Pessoal adoro linux mais todas vez que eu faco um servidor as vezes funciona as vezes naum alguem pode me ajudar apos colocar esse firewall ele naum funciona o site do uol e o msn quando eu coloco o squid ele funciona o site do uol mais o msn naum conecta vou colocar as regras a abaixo
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -F
iptables -t nat -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
# Proxy transparente
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
#NAT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -o eth1 -m state --state NEW,INVALID -j ACCEPT
iptables -A FORWARD -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
#Acesso Web e Servidor web
#iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
#iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
iptables -A FORWARD -p tcp --dport 3128 -j ACCEPT
#libera DNS
#iptables -A INPUT -p tcp --dport 53 -j ACCEPT
#iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -p udp --dport 53 -j ACCEPT
#orkut bloqueado apenas paraum
iptables -A FORWARD -s 192.168.0.18 -d 443 -j DROP
iptables -A FORWARD -s 192.168.0.17 -d 443 -j DROP
#iptables -A FORWARD -d orkut - Login -p tcp --dport 443 -j DROP
#iptables -A INPUT -d orkut - Login -p tcp --dport 443 -j DROP
#iptables -A FORWARD -d orkut.com -p tcp --dport 443 -j DROP
#iptables -A INPUT -d orkut.com -p tcp --dport 443 -j DROP
#Bloqueia acesso
iptables -A FORWARD -s 192.168.0.18 -j DROP
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
#FTP
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A FORWARD -p tcp --dport 22 -j ACCEPT
# Ping
#iptables -A FORWARD -p icmp --icmp-type echo-request -j ACCEPT
#iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
# Banespa
iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
iptables -A INPUT -p tcp --dport 30005 -j ACCEPT
iptables -A FORWARD -p tcp --dport 8000 -j ACCEPT
iptables -A FORWARD -p tcp --dport 30005 -j ACCEPT
# SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A FORWARD -p tcp --dport 22 -j ACCEPT
#Banco Atualização e msn para autenticacao
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp --dport 443 -j ACCEPT
#MSN
iptables -A INPUT -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1863 -j ACCEPT
#vnc
iptables -A INPUT -p tcp --dport 5800 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5800 -j ACCEPT
iptables -A INPUT -p tcp --dport 5900 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5900 -j ACCEPT
iptables -A INPUT -p tcp --sport 5900 -j ACCEPT
iptables -A FORWARD -p tcp --sport 5900 -j ACCEPT
#Terminal Service
iptables -A INPUT -p tcp --dport 3389 -j ACCEPT
iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT
iptables -A INPUT -p tcp --sport 3389 -j ACCEPT
iptables -A FORWARD -p tcp --sport 3389 -j ACCEPT
#VNC
iptables -t nat -A PREROUTING -p tcp --dport 5900 -i eth0 -j DNAT --to 192.168.0.1:5900
iptables -t nat -A PREROUTING -p tcp --dport 5800 -i eth0 -j DNAT --to 192.168.0.1:5800
#Terminal Service
iptables -t nat -A PREROUTING -s 0/0 -m tcp -p tcp -i eth0 --dport 3389 -j DNAT --to-destination 192.168.0.1:3389
#Camera Pico
iptables -A INPUT -p tcp --dport 1899 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1899 -j ACCEPT
iptables -A INPUT -p tcp --sport 1899 -j ACCEPT
iptables -A FORWARD -p tcp --sport 1899 -j ACCEPT
iptables -t nat -A PREROUTING -s 0/0 -m tcp -p tcp -i eth0 --dport 1899 -j DNAT --to-destination 192.168.0.5:1899
iptables -A INPUT -p tcp --dport 1999 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1999 -j ACCEPT
iptables -A INPUT -p tcp --sport 1999 -j ACCEPT
iptables -A FORWARD -p tcp --sport 1999 -j ACCEPT
iptables -t nat -A PREROUTING -s 0/0 -m tcp -p tcp -i eth0 --dport 1999 -j DNAT --to-destination 192.168.0.5:1999
#Sql
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -A FORWARD -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp --sport 3306 -j ACCEPT
iptables -A FORWARD -p tcp --sport 3306 -j ACCEPT
iptables -t nat -A PREROUTING -s 0/0 -m tcp -p tcp -i eth0 --dport 1999 -j DNAT --to-destination 192.168.0.1:3306
#VPN
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p tcp --sport 1723 -j ACCEPT
iptables -A FORWARD -p tcp --sport 1723 -j ACCEPT
iptables -t nat -A PREROUTING -s 0/0 -m tcp -p tcp -i eth0 --dport 1723 -j DNAT --to-destination 192.168.0.1:1723
Agora o Squid
http_port 3128
cache_mem 32 MB
cache_dir ufs /var/spool/squid 100 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
memory_pools off
maximum_object_size_in_memory 8 KB
maximum_object_size 30 MB
visible_hostname serverint
# Proxy Transparente
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# Fim proxy transparente
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl Safe_ports port 2631 # Servico Social
acl Safe_ports port 1863 # MSN
acl Safe_ports port 10000 # Webmin
acl Safe_ports port 5800
acl Safe_ports port 5900
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow all
icp_access allow all
miss_access allow all
Agora quando coloquei em casa usando o ppp0 esta acontecendo de naum funcionar o msn o uol o que pode ser obrigado