+ Responder ao Tópico



  1. #1

    Padrão firewall

    Olá...

    Estou com uma bronca sinistra...
    meu firewall está bloqueando todas as requisições
    externas ....dns....pop....smtp....tá barrando tudo....
    alguem tem uma luz....HELP!!!!!!!!!!!!!!!!!!!

  2. #2

    Padrão Re: firewall

    Citação Postado originalmente por rootmaster
    Olá...

    Estou com uma bronca sinistra...
    meu firewall está bloqueando todas as requisições
    externas ....dns....pop....smtp....tá barrando tudo....
    alguem tem uma luz....HELP!!!!!!!!!!!!!!!!!!!
    Vc usa iptables? posta as regras aqui, pois sem isso nao temos como ajuda-lo

    [ ]´s

    Fábio Jung

  3. #3

    Padrão Re: firewall

    Citação Postado originalmente por x-fabio-x
    Citação Postado originalmente por rootmaster
    Olá...

    Estou com uma bronca sinistra...
    meu firewall está bloqueando todas as requisições
    externas ....dns....pop....smtp....tá barrando tudo....
    alguem tem uma luz....HELP!!!!!!!!!!!!!!!!!!!
    Vc usa iptables? posta as regras aqui, pois sem isso nao temos como ajuda-lo

    [ ]´s

    Fábio Jung
    input,0.0.0.0,0.0.0.0,0.0.0.0,0.0.0.0,udp,67,eth0,
    input,0.0.0.0,0.0.0.0,0.0.0.0,0.0.0.0,tcp,243,eth0,
    input,0.0.0.0,0.0.0.0,0.0.0.0,0.0.0.0,tcp,10002,eth0,
    input,0.0.0.0,0.0.0.0,0.0.0.0,0.0.0.0,tcp,25,todas,,permite,1024:65535,0
    input,0.0.0.0,0.0.0.0,0.0.0.0,0.0.0.0,tcp,110,todas,,permite,1024:65535,0
    input,0.0.0.0,0.0.0.0,200.166.24.130,255.255.255.255,tcp,10001,todas,,permite,1024:65535,0
    input,0.0.0.0,0.0.0.0,200.166.24.130,255.255.255.255,tcp,22,eth1,,permite,1024:65535,0
    input,0.0.0.0,0.0.0.0,200.166.24.130,255.255.255.255,tcp,9090,eth1,,permite,1024:65535,0
    input,0.0.0.0,0.0.0.0,0.0.0.0,0.0.0.0,tcp,10001,eth0,,permite,1024:65535,0
    input,0.0.0.0,0.0.0.0,0.0.0.0,0.0.0.0,tcp,80,todas,,permite,0:65535,0
    input,0.0.0.0,0.0.0.0,192.168.2.254,255.255.255.255,tcp,9090,todas,,permite,1024:65535,0
    input,0.0.0.0,0.0.0.0,192.168.2.24,255.255.255.255,tcp,5800,eth1,,permite,0:65535,0
    input,0.0.0.0,0.0.0.0,192.168.2.24,255.255.255.255,tcp,5900,eth1,,permite,0:65535,0
    input,0.0.0.0,0.0.0.0,200.166.24.130,255.255.255.255,tcp,20,todas,on,permite,1024:65535,0
    input,192.168.2.27,255.255.255.255,192.168.2.254,255.255.255.255,tcp,ssh,todas,,permite,1024:65535,0
    input,0.0.0.0,0.0.0.0,192.168.2.27,255.255.255.255,tcp,5900,eth1,,permite,0:65535,0
    input,0.0.0.0,0.0.0.0,192.168.2.27,255.255.255.255,tcp,5800,eth1,,permite,0:65535,0
    input,192.168.2.15,255.255.255.255,192.168.2.254,255.255.255.255,tcp,22,todas,,permite,1024:65535,0
    input,192.168.2.150,255.255.255.255,192.168.2.254,255.255.255.255,tcp,22,todas,,permite,1024:65535,0
    input,0.0.0.0,0.0.0.0,192.168.2.100,255.255.255.255,tcp,1720,todas,,permite,1024:65535,0
    input,0.0.0.0,0.0.0.0,192.168.2.100,255.255.255.255,udp,1720,todas,,permite,1024:65535,0
    input,0.0.0.0,0.0.0.0,0.0.0.0,0.0.0.0,udp,53,todas,,permite,1024:65535,0
    input,0.0.0.0,0.0.0.0,0.0.0.0,0.0.0.0,tcp,53,todas,,permite,1024:65535,0

