Compartilhar Conexão PPPOE com Squid?

**fabianotecnico** · 18-07-2005, 10:32

Bom dia ...

Preciso de um HELP..

alias faz um tempinho que num precisava...rsrs...mas sabe como é nê!
queria compartilhar minha conexão....PPOE de uma lan...house

e num to conseguindo ...qual será o problema de portas?
pois quando levanto o squid ele não funciona a net...!

segue meu firewall...de lá da LAN HOUSE...

segue:

#!/bin/sh
#
# /etc/rc.d/rc.local: Local system initialization script.
#
# Put any local setup commands in here:
# Start the squid daemon:
# Iniciando o Servidor DHCP #

dhcpd

# Variaveis

iptables=/usr/sbin/iptables
IF_INTERNA=eth0
IF_EXTERNA=ppp0
NS_1=200.204.0.10
NS_2=200.204.0.138

# Zera regras e Determina a politica padrao #

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -P OUTPUT ACCEPT
iptables -A INPUT -p icmp -j DROP
iptables -A INPUT -m state --state INVALID -j DROP

# Ativa a Configuração #

ifconfig eth1 0.0.0.0

# Ativa modulos

modprobe ip_tables
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe ip_queue
modprobe ipt_LOG
modprobe ipt_MARK
modprobe ipt_MASQUERADE
modprobe ipt_REDIRECT
modprobe ipt_REJECT
modprobe ipt_TCPMSS
modprobe ipt_TOS
modprobe ipt_limit
modprobe ipt_mac
modprobe ipt_mark
modprobe ipt_multiport
modprobe ipt_owner
modprobe ipt_state
modprobe ipt_tcpmss
modprobe ipt_tos
modprobe ipt_unclean
modprobe iptable_filter
modprobe iptable_mangle
modprobe iptable_nat

# Bloqueando #

iptables -A INPUT -p udp -i ppp0 --dport 113 -j DROP
iptables -A INPUT -p tcp -i ppp0 --dport 113 -j DROP
iptables -A FORWARD -p tcp ! --syn -m state --state NEW -j LOG --log-level
6 --log-prefix "FIREWALL: NEW sem syn: "
iptables -A INPUT -i IF_EXTERNA -m unclean -j LOG --log-level 6
--log-prefix "FIREWALL: Mal formado: "
iptables -A INPUT -i IF_EXTERNA -m unclean -j DROP
iptables -A INPUT -p tcp --dport 3128 -j REJECT --reject-with
tcp-reset
iptables -A INPUT -j LOG --log-prefix "Pacote DESCARTADO"
iptables -A FORWARD -p tcp --dport 135 -i IF_INTERNA -j REJECT
iptables -A FORWARD -p tcp --syn -m limit --limit 2/s -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit
--limit 1/s -j ACCEPT
iptables -A FORWARD -p tcp ! --syn -m state --state NEW -j LOG --log-level
6 --log-prefix "FIREWALL: NEW sem syn: "
iptables -A FORWARD -p tcp --dport 135 -i IF_INTERNA -j REJECT
iptables -A FORWARD -p tcp --syn -m limit --limit 2/s -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s
-j ACCEPT
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit
1/s -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit
1/s -j ACCEPT
iptables -A INPUT -s 172.16.0.0/16 -i ppp0 -j DROP
iptables -A INPUT -s 192.168.1.0/24 -i ppp0 -j DROP

echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo "0" > /proc/sys/net/ipv4/tcp_syncookies
echo "8192" > /proc/sys/net/ipv4/ip_conntrack_max
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians

# Ssh #

iptables -A FORWARD -p tcp --sport 10648 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 10648 -j ACCEPT

# Rede #

iptables -A INPUT -p tcp --syn -s 192.168.0.0/255.255.255.0 -j ACCEPT
iptables -A OUTPUT -p tcp --syn -s 192.168.0.0/255.255.255.0 -j ACCEPT
iptables -A FORWARD -p tcp --syn -s 192.168.0.0/255.255.255.0 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -s 127.0.0.1 -j ACCEPT

# Aceita o que DEVE ENTRAR #

iptables -A INPUT -i ! $IF_EXTERNA -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -m state --state ESTABLISHED,RELATED
-j ACCEPT
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT

