Página 2 de 2 PrimeiroPrimeiro 12
+ Responder ao Tópico



  1. #6
    felco
    acho q o problema eh broadcast

    iptables -F
    iptables -F -t nat
    iptables -X
    iptables -X -t nat

    iptables -t nat -P PREROUTING ACCEPT
    iptables -t nat -P POSTROUTING ACCEPT
    iptables -t nat -P OUTPUT ACCEPT
    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT ACCEPT

    iptables -t nat -A PREROUTING -m state --state INVALID -j DROP
    iptables -t nat -A PREROUTING -m unclean -j DROP

    #caso vc use squid na rede
    iptables -t nat -A PREROUTING -i eth1 -s 192.168.0.0/16 -p tcp --dport 80 -j REDIRECT --to-port 3128

    iptables -A INPUT -m state --state INVALID -j DROP
    iptables -A INPUT -m unclean -j DROP
    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A INPUT -i eth0 -s 0/0 -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -i eth1 -s 0/0 -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -i eth1 -s 192.168.0.0/16 -p tcp --dport 3128 -j ACCEPT
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 1 -j RETURN
    iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 2 -j ACCEPT
    iptables -A INPUT -j DROP

    iptables -A FORWARD -m state --state INVALID -j DROP
    iptables -A FORWARD -m unclean -j DROP
    iptables -A FORWARD -p tcp --dport 135 -j DROP
    iptables -A FORWARD -p udp -m multiport --dports 137,138 -j DROP
    iptables -A FORWARD -p tcp --dport 139 -j DROP
    iptables -A FORWARD -p tcp --dport 445 -j DROP
    iptables -A FORWARD -p udp --dport 445 -j DROP
    iptables -A FORWARD -p udp --dport 500 -j DROP
    iptables -A FORWARD -p tcp --dport 1039 -j DROP
    iptables -A FORWARD -p udp --dport 1050 -j DROP
    iptables -A FORWARD -p udp --dport 1065 -j DROP
    iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

    iptables -t nat -A POSTROUTING -m state --state INVALID -j DROP
    iptables -t nat -A POSTROUTING -m unclean -j DROP
    iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/16 -j MASQUERADE

  2. #7
    Citação Postado originalmente por felco
    acho q o problema eh broadcast

    iptables -F
    iptables -F -t nat
    iptables -X
    iptables -X -t nat

    iptables -t nat -P PREROUTING ACCEPT
    iptables -t nat -P POSTROUTING ACCEPT
    iptables -t nat -P OUTPUT ACCEPT
    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT ACCEPT

    iptables -t nat -A PREROUTING -m state --state INVALID -j DROP
    iptables -t nat -A PREROUTING -m unclean -j DROP

    #caso vc use squid na rede
    iptables -t nat -A PREROUTING -i eth1 -s 192.168.0.0/16 -p tcp --dport 80 -j REDIRECT --to-port 3128

    iptables -A INPUT -m state --state INVALID -j DROP
    iptables -A INPUT -m unclean -j DROP
    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A INPUT -i eth0 -s 0/0 -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -i eth1 -s 0/0 -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -i eth1 -s 192.168.0.0/16 -p tcp --dport 3128 -j ACCEPT
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 1 -j RETURN
    iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 2 -j ACCEPT
    iptables -A INPUT -j DROP

    iptables -A FORWARD -m state --state INVALID -j DROP
    iptables -A FORWARD -m unclean -j DROP
    iptables -A FORWARD -p tcp --dport 135 -j DROP
    iptables -A FORWARD -p udp -m multiport --dports 137,138 -j DROP
    iptables -A FORWARD -p tcp --dport 139 -j DROP
    iptables -A FORWARD -p tcp --dport 445 -j DROP
    iptables -A FORWARD -p udp --dport 445 -j DROP
    iptables -A FORWARD -p udp --dport 500 -j DROP
    iptables -A FORWARD -p tcp --dport 1039 -j DROP
    iptables -A FORWARD -p udp --dport 1050 -j DROP
    iptables -A FORWARD -p udp --dport 1065 -j DROP
    iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

    iptables -t nat -A POSTROUTING -m state --state INVALID -j DROP
    iptables -t nat -A POSTROUTING -m unclean -j DROP
    iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/16 -j MASQUERADE

    Eu tenho que aplicar essas regras no meu firewall ??

    Valeu!!



  3. #8
    felco
    faz um teste

  4. #9
    pflamellas
    Kra,
    naum sei se vai ajudar...mas vc já experiomentou verificar se não é erro de eth...as placas são confiaveis???






Tópicos Similares

  1. Perda de Pacotes
    Por RicardoVS no fórum Redes
    Respostas: 3
    Último Post: 14-08-2004, 22:15
  2. ** Perda de Pacote ***
    Por D3v3l0p3r no fórum Servidores de Rede
    Respostas: 1
    Último Post: 29-05-2004, 09:43
  3. Respostas: 11
    Último Post: 12-05-2004, 19:11
  4. pings altos e perda de pacotes..
    Por no fórum Redes
    Respostas: 18
    Último Post: 04-05-2004, 19:15
  5. Respostas: 5
    Último Post: 18-11-2003, 19:50

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L