  4. #4
    silmar
    Visitante

    Padrão firewall

    humm onde voce tirou isso pra ser como firewall ??

  5. #5

    Padrão firewall

    ?

    coloca o script de firewall ai

    ?

  6. #6

    Padrão firewall

    eu tambem estava tentando desvendar o que seria e de onde ele tirou isso !! rsrs

    que que é isso? de onde veio?

  7. #7
    silmar
    Visitante

    Padrão firewall

    Eu por exemplo acabei de postar o meu aqui
    pois eu estou usando um FC4 e não estou conseguindo barrar o msn com essas regras .. :toim:

  8. #8

    Padrão firewall

    perdão...mandei a lista de regras tipo relatório....
    cpmp faço para ver as regras que estão sendo usadas no iptables...
    valeu....

  9. #9

    Padrão firewall

    :toim:

    segue minhas regras...

    tcp -- anywhere oliveira tcp sptop3 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- oliveira anywhere tcp spts:1023:65535 dptop3
    ACCEPT tcp -- anywhere oliveira tcp spt:smtp dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- oliveira anywhere tcp spts:1023:65535 dpt:smtp
    ACCEPT tcp -- anywhere eliane tcp spt:ftp-data dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- eliane anywhere tcp spts:1023:65535 dpt:ftp-data
    ACCEPT tcp -- anywhere eliane tcp spt:ftp dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- eliane anywhere tcp spts:1023:65535 dpt:ftp
    ACCEPT tcp -- anywhere eliane tcp spt:https dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- eliane anywhere tcp spts:1023:65535 dpt:https
    ACCEPT udp -- anywhere eliane udp spt:4000 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT udp -- eliane anywhere udp spts:1023:65535 dpt:4000
    ACCEPT tcp -- anywhere eliane tcp spt:5190 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- eliane anywhere tcp spts:1023:65535 dpt:5190
    ACCEPT tcp -- anywhere eliane tcp spts:1024:65535 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- eliane anywhere tcp spts:1023:65535 dpts:1024:65535
    ACCEPT udp -- anywhere eliane udp spts:1024:65535 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT udp -- eliane anywhere udp spts:1023:65535 dpts:1024:65535
    ACCEPT tcp -- anywhere eliane tcp sptop3 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- eliane anywhere tcp spts:1023:65535 dptop3
    ACCEPT tcp -- anywhere eliane tcp spt:smtp dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- eliane anywhere tcp spts:1023:65535 dpt:smtp
    ACCEPT tcp -- 0.0.0.0 eliane tcp spt:smtp dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- eliane 0.0.0.0 tcp spts:1023:65535 dpt:smtp
    ACCEPT tcp -- 0.0.0.0 eliane tcp sptop3 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- eliane 0.0.0.0 tcp spts:1023:65535 dptop3
    ACCEPT tcp -- 0.0.0.0 andre tcp spt:smtp dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- andre 0.0.0.0 tcp spts:1023:65535 dpt:smtp
    ACCEPT tcp -- 0.0.0.0 andre tcp sptop3 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- andre 0.0.0.0 tcp spts:1023:65535 dptop3
    ACCEPT tcp -- anywhere andre tcp spt:ftp-data dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- andre anywhere tcp spts:1023:65535 dpt:ftp-data
    ACCEPT tcp -- anywhere andre tcp spt:ftp dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- andre anywhere tcp spts:1023:65535 dpt:ftp
    ACCEPT tcp -- anywhere andre tcp spt:https dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- andre anywhere tcp spts:1023:65535 dpt:https
    ACCEPT udp -- anywhere andre udp spt:4000 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT udp -- andre anywhere udp spts:1023:65535 dpt:4000
    ACCEPT tcp -- anywhere andre tcp spt:5190 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- andre anywhere tcp spts:1023:65535 dpt:5190
