -j REJECT
#BearShare
$IPT -A FORWARD -p TCP --dport 6346 -j REJECT
#ToadNode
$IPT -A FORWARD -p TCP --dport 6346 -j REJECT
#WinMX
$IPT -A FORWARD -d 209.61.186.0/24 -j REJECT
$IPT -A FORWARD -d 64.49.201.0/24 -j REJECT
#Napigator
$IPT -A FORWARD -d 209.25.178.0/24 -j REJECT
#Morpheus
$IPT -A FORWARD -d 206.142.53.0/24 -j REJECT
$IPT -A FORWARD -p TCP --dport 1214 -j REJECT
#KaZaA
$IPT -A FORWARD -d 213.248.112.0/24 -j REJECT
$IPT -A FORWARD -p TCP --dport 1214 -j REJECT
#Limewire
$IPT -A FORWARD -p TCP --dport 6346 -j REJECT
#Audiogalaxy
$IPT -A FORWARD -d 64.245.58.0/23 -j REJECT
#echo "Bloqueando Msn, Icq, AIM e etc"
#bloqueando ICQ
$IPT -A FORWARD -p TCP --dport 5190 -j REJECT
$IPT -A FORWARD -d login.icq.com -j REJECT
;;
stop)
$IPT -F
$IPT -Z
$IPT -t nat -F
$IPT -t filter -P FORWARD ACCEPT
echo "Atualizando....."
;;
restart)
$PROGRAMA stop
$PROGRAMA start
;;
esac