# Outlook #

iptables -A FORWARD -p tcp --sport 25 -j ACCEPT
iptables -A FORWARD -p tcp --sport 110 -j ACCEPT
iptables -t mangle -A OUTPUT -o ppp0 -p tcp --dport 25 -j TOS --set-tos 16
iptables -t mangle -A OUTPUT -o ppp0 -p tcp --dport 110 -j TOS --set-tos 16
iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 25 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 110 -j ACCEPT
iptables -A OUTPUT -p tcp --destination-port 25 -j ACCEPT
iptables -A OUTPUT -p tcp --destination-port 110 -j ACCEPT
iptables -t mangle -A OUTPUT -o eth1 -p tcp --dport 25 -j TOS --set-tos 16
iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 110 -j TOS
--set-tos 0x10
iptables -t mangle -A OUTPUT -o eth1 -p tcp --dport 80 -j TOS --set-tos 16
iptables -t mangle -A OUTPUT -o eth1 -p tcp --dport 443 -j TOS --set-tos 16

# Proteção contra tronjans

iptables -N TROJAN
iptables -A TROJAN -m limit --limit 15/m -j LOG --log-level 6 --log-prefix
"FIREWALL: trojan: "
iptables -A TROJAN -j DROP
iptables -A INPUT -p TCP -i $IF_EXTERNA --dport 666 -j TROJAN
iptables -A INPUT -p TCP -i $IF_EXTERNA --dport 666 -j TROJAN
iptables -A INPUT -p TCP -i $IF_EXTERNA --dport 4000 -j TROJAN
iptables -A INPUT -p TCP -i $IF_EXTERNA --dport 6000 -j TROJAN
iptables -A INPUT -p TCP -i $IF_EXTERNA --dport 6006 -j TROJAN
iptables -A INPUT -p TCP -i $IF_EXTERNA --dport 16660 -j TROJAN

# Trinoo #

iptables -N TRINOO
iptables -A TRINOO -m limit --limit 15/m -j LOG --log-level 6 --log-prefix
"FIREWALL: trinoo: "
iptables -A TRINOO -j DROP
iptables -A INPUT -p TCP -i $IF_EXTERNA --dport 27444 -j TRINOO
iptables -A INPUT -p TCP -i $IF_EXTERNA --dport 27665 -j TRINOO
iptables -A INPUT -p TCP -i $IF_EXTERNA --dport 31335 -j TRINOO
iptables -A INPUT -p TCP -i $IF_EXTERNA --dport 34555 -j TRINOO
iptables -A INPUT -p TCP -i $IF_EXTERNA --dport 35555 -j TRINOO

# Valid_CHECK #

iptables -N VALID_CHECK
iptables -A VALID_CHECK -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG
-j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL ALL -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL FIN -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL NONE -j DROP

iptables -N TRINOO
iptables -A TRINOO -m limit --limit 15/m -j LOG --log-level 6 --log-prefix
"FIREWALL: trinoo: "
iptables -A TRINOO -j DROP
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 27444 -j TRINOO
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 27665 -j TRINOO
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 31335 -j TRINOO
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 34555 -j TRINOO
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 35555 -j TRINOO

iptables -N TROJAN
iptables -A TROJAN -m limit --limit 15/m -j LOG --log-level 6 --log-prefix
"FIREWALL: trojan: "
iptables -A TROJAN -j DROP
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 666 -j TROJAN
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 666 -j TROJAN
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 4000 -j TROJAN
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 6000 -j TROJAN
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 6006 -j TROJAN
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 16660 -j TROJAN

iptables -N END_TROJAN
iptables -A END_TROJAN -j LOG --log-prefix "FIREWALL: Trojan! "
iptables -A END_TROJAN -j DROP
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 666 -j TROJAN
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 666 -j TROJAN
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 4000 -j TROJAN
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 6000 -j TROJAN
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 6006 -j TROJAN
iptables -A INPUT -p TCP -i IF_EXTERNA --dport 16660 -j TROJAN

