+ Responder ao Tópico



  1. 20-05-2004, 13:34 #1
    daniell
    daniell está desconectado
    Avatar de daniell
    Ingresso
    Jan 2003
    Localização
    Brasília
    Posts
    290

    Padrão nat 2º duvida

    Eu tenho adsl empresarial e uso um modem 3COM OCR812 router - antes de instalar o firewall e setava no modem no NAT uma estacao e algumas portas e ele jogava para essa estacao os pedidos de acesso remoto para essa estacao, agora coloquei um firewall e isso nao funciona mais o firewall recebe a conexao do router e manda pro switch que vai pras maquinas... quero conseguir acessar o firewall remotamente, creio q eu tenha q fazer um nat no iptables.. bem nao consegui.......

    abaixo vai minha rc.local onde mantenho as confs do firewall se alguem souber o que eu posso fazer....

    []´z
    Daniel


    [root@linux rc.d]# cat rc.local
    #!/bin/sh
    #
    # This script will be executed *after* all the other init scripts.
    # You can put your own initialization stuff in here if you don't
    # want to do the full Sys V style init stuff.

    touch /var/lock/subsys/local


    #Regras de Firewal ##############################
    ###################################################
    #### NAO ALTERE SEM A DEVIDA PERMISSAO!! ###
    ###################################################

    #habilitar IP forwarding
    /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
    ###################################################

    ###########################
    ##LIMPAR TABELAS ANTIGAS..#
    ###########################

    /sbin/iptables -t nat -F
    /sbin/iptables -F
    /sbin/iptables -P INPUT ACCEPT
    #########################################################
    # Liberando Portas #
    #########################################################

    /sbin/iptables -A FORWARD -p TCP --dport 80 -j ACCEPT #www/http
    /sbin/iptables -A INPUT -p TCP --dport 443 -j ACCEPT #www/https
    /sbin/iptables -A INPUT -p TCP --dport 53 -j ACCEPT #dns
    /sbin/iptables -A INPUT -p UDP --dport 53 -j ACCEPT #dns
    /sbin/iptables -A INPUT -p TCP --dport 25 -j ACCEPT #pop3
    /sbin/iptables -A INPUT -p TCP --dport 110 -j ACCEPT #smtp
    /sbin/iptables -A INPUT -p UDP --dport 110 -j ACCEPT #smtp
    /sbin/iptables -A FORWARD -p TCP --dport 22 -j ACCEPT #ssl
    /sbin/iptables -A FORWARD -p UDP --dport 22 -j ACCEPT #ssl
    /sbin/iptables -A INPUT -p TCP --dport 220 -j ACCEPT #imap3
    /sbin/iptables -A INPUT -p UDP --dport 220 -j ACCEPT #imap3
    /sbin/iptables -A INPUT -p TCP --dport 21 -j ACCEPT #ftp
    /sbin/iptables -A INPUT -p UDP --dport 21 -j ACCEPT #ftp
    /sbin/iptables -A INPUT -p TCP --dport 20 -j ACCEPT #ftp
    /sbin/iptables -A INPUT -p UDP --dport 20 -j ACCEPT #ftp
    /sbin/iptables -A INPUT -p TCP --dport 8080 -j ACCEPT #WEB2



    ####################################################
    # Bloqueando Servicos P2P e Messaging #
    ##########################################################

    /sbin/iptables -A FORWARD -d 64.124.41.0/24 -j REJECT #Napster
    /sbin/iptables -A FORWARD -d 216.35.208.0/24 -j REJECT #IMesh
    /sbin/iptables -A FORWARD -p TCP --dport 6346 -j REJECT #Bearshare
    /sbin/iptables -A FORWARD -p TCP --dport 6346 -j REJECT #ToadNode
    /sbin/iptables -A FORWARD -d 209.61.186.0/24 -j REJECT #WinMX
    /sbin/iptables -A FORWARD -d 64.49.201.0/24 -j REJECT #WinMX
    /sbin/iptables -A FORWARD -d 209.25.178.0/24 -j REJECT #Napigator
    /sbin/iptables -A FORWARD -d 206.142.53.0/24 -j REJECT #Morpheus
    /sbin/iptables -A FORWARD -p TCP --dport 1214 -j REJECT #Morpheus
    /sbin/iptables -A FORWARD -d 213.248.112.0/24 -j REJECT #KaZaA
    /sbin/iptables -A FORWARD -p TCP --dport 1214 -j REJECT #KaZaA
    /sbin/iptables -A FORWARD -p TCP --dport 6346 -j REJECT #Limewire
    /sbin/iptables -A FORWARD -d 64.245.58.0/23 -j REJECT #Audiogalaxy


    ##########################################################
    ##Liberando Acesso a Internet via Transparente Proxy.....#
    ##########################################################

    # Libera acesso a internet
    /sbin/iptables -t nat -A PREROUTING -p TCP -m multiport -s 192.168.1.0/24 --dport 80 -j REDIRECT --to-port 3128
    #/sbin/iptables -t nat -A POSTROUNTIG -s 192.168.1.254/0 -j MASQUERADE
    /sbin/iptables -t nat -A POSTROUTING -s 192.168.1.31/0 -j MASQUERADE

    echo 1 > /proc/sys/net/ipv4/ip_forward
    /sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE


    [root@linux rc.d]#
    Citação Citação
  2. 20-05-2004, 14:05 #2
    Soilwork-
    Visitante

    Padrão nat 2º duvida

    c tem q aceitar entrada da porta 22 de ssh

    acho que é;

    iptables -A INPUT -p UDP --dport 22 -j ACCEPT
    :twisted:
    Citação Citação
  3. 20-05-2004, 14:30 #3
    daniell
    daniell está desconectado
    Avatar de daniell
    Ingresso
    Jan 2003
    Localização
    Brasília
    Posts
    290

    Padrão nat 2º duvida

    isso nao resolveu
    Citação Citação



« Tópico Anterior | Próximo Tópico »