Página 2 de 2 PrimeiroPrimeiro 12
+ Responder ao Tópico



  1. Mascaraapj,

    Como assim usar os 2 dns, explica melhor por favor.

    Obrigado.

  2. Pirigoso,

    Como faço pra verificar e marcar o retorno.

    Obrigado.



  3. posta ai as regras que vc criou no iop route e lista suas regras no ip rule

  4. Pirigoso,

    Segue abaixo a regra solicitada.

    #!/bin/bash
    iniciar(){
    #*******************************************************************************#
    #********** IPTABLES E ROTAS INTERNET - CENARIO PRINCIPAL COM 2 LINKS **********#
    #*******************************************************************************#
    echo " DEFINIDO VARIAVEIS "
    IF_LAN='eth0'
    IF_SPEEDY='eth1'
    IF_VIRTUA='eth2'

    echo " DEFINIDO GATEWAY DOS LINKS "
    GW_SPEEDY='200.168.160.129'
    GW_VIRTUA='201.6.156.1'

    echo " FAZENDO NAT NOS 2 LINKS "
    iptables -t nat -A POSTROUTING -o $IF_SPEEDY -j MASQUERADE
    iptables -t nat -A POSTROUTING -o $IF_VIRTUA -j MASQUERADE

    echo 1 > /proc/sys/net/ipv4/ip_forward

    iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu

    echo " COMPARTILHAMENTO ATIVADO "

    #***************************************************************************#
    #********** MARCANDO PACOTES - CRIANDO TABELAS - DEFINIDO DESTINO **********#
    #***************************************************************************#

    echo " MARCANDO PACOTES ENTRANDO NA ETH0 "
    iptables -t mangle -A PREROUTING -i $IF_LAN -p tcp --dport 80 -j MARK --set-mark 2
    iptables -t mangle -A PREROUTING -i $IF_LAN -p tcp --dport 443 -j MARK --set-mark 2
    iptables -t mangle -A PREROUTING -i $IF_LAN -p tcp --dport 25 -j MARK --set-mark 3
    iptables -t mangle -A PREROUTING -i $IF_LAN -p tcp --dport 110 -j MARK --set-mark 3

    echo " MARCANDO PACOTES GERADOS LOCAL "
    iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 2
    iptables -t mangle -A OUTPUT -p tcp --dport 443 -j MARK --set-mark 2
    iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark 3
    iptables -t mangle -A OUTPUT -p tcp --dport 110 -j MARK --set-mark 3

    echo " MONTANDO TABELAS DINAMICAS COM PRIORIDADE IGUAL"
    ip rule add fwmark 2 table 20 prio 20
    ip rule add fwmark 3 table 21 prio 20

    echo " DESTINANDO OS PACOTES "
    ip route add default via $GW_SPEEDY dev $IF_LINK1 table 20
    ip route add default via $GW_VIRTUA dev $IF_LINK2 table 21

    echo " LIMPANDO AS TABELEAS ROUTE "
    ip route flush cache

    echo " ROTEAMENTO DOS LINKS ATIVADO "



  5. Srs, apos novos testes cheguei na situacao que os emails sairam, mas nao entraram mais.

    segue meu script completo no cenario acima para que alguem possa me ajudar

    Obrigado.
    ----------------------------------------------------------------------------------------------
    #!/bin/bash
    iniciar(){
    #*******************************************************************************#
    #********** IPTABLES E ROTAS INTERNET - CENARIO PRINCIPAL COM 2 LINKS **********#
    #*******************************************************************************#
    echo " DEFINIDO VARIAVEIS "
    IF_LAN='eth0'
    IF_SPEEDY='eth1'
    IF_VIRTUA='eth2'
    IF_SVR='192.168.0.3'

    echo " DEFINIDO GATEWAY DOS LINKS "
    GW_SPEEDY='200.168.160.129'
    GW_VIRTUA='201.6.156.1'

    echo " FAZENDO NAT NOS 2 LINKS "
    iptables -t nat -A POSTROUTING -o $IF_SPEEDY -j MASQUERADE
    iptables -t nat -A POSTROUTING -o $IF_VIRTUA -j MASQUERADE

    echo 1 > /proc/sys/net/ipv4/ip_forward


    iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu


    echo " COMPARTILHAMENTO ATIVADO "

