+ Responder ao Tópico



  1. 20-07-2009, 16:29 #1
    andrecharamos
    andrecharamos está desconectado
    Avatar de andrecharamos
    Ingresso
    Jun 2009
    Posts
    39

    Padrão O firewall nao conecta da erro alguem pode me ajudar?

    O meu firewall esta dando erro ele nao conecta, quando na politica geral eu coloco drop em input e output ele nao conecta se eu colcar accept ele conecta blz, alguem pode me ajudar?

    segue o script:

    #!/bin/bash
    iniciar () {

    # Compartilha a conexao

    modprobe ip_nat_ftp
    modprobe iptable_nat
    IPTABLES=/usr/sbin/iptables
    echo 1 > /proc/sys/net/ipv4/ip_forward
    $IPTABLES -t nat -A POSTROUTING -o eth1 -j MASQUERADE
    echo "Ativando compartilhamento!"

    # Proxy tranparente
    $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

    # Politicas de acesso geral

    $IPTABLES -P INPUT DROP
    $IPTABLES -P OUTPUT ACCEPT
    $IPTABLES -P FORWARD DROP

    #################################################################

    $IPTABLES -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    $IPTABLES -I OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

    ########## loopback #############################################

    $IPTABLES -A OUTPUT -p tcp --syn -s 127.0.0.1/255.0.0.0 -j ACCEPT
    ################################################################

    # localhost

    $IPTABLES -A INPUT -i lo -j ACCEPT
    $IPTABLES -A OUTPUT -o lo -j ACCEPT

    ######### Conectividade Social ###################################
    INTERNA=eth0 #placa de rede ligada a rede interna
    CAIXA=200.201.174.0/24 # IP da Caixa a ser liberado para toda a rede
    iptables -t nat -A PREROUTING -i $INTERNA -d 200.201.174.0/24 -j ACCEPT
    iptables -t filter -A FORWARD -i $INTERNA -d 200.201.174.0/24 -j ACCEPT

    ########## Tabelas ################################################

    # INPUT ( Pacotes que entra na rede)

    $IPTABLES -A INPUT -p tcp -s 10.1.1.0/8 -d 201.76.49.33 --dport 110 -j ACCEPT
    $IPTABLES -A INPUT -p tcp -s 10.1.1.0/8 -d 201.76.49.33 --dport 25 -j ACCEPT

    $IPTABLES -A INPUT -p tcp --dport 20 -j ACCEPT
    # ftp
    $IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT
    # smtp
    $IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT
    # ssh
    $IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT
    # dns
    $IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT
    # pop3
    $IPTABLES -A INPUT -p tcp --dport 110 -j ACCEPT
    # http
    $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT
    # HTTPS
    $IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT
    $IPTABLES -A INPUT -p tcp --dport 563 -j ACCEPT

    #--------------------------------------------------------------------

    # OUTPUT ( Pacotes que sai da rede)

    $IPTABLES -A OUTPUT -p tcp -s 10.1.1.0/8 -d 201.76.49.33 --dport 110 -j ACCEPT
    $IPTABLES -A OUTPUT -p tcp -s 10.1.1.0/8 -d 201.76.49.33 --dport 25 -j ACCEPT

    $IPTABLES -A OUTPUT -p tcp --dport 20 -j ACCEPT
    # ftp
    $IPTABLES -A OUTPUT -p tcp --dport 21 -j ACCEPT
    # smtp
    $IPTABLES -A OUTPUT -p tcp --dport 25 -j ACCEPT
    # ssh
    $IPTABLES -A OUTPUT -p tcp --dport 25 -j ACCEPT
    # dns
    $IPTABLES -A OUTPUT -p udp --dport 53 -j ACCEPT
    # pop3
    $IPTABLES -A OUTPUT -p tcp --dport 110 -j ACCEPT
    # httpd
    $IPTABLES -A OUTPUT -p tcp --dport 80 -j ACCEPT
    # HTTPS
    $IPTABLES -A OUTPUT -p tcp --dport 443 -j ACCEPT
    $IPTABLES -A OUTPUT -p tcp --dport 563 -j ACCEPT

    #--------------------------------------------------------------------

    # FORWARD - REDE LOCAL

    $IPTABLES -A FORWARD -p tcp --dport 20 -j ACCEPT
    # ftp
    $IPTABLES -A FORWARD -p tcp --dport 21 -j ACCEPT
    # SSH
    $IPTABLES -A FORWARD -p tcp --dport 22 -j ACCEPT
    # smtp
    $IPTABLES -A FORWARD -p tcp --dport 25 -j ACCEPT
    # SMTP
    $IPTABLES -A FORWARD -p tcp --sport 25 -j ACCEPT
    # dns
    $IPTABLES -A FORWARD -p udp --dport 53 -j ACCEPT
    # pop3
    $IPTABLES -A FORWARD -p tcp --dport 110 -j ACCEPT
    # pop3
    $IPTABLES -A FORWARD -p tcp --sport 110 -j ACCEPT
    # POP
    $IPTABLES -A FORWARD -p tcp --dport 8333 -j ACCEPT
    # HTTPS
    $IPTABLES -A FORWARD -p tcp --dport 443 -j ACCEPT
    $IPTABLES -A FORWARD -p tcp --dport 563 -j ACCEPT
    # msn
    $IPTABLES -A FORWARD -s 10.1.1.0/8 -p tcp --dport 1863 -j REJECT

    $IPTABLES -A FORWARD -s 10.1.1.0/8 -j ACCEPT
    ########################################################################

    echo "Firewall Ativado"
    }
    parar(){
    iptables -F
    iptables -t nat -F
    echo "Regras de firewall e compartilhamento desativados"
    }

    case "$1" in
    "start") iniciar ;;
    "stop") parar ;;
    "restart") parar; iniciar ;;
    *) echo "Use os parametros start ou stop"
    esac
    Citação Citação
  2. 21-07-2009, 08:20 #2
    ppastoriza
    ppastoriza está desconectado
    Avatar de ppastoriza
    Ingresso
    Jan 2009
    Posts
    61

    Padrão

    Da uma olhada no meu post, talvez te ajude.

    Bloqueado portas
    Citação Citação



« Tópico Anterior | Próximo Tópico »