Boa tarde a todos !!!!!
Galera estou com um problema. (como sempre)
o que acontece?
só consigo fazer conexão com a velox, se eu limpar minhas regras do firewall.
segue o meu firewall.
#!/bin/bash
#
### Limpa a tela #######################################################
#
clear
#
#
### Define as variaveis #################################################
#
IPT=iptables
REDE=eth0
LAN=192.168.1.0/24
IFNET=ppp+
LO=lo
LOCALHOST=127.0.0.1
#
#
### Carregando os modulos necessarios ###################################
#
modprobe ip_tables
modprobe iptable_nat
modprobe iptable_filter
modprobe iptable_mangle
modprobe ipt_conntrack
modprobe ipt_limit
modprobe ipt_REDIRECT
modprobe ipt_TOS
modprobe ipt_MASQUERADE
#
#
### Apagando e definindo as politicas padroes do firewall ###############
#
$IPT -t filter -F
$IPT -t filter -X
$IPT -t filter -Z
$IPT -t nat -F
$IPT -t nat -X
$IPT -t nat -Z
$IPT -t filter -P INPUT DROP
$IPT -t filter -P OUTPUT ACCEPT
$IPT -t filter -P FORWARD ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
#
#
### Anti-spoofing #######################################################
#
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 >$i
done
#
#
### Ativa o redirecionamento de pacotes #################################
#
echo 1 > /proc/sys/net/ipv4/ip_forward
#
#
# Define o máximo de conexões para evitar sobrecarga do servidor ########
#
echo 4096 > /proc/sys/net/ipv4/ip_conntrack_max
#
#
###################### Tabela filter ####################################
### Chain INPUT #########################################################
# Criamos uma nova chain para tratamento da internet
#
$IPT -N ppp-input
#
### Aceita todo o tráfego vindo do loopback e indo para o loopback ######
#
$IPT -A INPUT -i $LO -j ACCEPT
#
#
### Todo o tráfego da rede interna também é aceito ######################
#
$IPT -A INPUT -s $LAN -i $REDE -j ACCEPT
#
#
### Libera a porta do SSH ################################################
#
$IPT -A INPUT -p tcp --syn --dport 22 -j ACCEPT
$IPT -A INPUT -p tcp --dport 3050 -j ACCEPT
$IPT -A INPUT -p udp --dport 3050 -j ACCEPT
$IPT -A INPUT -p tcp --dport 3050 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -p tcp --dport 3050 -m state --state ESTABLISHED,RELATED -j ACCEPT
#
#
### Conexões vindas da interface ppp0 são tratadas pela chain ppp-input ##
#
$IPT -A INPUT -i $IFNET -j ppp-input
#
#
### Qualquer outra conexão desconhecida é imediatamente logada e derrubada
#
#$IPT -A INPUT -j LOG --log-prefix "Firewall: Input-derrubado"
#$IPT -A INPUT -j DROP
#
#
#### Chain FORWARD #######################################################
#
# Permite o redirecionamento de conexões entre as interfaces locais ######
# Qualquer tráfego indo e vindo para outras interfaces será bloqueado ####
#
# Bloqueia o msn
#
$IPT -A FORWARD -s $LAN -p tcp --dport 1863 -j DROP
#
# Bloqueia a transferencia de arquivos do msn
#
$IPT -A FORWARD -s $LAN -i $REDE -o $IFNET -p tcp --dport 6891:6900 -j DROP
$IPT -A FORWARD -d $LAN -i $IFNET -o $REDE -p tcp --dport 6891:6900 -j DROP
#
# Bloqueia o orkut
#
$IPT -A FORWARD -s $LAN -i $REDE -p tcp -d 64.233.171.85 -j DROP
$IPT -A FORWARD -s 64.233.171.85 -i $IFNET -p tcp -d $LAN -j DROP
#
$IPT -A FORWARD -d $LAN -i $IFNET -o $REDE -j ACCEPT
$IPT -A FORWARD -s $LAN -i $REDE -o $IFNET -j ACCEPT
#$IPT -A FORWARD -j LOG --log-prefix "Firewall: FORWARD negado"
$IPT -A FORWARD -j DROP
#
#Libera o outlook
$IPT -A FORWARD -p udp -s 192.168.1.0/24 -d 200.149.55.142 --dport 53 -j ACCEPT
$IPT -A FORWARD -p udp -s 192.168.1.0/24 -d 200.165.132.155 --dport 53 -j ACCEPT
$IPT -A FORWARD -p udp -s 200.165.132.155 --sport 53 -d 192.168.1.0/24 -j ACCEPT
$IPT -A FORWARD -p udp -s 200.149.55.142 --sport 53 -d 192.168.1.0/24 -j ACCEPT
$IPT -A INPUT -p tcp -i $IFNET --sport 80 -j ACCEPT
$IPT -A INPUT -p tcp -i $IFNET --sport 443 -j ACCEPT
$IPT -A INPUT -p tcp -i $IFNET --sport 20 -j ACCEPT
$IPT -A INPUT -p tcp -i $IFNET --sport 21 -j ACCEPT
$IPT -A FORWARD -p tcp -s 192.168.1.0/24 --dport 25 -j ACCEPT
$IPT -A FORWARD -p tcp -s 192.168.1.0/24 --dport 110 -j ACCEPT
$IPT -A FORWARD -p tcp --sport 25 -j ACCEPT
$IPT -A FORWARD -p tcp --sport 110 -j ACCEPT
#### Chain ppp-input #####################################################
#
# Aceita pings vindos da internet com certa limitação ####################
#
$IPT -A ppp-input -p icmp -m limit --limit 2/s -j ACCEPT
