- nat 2º duvida
+ Responder ao Tópico
-
nat 2º duvida
Eu tenho adsl empresarial e uso um modem 3COM OCR812 router - antes de instalar o firewall e setava no modem no NAT uma estacao e algumas portas e ele jogava para essa estacao os pedidos de acesso remoto para essa estacao, agora coloquei um firewall e isso nao funciona mais o firewall recebe a conexao do router e manda pro switch que vai pras maquinas... quero conseguir acessar o firewall remotamente, creio q eu tenha q fazer um nat no iptables.. bem nao consegui.......
abaixo vai minha rc.local onde mantenho as confs do firewall se alguem souber o que eu posso fazer....
[]´z
Daniel
[root@linux rc.d]# cat rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
#Regras de Firewal ##############################
###################################################
#### NAO ALTERE SEM A DEVIDA PERMISSAO!! ###
###################################################
#habilitar IP forwarding
/bin/echo 1 > /proc/sys/net/ipv4/ip_forward
###################################################
###########################
##LIMPAR TABELAS ANTIGAS..#
###########################
/sbin/iptables -t nat -F
/sbin/iptables -F
/sbin/iptables -P INPUT ACCEPT
#########################################################
# Liberando Portas #
#########################################################
/sbin/iptables -A FORWARD -p TCP --dport 80 -j ACCEPT #www/http
/sbin/iptables -A INPUT -p TCP --dport 443 -j ACCEPT #www/https
/sbin/iptables -A INPUT -p TCP --dport 53 -j ACCEPT #dns
/sbin/iptables -A INPUT -p UDP --dport 53 -j ACCEPT #dns
/sbin/iptables -A INPUT -p TCP --dport 25 -j ACCEPT #pop3
/sbin/iptables -A INPUT -p TCP --dport 110 -j ACCEPT #smtp
/sbin/iptables -A INPUT -p UDP --dport 110 -j ACCEPT #smtp
/sbin/iptables -A FORWARD -p TCP --dport 22 -j ACCEPT #ssl
/sbin/iptables -A FORWARD -p UDP --dport 22 -j ACCEPT #ssl
/sbin/iptables -A INPUT -p TCP --dport 220 -j ACCEPT #imap3
/sbin/iptables -A INPUT -p UDP --dport 220 -j ACCEPT #imap3
/sbin/iptables -A INPUT -p TCP --dport 21 -j ACCEPT #ftp
/sbin/iptables -A INPUT -p UDP --dport 21 -j ACCEPT #ftp
/sbin/iptables -A INPUT -p TCP --dport 20 -j ACCEPT #ftp
/sbin/iptables -A INPUT -p UDP --dport 20 -j ACCEPT #ftp
/sbin/iptables -A INPUT -p TCP --dport 8080 -j ACCEPT #WEB2
####################################################
# Bloqueando Servicos P2P e Messaging #
##########################################################
/sbin/iptables -A FORWARD -d 64.124.41.0/24 -j REJECT #Napster
/sbin/iptables -A FORWARD -d 216.35.208.0/24 -j REJECT #IMesh
/sbin/iptables -A FORWARD -p TCP --dport 6346 -j REJECT #Bearshare
/sbin/iptables -A FORWARD -p TCP --dport 6346 -j REJECT #ToadNode
/sbin/iptables -A FORWARD -d 209.61.186.0/24 -j REJECT #WinMX
/sbin/iptables -A FORWARD -d 64.49.201.0/24 -j REJECT #WinMX
/sbin/iptables -A FORWARD -d 209.25.178.0/24 -j REJECT #Napigator
/sbin/iptables -A FORWARD -d 206.142.53.0/24 -j REJECT #Morpheus
/sbin/iptables -A FORWARD -p TCP --dport 1214 -j REJECT #Morpheus
/sbin/iptables -A FORWARD -d 213.248.112.0/24 -j REJECT #KaZaA
/sbin/iptables -A FORWARD -p TCP --dport 1214 -j REJECT #KaZaA
/sbin/iptables -A FORWARD -p TCP --dport 6346 -j REJECT #Limewire
/sbin/iptables -A FORWARD -d 64.245.58.0/23 -j REJECT #Audiogalaxy
##########################################################
##Liberando Acesso a Internet via Transparente Proxy.....#
##########################################################
# Libera acesso a internet
/sbin/iptables -t nat -A PREROUTING -p TCP -m multiport -s 192.168.1.0/24 --dport 80 -j REDIRECT --to-port 3128
#/sbin/iptables -t nat -A POSTROUNTIG -s 192.168.1.254/0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.31/0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
[root@linux rc.d]#
-
nat 2º duvida
c tem q aceitar entrada da porta 22 de ssh
acho que é;
iptables -A INPUT -p UDP --dport 22 -j ACCEPT
:twisted:
-
nat 2º duvida