é da estação velhinho
Versão Imprimível
é da estação velhinho
resolveu ?
o pessoal do suporte me disse que para o programa funcionar é necessário estar conectado diretamente com a internet, sem proxy, mas deve haver um jeito, vou postar como esta meu firewall, talvez alguém veja algum erro que não estou vendo:
#!/bin/bash
# Script de Firewall
#####################################
### Passo 1: Primeiro vamos arrumar a casa :) ###
#####################################
# Limpando as Regras
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
# Definindo a Politica Default das Cadeias
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
######################################
### Passo 2: Antes de Servir, vamos nos proteger ! ###
######################################
# Desabilitando o trafego IP Entre as Placas de Rede
echo "0" > /proc/sys/net/ipv4/ip_forward
# Configurando a Protecao anti-spoofing
echo "Setting anti-spoofing .....[ OK ]"
for spoofing in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo "1" > $spoofing
done
#######################################
### Passo 3: Carregando os modulos do iptables ###
#######################################
modprobe ip_tables
modprobe iptable_filter
modprobe iptable_mangle
modprobe iptable_nat
modprobe ipt_MASQUERADE
echo "Setting rules .............[ OK ]"
#######################################
### Passo 4: Agora, vamos definir o que pode passar e o que nao ###
#######################################
# Cadeia de Entrada. Esta cadeia, so vale para o proprio host
# Qualquer pacote IP que venha do localhost, Ok.
iptables -A INPUT -i lo -j ACCEPT
# REDE INTERNA LIBERADA
iptables -A INPUT -i eth0 -j ACCEPT
# No iptables, temos de dizer quais sockets sao validos em uma conexao
iptables -A INPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
# Cadeia de Reenvio (FORWARD)
# Primeiro, ativar o mascaramento (nat).
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# Agora dizemos quem e o que podem acessar externamente
# No iptables, o controle do acesso a rede externa e feito na cadeia "FORWARD"
# Liberando acesso para porta 24001 (squid - DPI 2003)
iptables -A INPUT -j ACCEPT -p tcp --dport 24001
#Regras que me passaram no underlinux
iptables -A FORWARD -p tcp -s 198.164.1.7 -d 0/0 --dport 20 -j ACCEPT
iptables -A FORWARD -p tcp -d 198.164.1.7 -s 0/0 --dport 20 -j ACCEPT
iptables -A FORWARD -p udp -s 198.164.1.7 -d 0/0 --dport 20 -j ACCEPT
iptables -A FORWARD -p udp -d 198.164.1.7 -s 0/0 --dport 20 -j ACCEPT
iptables -A FORWARD -p tcp -s 198.164.1.7 -d 0/0 --dport 21 -j ACCEPT
iptables -A FORWARD -p tcp -d 198.164.1.7 -s 0/0 --dport 21 -j ACCEPT
iptables -A FORWARD -p udp -s 198.164.1.7 -d 0/0 --dport 21 -j ACCEPT
iptables -A FORWARD -p udp -d 198.164.1.7 -s 0/0 --dport 21 -j ACCEPT
iptables -A FORWARD -p tcp -s 198.164.1.7 -d 0/0 --dport 24001 -j ACCEPT
iptables -A FORWARD -p tcp -d 198.164.1.7 -s 0/0 --dport 24001 -j ACCEPT
iptables -A FORWARD -p udp -s 198.164.1.7 -d 0/0 --dport 24001 -j ACCEPT
iptables -A FORWARD -p udp -d 198.164.1.7 -s 0/0 --dport 24001 -j ACCEPT
# Redireciona porta 80 e 21 para 3128 (squid)
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 21 -j REDIRECT --to-port 3128
# REDE INTERNA LIBERADA
iptables -A FORWARD -i eth0 -j ACCEPT
# No iptables, temos de dizer quais sockets sao validos em uma conexao
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
########################################
### Finalmente, podemos "Ligar" o foward (clientes) :) ###
########################################
# Habilitando o trafego Ip, entre as Interfaces de rede
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "Firewall OK ...............[ OK ]"
heheehe, problema resolvido, foi só levantar os módulos de ftp do iptables.
=)