#
#
### Aceitamos o tráfego vindo da internet para o serviço www (porta 80) ##
#
$IPT -A ppp-input -p tcp --dport 80 -j ACCEPT
#
#
### Tentativas de acesso aos serviços listados abaixo serão registrados ##
#
#$IPT -A ppp-input -p tcp --dport 21 -j LOG --log-prefix "Firewall: FTP "
#$IPT -A ppp-input -p tcp --dport 22 -j LOG --log-prefix "Firewall: SSH "
#$IPT -A ppp-input -p tcp --dport 25 -j LOG --log-prefix "Firewall: SMTP "
#$IPT -A ppp-input -p udp --dport 53 -j LOG --log-prefix "Firewall: DNS "
#$IPT -A ppp-input -p tcp --dport 110 -j LOG --log-prefix "Firewall: POP3 "
#$IPT -A ppp-input -p tcp --dport 113 -j LOG --log-prefix "Firewall: IDENTD "
#$IPT -A ppp-input -p tcp --dport 111 -j LOG --log-prefix "Firewall: RPC "
#$IPT -A ppp-input -p udp --dport 111 -j LOG --log-prefix "Firewall: RPC "
#$IPT -A ppp-input -p tcp --dport 137:139 -j LOG --log-prefix "Firewall: SMB "
#$IPT -A ppp-input -p udp --dport 137:139 -j LOG --log-prefix "Firewall: SMB "
#
#
### Bloqueia qualquer conexão de fora para esta máquina ##################
#
#$IPT -A ppp-input -m state --state ! ESTABLISHED,RELATED -j LOG --log-prefix "Firewall: ppp-in "
$IPT -A ppp-input -m state --state ! ESTABLISHED,RELATED -j DROP
#
#
### Qualquer outro tipo de tráfego é aceito ##############################
#
$IPT -A ppp-input -j ACCEPT
#
#
########################## Tabela nat ###################################
##### Chain POSTROUTING ######
# Permite qualquer conexão vinda com destino a lo e rede local para placa
# de rede da rede interna ( ethx ) ######################################
#
$IPT -t nat -A POSTROUTING -o $LO -j ACCEPT
$IPT -t nat -A POSTROUTING -s $LAN -o $REDE -j ACCEPT
#
#
### Redirecionamento de VNC no micro da rede interna #####################
# terminal server ########################################################
#
#IPT -t nat -A PREROUTING -p tcp --dport 5900 -i $REDE -j DNAT --to 10.0.0.5
#IPT -t nat -A PREROUTING -p udp --dport 5900 -i $REDE -j DNAT --to 10.0.0.5
#
#
### Não queremos que os usuários tenham acesso externo aos serviços listados
### abaixo usaremos o squid para controle
### Redireciona as con. da porta 80 p/ 3120 do squid
#
$IPT -t nat -N SRed
$IPT -t nat -A SRed -p tcp -j REDIRECT --to-port 3128
$IPT -t nat -I SRed -s $LAN -d 64.247.85.226 -i $IFNET -j RETURN
$IPT -t nat -A PREROUTING -i $REDE -s $LAN -p tcp --dport 80 -j SRed
$IPT -t nat -A PREROUTING -i $REDE -p tcp --dport 80 -j REDIRECT --to-port 3128
#
### Registramos as tentativas de conexões diretas a estes serviços #######
#
#$IPT -t nat -A POSTROUTING -s $LAN -o $IFNET -p tcp --dport 80 -j LOG --log-prefix "Firewall: SNAT-www "
#$IPT -t nat -A POSTROUTING -s $LAN -o $IFNET -p tcp --dport 25 -j LOG --log-prefix "Firewall: SNAT-smtp "
#$IPT -t nat -A POSTROUTING -s $LAN -o $IFNET -p tcp --dport 25 -j DROP
#$IPT -t nat -A POSTROUTING -s $LAN -o $IFNET -p tcp --dport 80 -j DROP
#
### É feito o masquerading dos outros serviços da rede interna indo para a
### interface ppp+
#
$IPT -t nat -A POSTROUTING -s $LAN -o $IFNET -j MASQUERADE
#
#
### Qualquer outra origem de tráfego desconhecida indo para a placa de rede
# da rede interna (ethx) #################################################
#
#$IPT -t nat -A POSTROUTING -o $REDE -d $LAN -j LOG --log-prefix "Firewall: SNAT-unknow "
#$IPT -t nat -A POSTROUTING -o $REDE -d $LAN -j DROP
#
#
### Não bloquearemos a conexão PPP+ ######################################
#
$IPT -t nat -A POSTROUTING -o $IFNET -j ACCEPT
#
#
### Registra e bloqueia qualquer outro tipo de tráfego desconhecido #####
#
#$IPT -t nat -A POSTROUTING -j LOG --log-prefix "Firewall: SNAT "
$IPT -t nat -A POSTROUTING -j DROP
#
######## Tabela mangle ###################################################
#### Chain OUTPUT ######
#
# prioriza o DNS #########################################################
#
$IPT -t mangle -A OUTPUT -o $IFNET -p udp --dport 53 -j TOS --set-tos 0x10
#$IPT -t mangle -A OUTPUT -o $IFNET -p udp --dport 443 -j TOS --set-tos 0x10
$IPT -t mangle -A OUTPUT -o $IFNET -p udp --dport 3050 -j TOS --set-tos 0x10
#
#
### prioriza o SSH #######################################################
#
$IPT -t mangle -A OUTPUT -o $IFNET -p tcp --dport 22 -j TOS --set-tos 0x10
#
#
### Precaução ############################################################
#
$IPT -A INPUT -p tcp --syn -j DROP
se alguém conseguir visualizar aonde está errado, agradeço.