Página 1 de 9 123456 ... ÚltimoÚltimo
+ Responder ao Tópico



  1. #1
    Gostaria de acessar as máquinas Windows 98 que ficam atras de um servidor Conectiva Linux 8 ligado à internet por Speedy.
    Onde trabalho, estamos conectados a internet pelo Speedy, através de um windows 2000 server.
    Como faço para fazer controle remoto nas máquinas atras do servidor Linux?
    Gostaria se possível de usar o VNC.

    Obrigado

    Paulo

  2. vc vai precisar fazer redirecionamento de pacotes com NAT...
    de uma olhada na seção proxy/nat/firewall



  3. #3
    Li os artigos da seção e também dúvidas semelhantes existentes no forum, mas continua não funcionando...
    Uso Iptables no servidor linux, segui as instruções tanto dos artigos quanto do forum e nada de funcionar....

  4. #4
    Estou tentando acessar através da internet, as máquinas da rede interna, usando o VNC, mas não consigo. Se alguem puder me ajudar, fico agradecido.
    Segue abaixo meu script de firewall, os endereços abaixo são os utilizados em máquinas de teste. O 192.168.1.98 representa o endereço válido na internet e o 192.168.2.1 o ip da rede interna.
    No kernel.log estão as seguintes mensagens.

    Obrigado
    Paulo

    kernel.log

    Dec 19 17:00:21 cobaiaserver kernel: IPT FORWARD packet died:IN=eth0 OUT=eth1 SRC=192.168.1.1 DST=192.168.2.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=7515 DF PROTO=TCP SPT=62678 DPT=5900 WINDOW=64240 RES=0x00 SYN URGP=0
    Dec 19 17:00:24 cobaiaserver kernel: IPT FORWARD packet died:IN=eth0 OUT=eth1 SRC=192.168.1.1 DST=192.168.2.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=7645 DF PROTO=TCP SPT=62678 DPT=5900 WINDOW=64240 RES=0x00 SYN URGP=0
    Dec 19 17:00:30 cobaiaserver kernel: IPT FORWARD packet died:IN=eth0 OUT=eth1 SRC=192.168.1.1 DST=192.168.2.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=7866 DF PROTO=TCP SPT=62678 DPT=5900 WINDOW=64240 RES=0x00 SYN URGP=0



    Script Firewall

    #
    #1 Configuration options
    #
    # 1.1 Internet Configuration
    INET_IP="192.168.1.98"
    INET_IFACE="eth0"
    #1.1.1 DHCP
    #1.1.2 PPPoE

    #1.2 Local Area Network configuration
    #
    #
    LAN_IP="192.168.2.1"
    LAN_IP_RANGE="192.168.2.0/24"
    LAN_BCAST_ADRESS="192.168.2.255"
    LAN_IFACE="eth1"

    #1.3 DMZ Configuration

    #1.4 Localhost Configuration
    LO_IFACE="lo"
    LO_IP="127.0.0.1"

    #1.5 IPTables Configuration
    IPTABLES="/usr/sbin/iptables"

    #1.6 Other Configuration

    #2. Module loading

    /sbin/depmod -a

    #2.1 Required modules
    #
    /sbin/modprobe ip_tables
    /sbin/modprobe ip_conntrack
    /sbin/modprobe iptable_filter
    /sbin/modprobe iptable_mangle
    /sbin/modprobe iptable_nat
    /sbin/modprobe ipt_LOG
    /sbin/modprobe ipt_limit
    /sbin/modprobe ipt_state

    #
    #2.2 Non-Required modules

    #/sbin/modprobe ipt_owner
    #/sbin/modprobe ipt_REJECT
    #/sbin/modprobe ipt_MASQUERADE
    #/sbin/modprobe ip_conntrack_ftp
    #/sbin/modprobe ip_conntrack_irc

    #
    #3. /proc set up
    #

    #3.1 Required proc configuration
    #

    echo "1" >/proc/sys/net/ipv4/ip_forward

    #
    #3.2 Non-Required proc configuration

    #echo "1" >/proc/sys/net/ipv4/conf/all/rp_filter
    #echo "1" >/proc/sys/net/ipv4/conf/all/proxy_arp
    #echo "1" >/proc/sys/net/ipv4/ip_dynaddr

    #
    #4. rule set up

    #4.1 Filter table

    #4.1.1 Set policies

    $IPTABLES -P INPUT DROP
    $IPTABLES -P OUTPUT DROP
    $IPTABLES -P FORWARD DROP

    #
    #4.1.2 Create user specified chains

    #
    #Create chain for bad tcp packets

    $IPTABLES -N bad_tcp_packets

    #
    #Create separate chains for ICMP, TCP and UDP to traverse

    $IPTABLES -N allowed
    $IPTABLES -N icmp_packets
    $IPTABLES -N tcp_packets
    $IPTABLES -N udpincoming_packets

    #
    #4.1.3 Create content in user specified chains


    #bad_tcp_packets chain

    $IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \
    --log-prefix "New not syn:"
    $IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP

    #
    #allowed chain

    $IPTABLES -A allowed -p TCP --syn -j ACCEPT
    $IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
    $IPTABLES -A allowed -p TCP -j DROP

