- Iptables ! ! ! HELP ME
+ Responder ao Tópico
-
Iptables ! ! ! HELP ME
é o seguinte galera . . . inclui umas regras no meu firewall . . .
iptables -t nat -A PREROUTING -d 172.0.0.0/255.0.0.0 -i eth0 -j DNAT --to 10.0.0.1
iptables -t nat -A POSTROUTING -s 10.0.0.0/255.255.255.0 -o eth0 -j SNAT --to 172.0.0.1
blz a internet funciona so que está liberado tudo . .certo entao inclui as seguintes regras
iptables -A FORWARD -s 127.0.0.1 -j ACCEPT
iptables -A FORWARD -p tcp --dport 22 -j ACCEPT
iptables -A FORWARD -p udp --dport 22 -j ACCEPT
iptables -A FORWARD -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -p udp --dport 21 -j ACCEPT
iptables -A FORWARD -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -p udp --dport 25 -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -p udp --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -p udp --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1080 -j ACCEPT
iptables -A FORWARD -p udp --dport 1080 -j ACCEPT
iptables -A FORWARD -p tcp --dport 3128 -j ACCEPT
iptables -A FORWARD -p udp --dport 3128 -j ACCEPT
e depois
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p udp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p udp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p udp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p udp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 1080 -j ACCEPT
iptables -A INPUT -p udp --dport 1080 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -p udp --dport 3128 -j ACCEPT
blz mais todo mundo ainda accessa tudo . . entaum coloco
iptables -P INPUT DROP
blz ta funcionando a internet . . .ai quando insiro
iptables -P FORWARD DROP
ele trava tudo . . . O QUE ESTA ACONTECENDO ? ? ? ?
<IMG SRC="images/forum/icons/icon_mad.gif">
-
Iptables ! ! ! HELP ME
Tá faltando as linhas
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Devem ser as primeiras regras a serem colocadas logo após o DROP que tem que vir primeiro, depois vc libera o que quizer....
<IMG SRC="images/forum/icons/icon_wink.gif">
-
Iptables ! ! ! HELP ME
cria um script deste modo e coloca os endereços de sua rede, é bem simples mais funciona.
#! /bin/sh
#
# carga do iptable
case "$1" in
start)
modprobe ipt_MASQUERADE
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Bloqueia a porta 80
iptables -t nat -A PREROUTING -j DROP -p tcp --dport 80
iptables -t nat -A PREROUTING -j DROP -p tcp --dport 1214
iptables -t nat -A PREROUTING -j DROP -p tcp --dport 1340
iptables -t nat -A PREROUTING -j DROP -p tcp --dport 1341
# Mascaramento da placa eth1
iptables -t nat -A POSTROUTING -s 192.168.45.0/24 -j MASQUERADE
iptables -A FORWARD -s 192.168.45.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.45.0/24 -j ACCEPT
# Mascaramento da placa eth1:0
iptables -t nat -A POSTROUTING -s 172.16.0.0/16 -j MASQUERADE
iptables -A FORWARD -s 172.16.0.0/16 -j ACCEPT
iptables -A FORWARD -d 172.16.0.0/16 -j ACCEPT
# Mascaramento da placa eth1:1
iptables -t nat -A POSTROUTING -s 172.45.0.0/16 -j MASQUERADE
iptables -A FORWARD -s 172.45.0.0/16 -j ACCEPT
iptables -A FORWARD -d 172.45.0.0/16 -j ACCEPT
# Mascaramento da placa eth1:2
iptables -t nat -A POSTROUTING -s 172.23.0.0/16 -j MASQUERADE
iptables -A FORWARD -s 172.23.0.0/16 -j ACCEPT
iptables -A FORWARD -d 172.23.0.0/16 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
echo -n "Starting Firewall:"
return=$rc_failed
sleep 1
echo -e "$return"
;;
stop)
echo -n "Shutting down Firewall:"
iptables -F -t nat
iptables -F
;;
status)
echo -n "Checking for Firewall: "
iptables -L
iptables -L -t nat
;;
restart)
$0 stop && $0 start || return=$rc_failed
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
exit 1
esac
<IMG SRC="images/forum/icons/icon_biggrin.gif">
-
Iptables ! ! ! HELP ME
Futuremaxx . .
eu coloquei essa linha e blz ta dropando tudo , valeu . so que temos um problema depois de uns 10 minutos ele perde a conexão ! ! !
o que acontece ! ! !