+ Responder ao Tópico



  1. 1) Cola denovo as regras de iptables, tu tem o script também? Cola aqui novamente. Isso parece ser no iptables e desejo analisar todas as regras.

    2) Esse é o outro IP do servidor Windows, o 10.1.1.49, certo? Apartir do servidor roda esses comandos:

    Verifique se pinga.

    # ping 10.1.1.49

    # nmap -sV -P0 10.1.1.49

    E cola eles aqui. Desejo ver como a interface interna responde.

  2. 1) as regras do IPTables são as do firestarter. Não tenho um script para elas.
    Se quiser posso te passar o resultado do iptables, mas script não possuo.

    2)
    Código :
    root@serverlinux:/etc# ping 10.1.1.49
    PING 10.1.1.49 (10.1.1.49) 56(84) bytes of data.
    64 bytes from 10.1.1.49: icmp_req=1 ttl=128 time=0.378 ms
    64 bytes from 10.1.1.49: icmp_req=2 ttl=128 time=0.238 ms
    64 bytes from 10.1.1.49: icmp_req=3 ttl=128 time=0.213 ms
    ^C
    --- 10.1.1.49 ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 1998ms
    rtt min/avg/max/mdev = 0.213/0.276/0.378/0.073 ms
    root@serverlinux:/etc# nmap -sV -P0 10.1.1.49
     
    Starting Nmap 5.21 ( http://nmap.org ) at 2011-03-11 16:58 BRT
    Nmap scan report for 10.1.1.49
    Host is up (0.014s latency).
    Not shown: 979 closed ports
    PORT      STATE SERVICE       VERSION
    111/tcp   open  rpcbind       2-4 (rpc #100000)
    135/tcp   open  msrpc         Microsoft Windows RPC
    139/tcp   open  netbios-ssn
    445/tcp   open  netbios-ssn
    1039/tcp  open  status        1 (rpc #100024)
    1047/tcp  open  nlockmgr      1-4 (rpc #100021)
    1048/tcp  open  mountd        1-3 (rpc #100005)
    1801/tcp  open  unknown
    2049/tcp  open  nfs           2-3 (rpc #100003)
    2103/tcp  open  msrpc         Microsoft Windows RPC
    2105/tcp  open  msrpc         Microsoft Windows RPC
    2107/tcp  open  msrpc         Microsoft Windows RPC
    3389/tcp  open  ms-term-serv?
    5432/tcp  open  postgresql?
    49152/tcp open  msrpc         Microsoft Windows RPC
    49153/tcp open  msrpc         Microsoft Windows RPC
    49154/tcp open  msrpc         Microsoft Windows RPC
    49155/tcp open  msrpc         Microsoft Windows RPC
    49156/tcp open  msrpc         Microsoft Windows RPC
    49157/tcp open  msrpc         Microsoft Windows RPC
    49176/tcp open  msrpc         Microsoft Windows RPC
    MAC Address: B8:AC:6F:94:B4:33 (Unknown)
    Service Info: OS: Windows
     
    Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 92.92 seconds
    root@serverlinux:/etc#



  3. Código :
    root@serverlinux:/etc# iptables -v -n -L
    Chain INPUT (policy DROP 4 packets, 572 bytes)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 ACCEPT     tcp  --  *      *       201.10.120.2         0.0.0.0/0           tcp flags:!0x17/0x02 
        0     0 ACCEPT     udp  --  *      *       201.10.120.2         0.0.0.0/0           
        0     0 ACCEPT     tcp  --  *      *       201.10.128.3         0.0.0.0/0           tcp flags:!0x17/0x02 
        6   748 ACCEPT     udp  --  *      *       201.10.128.3         0.0.0.0/0           
        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 1/sec burst 5 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 0 limit: avg 1/sec burst 5 
        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:33434 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 1 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 13 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 14 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 17 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 18 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 5 limit: avg 2/sec burst 5 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 4 limit: avg 2/sec burst 5 
        0     0 LSI        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 DROP       all  --  *      *       224.0.0.0/8          0.0.0.0/0           
        0     0 DROP       all  --  *      *       0.0.0.0/0            224.0.0.0/8         
        0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0           
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0             
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
        0     0 LSI        all  -f  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 10/min burst 5 
        8  1579 INBOUND    all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
        4   247 INBOUND    all  --  eth1   *       0.0.0.0/0            10.1.1.1            
        0     0 INBOUND    all  --  eth1   *       0.0.0.0/0            187.7.131.36        
        2   286 INBOUND    all  --  eth1   *       0.0.0.0/0            10.1.1.255          
        4   572 LOG_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        4   572 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Unknown Input' 
     
