Pessoal do forum, cm vai a vida?
é o seguinte..
tenho umas regras de iptables que reidrecionam todos os pakotes que n estejam marcados com "0x01" para a pagina interna da empresa
agor é o segunte para librer os IP's é preciso fazer um login via htps e só então os pakotes vindos desse IP passam a ter marcados "0x01" e consequentemente, acesso livre.. perceberam a coisa?
só que preciso primeiro aceder ao https sem ser redirecionado para a porta 80.. n tou a conseguir fazer isso.. por favor verifiquem o que está mal nas minhas regras:
-----------------------------------------------------------------------------------
#!/bin/sh
IPTABLES="/usr/local/sbin/iptables"
WIFI="eth0"
NET_IF="eth1"
PROXY="192.168.0.x"
$IPTABLES -t mangle -F
$IPTABLES -t nat -F
$IPTABLES -t filter -F
$IPTABLES -t filter -P INPUT ACCEPT
$IPTABLES -t filter -P FORWARD ACCEPT
$IPTABLES -t filter -P OUTPUT ACCEPT
$IPTABLES -t filter -F INPUT
$IPTABLES -t filter -F FORWARD
$IPTABLES -t filter -F OUTPUT
echo 1 > /proc/sys/net/ipv4/ip_forward
###############################################################################
$IPTABLES -t filter -A INPUT -i lo -s 127.0.0.1 -j ACCEPT
$IPTABLES -t filter -A FORWARD -i lo -s 127.0.0.1 -j ACCEPT
$IPTABLES -t filter -A OUTPUT -o lo -s 127.0.0.1 -j ACCEPT
###############################################################################
$IPTABLES -A INPUT -i $WIFI -p tcp --dport 443 -j ACCEPT #(NAO FUNCIONA!!!) <--
###############################################################################
$IPTABLES -t nat -I PREROUTING -p tcp -i $WIFI -m mark ! --mark 1 -j REDIRECT --to-port 80
###############################################################################
$IPTABLES -t nat -I POSTROUTING -o $NET_IF -j MASQUERADE
###############################################################################
#$IPTABLES -t nat -A PREROUTING -i $WIFI -p tcp --dport 80 -j REDIRECT --to-port 3128
###############################################################################
#$IPTABLES -t nat -A PREROUTING -i $WIFI -p tcp --dport 80 -j DNAT --to $PROXY:3128
-----------------------------------------------------------------------------------------------
o problema é que n consigo acecder á porta 443 do servidor, pois sou redirecionado para a 80, visto que os pakotes vindos da minha maquina ainda n foram marcados com "0x01", o que só akonteçe depois do login válido .
Ajuda é mto bem vinda