    #
    #TCP RULES

    #$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 21 -j allowed
    #$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed
    #$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed
    #$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 113 -j allowed
    $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 5900 -j allowed
    $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 5800 -j allowed

    #UDP PORTS

    #$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --destination-port 53 -j ACCEPT
    #$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --destination-port 123 -j ACCEPT
    #$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --destination-port 2074 -j ACCEPT
    #$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --destination-port 4000 -j ACCEPT

    #ICMP RULES

    $IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
    $IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT

    #4.1.4 INPUT CHAIN

    # BAD TCP PACKETS WE DON´T WANT

    $IPTABLES -A INPUT -p tcp -j bad_tcp_packets

    #RULES FOR SPECIAL NETWORKS NOT PART OF THE INTERNET

    $IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT
    $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
    $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
    $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
    $IPTABLES -A INPUT -p ALL -i $LAN_IFACE -d $LAN_BCAST_ADRESS -j ACCEPT

    #RULES FOR INCOMING PACKETS FROM THE INTERNET
    $IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED -j ACCEPT
    $IPTABLES -A INPUT -p TCP -i $INET_IFACE -j tcp_packets
    $IPTABLES -A INPUT -p UDP -i $INET_IFACE -j udpincoming_packets
    $IPTABLES -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets
    $IPTABLES -A INPUT -p TCP -s 192.168.1.1 -j ACCEPT

    #LOG WEIRD PACKETS THAT DON´T MATCH THE ABOVE

    $IPTABLES -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
    --log-level DEBUG --log-prefix "IPT INPUT packet died:"

    #4.1.5 FORWARD CHAIN

    #BAD TCP PACKETS WE DON´T WANT

    $IPTABLES -A FORWARD -p tcp -j bad_tcp_packets

    #ACCEPTS THE PACKETS WE ACTUALLY WANT TO FORWARD

    $IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
    $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    $IPTABLES -A FORWARD -i eth0 -s 192.168.1.1 -o eth1 -j ACCEPT
    $IPTABLES -A FORWARD -p TCP -i eth0 -o eth1 -d 192.168.2.2 --dport 5800 -j ACCEPT

    #LOG WEIRD PACKETS THAT DON´T MATCH THE ABOVE

    $IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG \
    --log-level DEBUG --log-prefix "IPT FORWARD packet died:"

    #4.1.6 OUTPUT CHAIN

    #BAD TCP PACKETS WE DON´T WANT

    $IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets

    #SPECIAL OUTPUT RULES TO DECIDE WHICH IP´S TO ALLOW

    $IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
    $IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
    $IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT

    #LOG WEIRD PACKETS THAT DON´T MATCH THE ABOVE

    $IPTABLES -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
    --log-level DEBUG --log-prefix "IPT OUTPUT packet died:"

    #4.2 NAT TABLE

    #4.2.1 SET POLICIES

    #4.2.2 CREATE USER SPECIFIED CHAINS

    #4.2.3 CREATE CONTENT IN USER SPECIFIED CHAINS

    #4.2.4 PREROUTING CHAIN
    $IPTABLES -t nat -A PREROUTING -p tcp -d 192.168.1.98 --dport 5900 -j DNAT --to 192.168.2.2


    #4.2.5 POSTROUTING CHAIN

    #ENABLESIMPLE IP FORWARDING AND NETWORK ADDRESS TRANSLATION

    $IPTABLES -t nat -A POSTROUTING -p tcp -s 192.168.2.2 --sport 5900 -j SNAT --to 192.168.1.98
    $IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP

    #4.2.6 OUTPUT CHAIN

    #4.3 MANGLE TABLE

    #4.3.1 SET POLICIES

    #4.3.2 CREATE USER SPECIFIED CHAINS

    #4.3.3 CREATE CONTENT IN USER SPECIFIED CHAINS

    #4.3.4 PREROUTING CHAIN

    #4.3.5 INPUT CHAIN

    #4.3.6 FORWARD CHAIN

    #4.3.7 OUTPUT CHAIN

    #4.3.8 POSTROUTING CHAIN








  5. #5
    Mr_Mind
    so um comentario ...
    pq vcs complicam tanto? <IMG SRC="images/forum/icons/icon_eek.gif">






Tópicos Similares

  1. Configurar internet em duas placas de rede no slackware
    Por riparg2000 no fórum Sistemas Operacionais
    Respostas: 10
    Último Post: 23-07-2012, 07:34
  2. Como configurar um servidor para liberar a internet em duas placa de rede
    Por edileyoliveira no fórum Servidores de Rede
    Respostas: 2
    Último Post: 07-07-2009, 09:12
  3. VPN do Windows atrás de firewall Linux
    Por worldwide no fórum Servidores de Rede
    Respostas: 14
    Último Post: 05-01-2006, 12:08
  4. Atualizar arkivos em rede apartir de um server
    Por Savio no fórum Servidores de Rede
    Respostas: 1
    Último Post: 13-12-2004, 08:26
  5. Duvida serviços internet em rede interna
    Por estanisgeyer no fórum Servidores de Rede
    Respostas: 1
    Último Post: 21-07-2003, 19:21

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L