    Chain FORWARD (policy DROP 19 packets, 19665 bytes)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 1/sec burst 5 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 0 limit: avg 1/sec burst 5 
        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:33434 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 1 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 17 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 18 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 5 limit: avg 2/sec burst 5 
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 4 limit: avg 2/sec burst 5 
        0     0 LSI        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
      138  6420 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU 
        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            10.1.1.49           tcp dpts:1:6889 
        0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            10.1.1.49           udp dpts:1:6889 
     8260  481K OUTBOUND   all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           
    12535   16M ACCEPT     tcp  --  *      *       0.0.0.0/0            10.1.1.0/24         state RELATED,ESTABLISHED 
       58  8516 ACCEPT     udp  --  *      *       0.0.0.0/0            10.1.1.0/24         state RELATED,ESTABLISHED 
        0     0 LOG_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Unknown Forward' 
     
    Chain OUTPUT (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 ACCEPT     tcp  --  *      *       187.7.131.36         201.10.120.2        tcp dpt:53 
        0     0 ACCEPT     udp  --  *      *       187.7.131.36         201.10.120.2        udp dpt:53 
        0     0 ACCEPT     tcp  --  *      *       187.7.131.36         201.10.128.3        tcp dpt:53 
        6   460 ACCEPT     udp  --  *      *       187.7.131.36         201.10.128.3        udp dpt:53 
        0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
        0     0 DROP       all  --  *      *       224.0.0.0/8          0.0.0.0/0           
        0     0 DROP       all  --  *      *       0.0.0.0/0            224.0.0.0/8         
        0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0           
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0             
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
       10  2374 OUTBOUND   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
        4  1447 OUTBOUND   all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           
        0     0 LOG_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Unknown Output' 
     
    Chain INBOUND (4 references)
     pkts bytes target     prot opt in     out     source               destination         
        8  1579 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
        6   533 ACCEPT     all  --  *      *       10.1.1.0/24          0.0.0.0/0           
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:22 
        0     0 ACCEPT     tcp  --  *      *       10.1.1.0/24          0.0.0.0/0           tcp dpt:53 
        0     0 ACCEPT     udp  --  *      *       10.1.1.0/24          0.0.0.0/0           udp dpt:53 
        0     0 LSI        all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     
    Chain LOG_FILTER (5 references)
     pkts bytes target     prot opt in     out     source               destination         
     
    Chain LSI (4 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 LOG_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound ' 
        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 
        0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound ' 
        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x04 
        0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound ' 
        0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Inbound ' 
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
     
    Chain LSO (0 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 LOG_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Outbound ' 
        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable

  4. continuação (não coube em um só post)

    Código :
    Chain OUTBOUND (3 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
     8123  470K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
       79 11613 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
       72  3448 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    root@serverlinux:/etc#



  5. Faltou a tabela NAT!

    # iptables -t nat -L -n






Tópicos Similares

  1. Respostas: 1
    Último Post: 24-03-2013, 09:13
  2. regras de NAT para Terminal service
    Por sender no fórum Servidores de Rede
    Respostas: 7
    Último Post: 26-07-2010, 12:53
  3. Respostas: 1
    Último Post: 04-08-2006, 15:44
  4. Respostas: 0
    Último Post: 04-08-2006, 13:03
  5. Regras de Iptables para servidor Web
    Por Lituano no fórum Servidores de Rede
    Respostas: 4
    Último Post: 03-06-2004, 14:25

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L