    #***************************************************************************#
    #********** MARCANDO PACOTES - CRIANDO TABELAS - DEFINIDO DESTINO **********#
    #***************************************************************************#
    echo " MARCANDO PACOTES ENTRANDO NA ETH0 "
    iptables -t mangle -A PREROUTING -i $IF_LAN -p tcp --dport 80 -j MARK --set-mark 2
    iptables -t mangle -A PREROUTING -i $IF_LAN -p tcp --dport 443 -j MARK --set-mark 2
    iptables -t mangle -A PREROUTING -i $IF_LAN -p tcp --dport 25 -j MARK --set-mark 3
    iptables -t mangle -A PREROUTING -i $IF_LAN -p tcp --dport 110 -j MARK --set-mark 3
    iptables -t mangle -A PREROUTING -i $IF_SRV -p tcp --dport 53 -j MARK --set-mark 3

    echo " MARCANDO PACOTES GERADOS LOCAL "
    iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 2
    iptables -t mangle -A OUTPUT -p tcp --dport 443 -j MARK --set-mark 2
    iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark 3
    iptables -t mangle -A OUTPUT -p tcp --dport 110 -j MARK --set-mark 3
    iptables -t mangle -A OUTPUT -i $IF_SRV -p tcp --dport 53 -j MARK --set-mark 3

    echo " MONTANDO TABELAS DINAMICAS COM PRIORIDADE IGUAL"
    ip rule add fwmark 2 table 20 prio 20
    ip rule add fwmark 3 table 21 prio 20

    echo " DESTINANDO OS PACOTES "
    ip route add default via $GW_SPEEDY dev $IF_LINK1 table 20
    ip route add default via $GW_VIRTUA dev $IF_LINK2 table 21

    echo " LIMPANDO AS TABELEAS ROUTE "
    ip route flush cache

    echo " ROTEAMENTO DOS LINKS ATIVADO "

    #***************************************************#
    #********** BLOQUEIOS DE SEGURANÇA PADRAO **********#
    #***************************************************#
    echo " Bloqueio da rede p2p kazza e outros "
    iptables -A FORWARD -p TCP --dport 1214 -j REJECT
    iptables -A FORWARD -p TCP --dport 6346 -j REJECT
    iptables -A FORWARD -p TCP --dport 6346 -j REJECT
    iptables -A FORWARD -p UDP --dport 1214 -j REJECT
    iptables -A FORWARD -d 213.248.112.0/24 -j REJECT
    iptables -A FORWARD -d 66.198.41.0/24 -j REJECT

    echo " Bloqueando Ping "
    #iptables -A FORWARD -p icmp --icmp-type echo-request -j DROP
    #iptables -A INPUT -p icmp -j REJECT --reject-with icmp-net-unreachable
    #iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP

    echo " Ping da morte "
    iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

    echo " Bloqueando Port Scanners Ocultos "
    iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT

    echo " Proteção contra Syn-floods "
    iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT

    #*********************************************************************#
    #********** DIRECIONANDO TODO TRAFEGO DA PORTA 80 PARA 3128 **********#
    #*********************************************************************#
    echo " Proxy transparente "
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128


    #******************************************************#
    #********** LIBERANDO ACESSO INTERNO DA REDE **********#
    #******************************************************#
    echo "Liberando acesso interno da rede"
    iptables -A INPUT -p tcp --syn -s 192.168.0.0/24 -j ACCEPT
    iptables -A OUTPUT -p tcp --syn -s 192.168.0.0/24 -j ACCEPT
    iptables -A FORWARD -p tcp --syn -s 192.168.0.0/24 -j ACCEPT
    iptables -A INPUT -p tcp --syn -s 127.0.0.1 -j ACCEPT

    #***************************************************************#
    #********** LIBERANDO ACESSO SSH E WEBMIN NO FIREWALL **********#
    #***************************************************************#
    echo "Liberando SSH Servidor Firewall"
    iptables -A INPUT -p tcp --dport 2220 -i eth1 -j ACCEPT
    iptables -A INPUT -p tcp --dport 2220 -i eth2 -j ACCEPT

    echo "Liberando Webmin Servidor Firewall"
    iptables -A INPUT -p tcp --dport 10000 -i eth1 -j ACCEPT
    iptables -A INPUT -p tcp --dport 10000 -i eth2 -j ACCEPT

    #**********************************************************#
    #********** ABRINDO PORTAS TCP E UDP DA INTERNET **********#
    #**********************************************************#
    echo "Abrindo portas TCP da Internet"
    iptables -A INPUT -m multiport -p tcp --dport 2220,25,53,80,81,110,143,443,2631,33893,3550,3650,5900,10000,1159,1259 -j ACCEPT
    iptables -A INPUT -m multiport -p tcp --dport 3350,4550,5550,6550,1010,8088,5500,1159,1259 -j ACCEPT

    echo "Abrindo portas UDP da Internet"
    iptables -A INPUT -m multiport -p udp --dport 25,53,2631,3650 -j ACCEPT

