Re: Regras de NAT para acesso a 2º servidor
1) Cola denovo as regras de iptables, tu tem o script também? Cola aqui novamente. Isso parece ser no iptables e desejo analisar todas as regras.
2) Esse é o outro IP do servidor Windows, o 10.1.1.49, certo? Apartir do servidor roda esses comandos:
Verifique se pinga.
# ping 10.1.1.49
# nmap -sV -P0 10.1.1.49
E cola eles aqui. Desejo ver como a interface interna responde.
Re: Regras de NAT para acesso a 2º servidor
1) as regras do IPTables são as do firestarter. Não tenho um script para elas.
Se quiser posso te passar o resultado do iptables, mas script não possuo.
2)
Código :
root@serverlinux:/etc# ping 10.1.1.49
PING 10.1.1.49 (10.1.1.49) 56(84) bytes of data.
64 bytes from 10.1.1.49: icmp_req=1 ttl=128 time=0.378 ms
64 bytes from 10.1.1.49: icmp_req=2 ttl=128 time=0.238 ms
64 bytes from 10.1.1.49: icmp_req=3 ttl=128 time=0.213 ms
^C
--- 10.1.1.49 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.213/0.276/0.378/0.073 ms
root@serverlinux:/etc# nmap -sV -P0 10.1.1.49
Starting Nmap 5.21 ( http://nmap.org ) at 2011-03-11 16:58 BRT
Nmap scan report for 10.1.1.49
Host is up (0.014s latency).
Not shown: 979 closed ports
PORT STATE SERVICE VERSION
111/tcp open rpcbind 2-4 (rpc #100000)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open netbios-ssn
1039/tcp open status 1 (rpc #100024)
1047/tcp open nlockmgr 1-4 (rpc #100021)
1048/tcp open mountd 1-3 (rpc #100005)
1801/tcp open unknown
2049/tcp open nfs 2-3 (rpc #100003)
2103/tcp open msrpc Microsoft Windows RPC
2105/tcp open msrpc Microsoft Windows RPC
2107/tcp open msrpc Microsoft Windows RPC
3389/tcp open ms-term-serv?
5432/tcp open postgresql?
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49156/tcp open msrpc Microsoft Windows RPC
49157/tcp open msrpc Microsoft Windows RPC
49176/tcp open msrpc Microsoft Windows RPC
MAC Address: B8:AC:6F:94:B4:33 (Unknown)
Service Info: OS: Windows
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 92.92 seconds
root@serverlinux:/etc#
Re: Regras de NAT para acesso a 2º servidor
Código :
root@serverlinux:/etc# iptables -v -n -L
Chain INPUT (policy DROP 4 packets, 572 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 201.10.120.2 0.0.0.0/0 tcp flags:!0x17/0x02
0 0 ACCEPT udp -- * * 201.10.120.2 0.0.0.0/0
0 0 ACCEPT tcp -- * * 201.10.128.3 0.0.0.0/0 tcp flags:!0x17/0x02
6 748 ACCEPT udp -- * * 201.10.128.3 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 limit: avg 1/sec burst 5
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:33434
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 1
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 13
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 14
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 17
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 18
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 5 limit: avg 2/sec burst 5
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 limit: avg 2/sec burst 5
0 0 LSI icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 LSI all -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5
8 1579 INBOUND all -- eth0 * 0.0.0.0/0 0.0.0.0/0
4 247 INBOUND all -- eth1 * 0.0.0.0/0 10.1.1.1
0 0 INBOUND all -- eth1 * 0.0.0.0/0 187.7.131.36
2 286 INBOUND all -- eth1 * 0.0.0.0/0 10.1.1.255
4 572 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
4 572 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Input'
Chain FORWARD (policy DROP 19 packets, 19665 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 limit: avg 1/sec burst 5
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:33434
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 1
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 17
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 18
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 5 limit: avg 2/sec burst 5
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 limit: avg 2/sec burst 5
0 0 LSI icmp -- * * 0.0.0.0/0 0.0.0.0/0
138 6420 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 10.1.1.49 tcp dpts:1:6889
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 10.1.1.49 udp dpts:1:6889
8260 481K OUTBOUND all -- eth1 * 0.0.0.0/0 0.0.0.0/0
12535 16M ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.0/24 state RELATED,ESTABLISHED
58 8516 ACCEPT udp -- * * 0.0.0.0/0 10.1.1.0/24 state RELATED,ESTABLISHED
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Forward'
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 187.7.131.36 201.10.120.2 tcp dpt:53
0 0 ACCEPT udp -- * * 187.7.131.36 201.10.120.2 udp dpt:53
0 0 ACCEPT tcp -- * * 187.7.131.36 201.10.128.3 tcp dpt:53
6 460 ACCEPT udp -- * * 187.7.131.36 201.10.128.3 udp dpt:53
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
10 2374 OUTBOUND all -- * eth0 0.0.0.0/0 0.0.0.0/0
4 1447 OUTBOUND all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Output'
Chain INBOUND (4 references)
pkts bytes target prot opt in out source destination
8 1579 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
6 533 ACCEPT all -- * * 10.1.1.0/24 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:22
0 0 ACCEPT tcp -- * * 10.1.1.0/24 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- * * 10.1.1.0/24 0.0.0.0/0 udp dpt:53
0 0 LSI all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOG_FILTER (5 references)
pkts bytes target prot opt in out source destination
Chain LSI (4 references)
pkts bytes target prot opt in out source destination
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LSO (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Outbound '
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Re: Regras de NAT para acesso a 2º servidor
continuação (não coube em um só post)
Código :
Chain OUTBOUND (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
8123 470K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
79 11613 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
72 3448 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
root@serverlinux:/etc#
Re: Regras de NAT para acesso a 2º servidor
Faltou a tabela NAT!
# iptables -t nat -L -n