Página 2 de 3 PrimeiroPrimeiro 123 ÚltimoÚltimo
+ Responder ao Tópico



  1. ja te ocorreu que a porta pode estar bloqueada na telefonica?

  2. #7
    jedi2
    Não acredito que a porta esteja bloqueada....mas testei com a 9000 e
    o problema continua..


    vai o script que utilizo.


    #!/bin/sh
    #/
    ###############################################################################
    # #
    # Script de inicialização de regras de firewall #
    ###############################################################################
    # #
    # Copyright (C) 2003 Free Software Foundation, Inc. #
    # #
    # This script is free software; you can redistribute it and/or modify #
    # it under the terms of the GNU General Public License as published by #
    # the Free Software Foundation; either version 2, or (at your option) #
    # any later version. #
    # #
    # This program is distributed in the hope that it will be useful, #
    # but WITHOUT ANY WARRANTY; without even the implied warranty of #
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
    # GNU General Public License for more details. #
    # #
    # You find more about GPL at http://www.gnu.org. #
    # #
    ###############################################################################

    IPTABLES="/usr/sbin/iptables"
    EXIT_DEV="ppp0"
    IPNET=`ifconfig ppp0 | grep "end.:" | awk '{ print $3 }' | cut -d: -f 2`
    INPUT_DEV="192.168.0.254"
    REDE_IP="192.168.0.0/24"
    MAQWEB="192.168.0.2"
    /sbin/insmod ip_tables
    echo "1" > /proc/sys/net/ipv4/ip_forward
    echo "1" > /proc/sys/net/ipv4/ip_dynaddr
    #
    $IPTABLES -P INPUT ACCEPT
    $IPTABLES -F INPUT
    $IPTABLES -P OUTPUT ACCEPT
    $IPTABLES -F OUTPUT
    $IPTABLES -P FORWARD DROP
    $IPTABLES -F FORWARD
    $IPTABLES -t nat -F..
    $IPTABLES -F
    $IPTABLES -X
    $IPTABLES -Z
    $IPTABLES -L -v -n
    #
    $IPTABLES -N BLOCK
    $IPTABLES -A BLOCK -m state --state ESTABLISHED,RELATED -j ACCEPT
    $IPTABLES -A BLOCK -m state --state NEW -i ! $EXIT_DEV -j ACCEPT
    $IPTABLES -A BLOCK -j DROP
    $IPTABLES -A INPUT
    $IPTABLES -A INPUT -j BLOCK
    $IPTABLES -A FORWARD -j BLOCK
    #
    $IPTABLES -A INPUT -p tcp --destination-port 8090 -j ACCEPT
    $IPTABLES -I FORWARD -i ppp0 -p tcp --dport 8090 -d $INPUT_DEV -j ACCEPT
    $IPTABLES -I FORWARD -p tcp --sport 8090 -s $INPUT_DEV -j ACCEPT
    $IPTABLES -t nat -A PREROUTING -p tcp -d $IPNET --dport 8090 -j DNAT --to $MAQWEB
    $IPTABLES -t nat -A POSTROUTING -p tcp -d $MAQWEB --dport 8090 -j SNAT --to $IPNET
    #
    $IPTABLES -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
    $IPTABLES -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
    $IPTABLES -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT
    $IPTABLES -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
    $IPTABLES -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
    $IPTABLES -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
    $IPTABLES -t filter -A INPUT -j ACCEPT -i lo
    $IPTABLES -t filter -A FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED
    $IPTABLES -t filter -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
    $IPTABLES -A FORWARD -i $EXIT_DEV -o $INPUT_DEV -m state --state ESTABLISHED,RELATED -j ACCEPT
    $IPTABLES -A FORWARD -i $INPUT_DEV -o $EXIT_DEV -j ACCEPT
    $IPTABLES -A FORWARD -j LOG
    #
    $IPTABLES -t nat -A POSTROUTING -o $EXIT_DEV -j MASQUERADE
    $IPTABLES -t nat -A POSTROUTING -s 0.0.0.0/0 -o $EXIT_DEV -j MASQUERADE
    #
    $IPTABLES -A INPUT -i $EXIT_DEV -m state --state NEW,INVALID -j DROP
    $IPTABLES -A FORWARD -i $EXIT_DEV -m state --state NEW,INVALID -j DROP
    $IPTABLES -L -v -n


    help..please

    tks



  3. #8
    underlinuxuser
    Você está conseguindo fazer nat normalmente?
    Para fazer mascaramento você precisa carregar o modulo de Nat
    #modprobe iptable_nat

    Talvez funcione

    Abraços

  4. #9
    jedi2
    o nat ta funcionando normal....
    o que não consigo e liberar a porta 8089 pro apache













    tks



  5. #10
    robsonzornitta
    pelo que lih ali em cima o pessoal de fora soh consegue acessar o speedy cum o iporta naum eh?

    1° pergunta: se teim rodandu um server dns?
    2° pergunta: se abriu a porta 53 do bind?
    3° pergunta: na tu lan as outras estações estaum conseguindo acessar o apache pelo ip do server e porta?

    bom pode ser besteira essas perguntas mais pode esclarecer algumas coisas!!






Tópicos Similares

  1. DNAT...
    Por lrezende no fórum Servidores de Rede
    Respostas: 9
    Último Post: 02-06-2003, 08:52
  2. DNAT para SSH
    Por escambau no fórum Servidores de Rede
    Respostas: 4
    Último Post: 02-04-2003, 13:43
  3. Squid e DNAT
    Por lite no fórum Servidores de Rede
    Respostas: 1
    Último Post: 19-03-2003, 08:01
  4. Squid e DNAT
    Por no fórum Servidores de Rede
    Respostas: 1
    Último Post: 14-03-2003, 10:14
  5. SNAT E DNAT
    Por ediguedes no fórum Servidores de Rede
    Respostas: 2
    Último Post: 20-02-2003, 07:05

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L