    #**********************************************************#
    #********** ENCAMINHADO PORTAS PARA REDE INTERNA **********#
    #**********************************************************#
    # Redirecionando Porta 33893 para o IP 192.168.0.3 - Servidor MS
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 33893:33893 -j DNAT --to-dest 192.168.0.3:3389
    iptables -A FORWARD -p tcp -i eth1 --dport 33893:33893 -d 192.168.0.3 -j ACCEPT
    iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 33893:33893 -j DNAT --to-dest 192.168.0.3:3389
    iptables -A FORWARD -p tcp -i eth2 --dport 33893:33893 -d 192.168.0.3 -j ACCEPT

    echo "Firewall:Redirecionamento da Porta 3389 MSTC para o ip 192.168.0.3"

    # Redirecionando Porta 53 para o IP 192.168.0.3 - Servidor MS
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 53:53 -j DNAT --to-dest 192.168.0.3:53
    iptables -A FORWARD -p tcp -i eth1 --dport 53:53 -d 192.168.0.3 -j ACCEPT
    iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 53:53 -j DNAT --to-dest 192.168.0.3:53
    iptables -A FORWARD -p tcp -i eth2 --dport 53:53 -d 192.168.0.3 -j ACCEPT

    echo "Firewall:Redirecionamento da Porta 53 DNS para o ip 192.168.0.3"

    # Redirecionando Porta 80 para o IP 192.168.0.3 - Servidor MS
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80:80 -j DNAT --to-dest 192.168.0.3:80
    iptables -A FORWARD -p tcp -i eth1 --dport 80:80 -d 192.168.0.3 -j ACCEPT
    echo "Firewall:Redirecionamento da Porta 80 HTTP para o ip 192.168.0.3"

    # Redirecionando Porta 25 para o IP 192.168.0.3 - Servidor MS
    iptables -t nat -A PREROUTING -i eth2 -p udp --dport 25:25 -j DNAT --to-dest 192.168.0.3:25
    iptables -A FORWARD -p udp -i eth2 --dport 25:25 -d 192.168.0.3 -j ACCEPT

    echo "Firewall:Redirecionamento da Porta 25 SMTP para o ip 192.168.0.3"

    # Redirecionando Porta 443 para o IP 192.168.0.3 - Servidor MS
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443:443 -j DNAT --to-dest 192.168.0.3:443
    iptables -A FORWARD -p tcp -i eth1 --dport 443:443 -d 192.168.0.3 -j ACCEPT
    echo "Firewall:Redirecionamento da Porta 443 HTTPS para o ip 192.168.0.3"

    # Redirecionando Porta 110 para o IP 192.168.0.3 - Servidor MS
    iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 110:110 -j DNAT --to-dest 192.168.0.3:110
    iptables -A FORWARD -p tcp -i eth2 --dport 110:110 -d 192.168.0.3 -j ACCEPT
    echo "Firewall:Redirecionamento da Porta 110 POP3 para o ip 192.168.0.3"

    # Redirecionando Porta 143 para o IP 192.168.0.3 - Servidor MS
    iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 143:143 -j DNAT --to-dest 192.168.0.3:143
    iptables -A FORWARD -p tcp -i eth2 --dport 143:143 -d 192.168.0.3 -j ACCEPT
    echo "Firewall:Redirecionamento da Porta 143 IMAP para o ip 192.168.0.3"

    # Redirecionando Porta 5900 para o IP 192.168.0.3 - Servidor MS
    iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 5900:5900 -j DNAT --to-dest 192.168.0.3:5900
    iptables -A FORWARD -p tcp -i eth2 --dport 5900:5900 -d 192.168.0.3 -j ACCEPT
    echo "Firewall:Redirecionamento da Porta 5900 VNC para o ip 192.168.0.3"


    echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter
    iptables -A FORWARD -m unclean -j DROP
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -p tcp --syn -j DROP
    }
    parar(){
    iptables -F
    iptables -t nat -F
    echo "Compartilhamento desativados"
    }
    case "$1" in
    "start") iniciar ;;
    "stop") parar ;;
    "restart") parar; iniciar ;;
    *) echo "Use os parâmetros start ou stop"
    esac






Tópicos Similares

  1. Problemas com DNS público para links diferentes....
    Por andrefernando25 no fórum Redes
    Respostas: 1
    Último Post: 17-04-2015, 12:58
  2. Problema com divisão de links.
    Por ilune no fórum Redes
    Respostas: 2
    Último Post: 18-09-2010, 15:06
  3. Divisao de links
    Por no fórum Servidores de Rede
    Respostas: 0
    Último Post: 24-11-2003, 17:34
  4. Divisao de links
    Por no fórum Servidores de Rede
    Respostas: 0
    Último Post: 24-11-2003, 17:33
  5. problemas com DNS
    Por beastie no fórum Servidores de Rede
    Respostas: 2
    Último Post: 01-08-2003, 09:04

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L