    ACCEPT tcp -- anywhere andre tcp spts:1024:65535 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- andre anywhere tcp spts:1023:65535 dpts:1024:65535
    ACCEPT udp -- anywhere andre udp spts:1024:65535 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT udp -- andre anywhere udp spts:1023:65535 dpts:1024:65535
    ACCEPT tcp -- anywhere andre tcp sptop3 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- andre anywhere tcp spts:1023:65535 dptop3
    ACCEPT tcp -- anywhere andre tcp spt:smtp dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- andre anywhere tcp spts:1023:65535 dpt:smtp
    ACCEPT tcp -- 0.0.0.0 ana tcp spt:smtp dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- ana 0.0.0.0 tcp spts:1023:65535 dpt:smtp
    ACCEPT tcp -- 0.0.0.0 ana tcp sptop3 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- ana 0.0.0.0 tcp spts:1023:65535 dptop3
    ACCEPT tcp -- anywhere ana tcp spt:ftp-data dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- ana anywhere tcp spts:1023:65535 dpt:ftp-data
    ACCEPT tcp -- anywhere ana tcp spt:ftp dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- ana anywhere tcp spts:1023:65535 dpt:ftp
    ACCEPT tcp -- anywhere ana tcp spt:https dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- ana anywhere tcp spts:1023:65535 dpt:https
    ACCEPT udp -- anywhere ana udp spt:4000 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT udp -- ana anywhere udp spts:1023:65535 dpt:4000
    ACCEPT tcp -- anywhere ana tcp spt:5190 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- ana anywhere tcp spts:1023:65535 dpt:5190
    ACCEPT tcp -- anywhere ana tcp spts:1024:65535 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- ana anywhere tcp spts:1023:65535 dpts:1024:65535
    ACCEPT udp -- anywhere ana udp spts:1024:65535 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT udp -- ana anywhere udp spts:1023:65535 dpts:1024:65535
    ACCEPT tcp -- anywhere ana tcp sptop3 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- ana anywhere tcp spts:1023:65535 dptop3
    ACCEPT tcp -- anywhere ana tcp spt:smtp dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- ana anywhere tcp spts:1023:65535 dpt:smtp
    ACCEPT tcp -- anywhere sidney tcp spt:ftp-data dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- sidney anywhere tcp spts:1023:65535 dpt:ftp-data
    ACCEPT tcp -- anywhere sidney tcp spt:ftp dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- sidney anywhere tcp spts:1023:65535 dpt:ftp
    ACCEPT tcp -- anywhere sidney tcp spt:https dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- sidney anywhere tcp spts:1023:65535 dpt:https
    ACCEPT udp -- anywhere sidney udp spt:4000 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT udp -- sidney anywhere udp spts:1023:65535 dpt:4000
    ACCEPT tcp -- anywhere sidney tcp spt:5190 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- sidney anywhere tcp spts:1023:65535 dpt:5190
    ACCEPT tcp -- anywhere sidney tcp spts:1024:65535 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- sidney anywhere tcp spts:1023:65535 dpts:1024:65535
    ACCEPT udp -- anywhere sidney udp spts:1024:65535 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT udp -- sidney anywhere udp spts:1023:65535 dpts:1024:65535
    ACCEPT tcp -- anywhere sidney tcp sptop3 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- sidney anywhere tcp spts:1023:65535 dptop3
    ACCEPT tcp -- anywhere sidney tcp spt:smtp dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- sidney anywhere tcp spts:1023:65535 dpt:smtp
    ACCEPT tcp -- 0.0.0.0 sidney tcp spt:smtp dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- sidney 0.0.0.0 tcp spts:1023:65535 dpt:smtp
    ACCEPT tcp -- 0.0.0.0 sidney tcp sptop3 dpts:1023:65535 state RELATED,ESTABLISHED
    ACCEPT tcp -- sidney 0.0.0.0 tcp spts:1023:65535 dptop3