iptables -N TROJAN_CHECK
iptables -A TROJAN_CHECK -j END_TROJAN -p tcp --dport 555 # phAse zero
iptables -A TROJAN_CHECK -j END_TROJAN -p udp --dport 555 # phAse zero
iptables -A TROJAN_CHECK -j END_TROJAN -p tcp --dport 1243 # Sub-7,
SubSeven
iptables -A TROJAN_CHECK -j END_TROJAN -p udp --dport 1243 # Sub-7,
SubSeven
iptables -A TROJAN_CHECK -j END_TROJAN -p tcp --dport 3129 # Masters
Paradise
iptables -A TROJAN_CHECK -j END_TROJAN -p udp --dport 3129 # Masters
Paradise
iptables -A TROJAN_CHECK -j END_TROJAN -p tcp --dport 6670 # DeepThroat
iptables -A TROJAN_CHECK -j END_TROJAN -p udp --dport 6670 # DeepThroat
iptables -A TROJAN_CHECK -j END_TROJAN -p tcp --dport 6711 # Sub-7,
SubSeven
iptables -A TROJAN_CHECK -j END_TROJAN -p udp --dport 6711 # Sub-7,
SubSeven
iptables -A TROJAN_CHECK -j END_TROJAN -p tcp --dport 6969 # GateCrasher
iptables -A TROJAN_CHECK -j END_TROJAN -p udp --dport 6969 # GateCrasher
iptables -A TROJAN_CHECK -j END_TROJAN -p tcp --dport 12345 # NetBus
iptables -A TROJAN_CHECK -j END_TROJAN -p udp --dport 12345 # NetBus
iptables -A TROJAN_CHECK -j END_TROJAN -p tcp --dport 21544 # GirlFriend
iptables -A TROJAN_CHECK -j END_TROJAN -p udp --dport 21544 # GirlFriend
iptables -A TROJAN_CHECK -j END_TROJAN -p tcp --dport 23456 # EvilFtp
iptables -A TROJAN_CHECK -j END_TROJAN -p udp --dport 23456 # EvilFtp
iptables -A TROJAN_CHECK -j END_TROJAN -p tcp --dport 27374 # Sub-7,
SubSeven
iptables -A TROJAN_CHECK -j END_TROJAN -p udp --dport 27374 # Sub-7,
SubSeven
iptables -A TROJAN_CHECK -j END_TROJAN -p tcp --dport 30100 # NetSphere
iptables -A TROJAN_CHECK -j END_TROJAN -p udp --dport 30100 # NetSphere
iptables -A TROJAN_CHECK -j END_TROJAN -p tcp --dport 31789 # Hack'a'Tack
iptables -A TROJAN_CHECK -j END_TROJAN -p udp --dport 31789 # Hack'a'Tack
iptables -A TROJAN_CHECK -j END_TROJAN -p tcp --dport 31337 # BackOrifice,
and many others
iptables -A TROJAN_CHECK -j END_TROJAN -p udp --dport 31337 # BackOrifice,
and many others
iptables -A TROJAN_CHECK -j END_TROJAN -p tcp --dport 50505 # Sockets de
Troie
iptables -A TROJAN_CHECK -j END_TROJAN -p udp --dport 50505 # Sockets de
Troie

# Port Scanners #

iptables -N SCANNER
iptables -A SCANNER -m limit --limit 15/m -j LOG --log-level 6 --log-prefix
"FIREWALL: port scanner: "
iptables -A SCANNER -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -i IF_EXTERNA -j
SCANNER
iptables -A INPUT -p tcp --tcp-flags ALL NONE -i IF_EXTERNA -j SCANNER
iptables -A INPUT -p tcp --tcp-flags ALL ALL -i IF_EXTERNA -j SCANNER
iptables -A INPUT -p tcp --tcp-flags ALL FIN,SYN -i IF_EXTERNA -j SCANNER
iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -i IF_EXTERNA
-j SCANNER
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -i IF_EXTERNA -j
SCANNER
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -i IF_EXTERNA -j
SCANNER

# Masqueramento #

iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o ppp0 -j
MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

# adsl-start

route del default

route add default ppp0

# Start the squid daemon:
if [ -x /etc/rc.d/rc.squid ]; then
. /etc/rc.d/rc.squid start
fi

/etc/webmin/start >/dev/null 2>&1 </dev/null # Start Webmin
##############################################

GALERA...

aonde será que estou errando...
deem essa força pra mim...

preciso de uma ajuda....pois está funcionando a NET...lá...via NAT..mas queria colocar o SQUID ..pra fazer o cache...e funcionalidades a mais do SQUID...entende....bloqueios..e administração...!

então quem conseguir arrumar esse meu....firewall....AGRADECERIA e muito!

Aguardo ajudas..

Fabiano

Compartilhar Conexão PPPOE com Squid?

Ferramentas de Tópicos

Compartilhar Conexão PPPOE com Squid?