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT tcp -- anywhere jasbey tcp spt:smtp dpts:1024:65535
    ACCEPT tcp -- anywhere jasbey tcp spt:128 dpts:1024:65535
    ACCEPT tcp -- anywhere jasbey tcp spt:smtp dpts:1024:65535
    ACCEPT tcp -- anywhere jasbey tcp spt:128 dpts:1024:65535
    ACCEPT tcp -- anywhere andre tcp spt:smtp dpts:1024:65535
    ACCEPT tcp -- anywhere andre tcp spt:128 dpts:1024:65535
    ACCEPT tcp -- anywhere crmed tcp spt:smtp dpts:1024:65535
    ACCEPT tcp -- anywhere crmed tcp spt:128 dpts:1024:65535
    ACCEPT tcp -- anywhere oliveira tcp spt:smtp dpts:1024:65535
    ACCEPT tcp -- anywhere oliveira tcp spt:128 dpts:1024:65535
    ACCEPT tcp -- anywhere eliane tcp spt:smtp dpts:1024:65535
    ACCEPT tcp -- anywhere eliane tcp spt:128 dpts:1024:65535
    ACCEPT tcp -- anywhere andre tcp spt:smtp dpts:1024:65535
    ACCEPT tcp -- anywhere andre tcp spt:128 dpts:1024:65535
    ACCEPT tcp -- anywhere ana tcp spt:smtp dpts:1024:65535
    ACCEPT tcp -- anywhere ana tcp spt:128 dpts:1024:65535
    ACCEPT tcp -- anywhere sidney tcp spt:smtp dpts:1024:65535
    ACCEPT tcp -- anywhere sidney tcp spt:128 dpts:1024:65535

  10. #10

  11. #11

    Padrão firewall

    Cara, isso nao é o SCRIPT do seu firewall, outra, vc só tem a CHAIN OUTPUT???

    CADE A INPUT, FORWARD..... ta ACCEPT tb ou ta drop? pode ser por isso que nao ta aceitando nada de fora da rede externa... sei lá com isso que vc colocou ai fica meio complicado de ajudar...

  12. #12
    silmar
    Visitante

    Padrão Re: firewall

    Citação Postado originalmente por rootmaster
    perdão...mandei a lista de regras tipo relatório....
    cpmp faço para ver as regras que estão sendo usadas no iptables...
    valeu....
    Bom como ver ??????????
    Meu pelo que estou vendo vc esta aprendendo a mexer num servidor de produçao ...
    Cara se estiver fazendo isso cuidado

    para ver as regras ja executadas é só dar esse comando

    iptables -L

  13. #13

    Padrão firewall

    :good: :good: :good:

    Problema resolvido ....

    Dei um Frush no Firewall e restartei os Serviços

    ~}#iptables -F

    Valeu..................................

  14. #14

    Padrão firewall

    ...

    repito, eu havia dito o SCRIPT do seu firewall...


    sem mais...

  15. #15

    Padrão firewall

    Olá rootmaster...

    Cara, uma vez vi isso num firewall que fiz algum tempo...

    seguinte...

    no meu caso, havia uma porta de ftp aberta... alguém conseguiu acessar a porta e rodar um exploit... esse exploit fez isso que vi aí... ou seja, liberou acesso a diversos usuários (repare nos nomes...)

    ACCEPT tcp -- anywhere eliane tcp spt:5190 dpts:1023:65535 state RELATED,ESTABLISHED

    aí diz que de qualquer lugar o usuário eliane acessa por protocolo tcp no range das portas 1023 a 65535...

    hehe... dá uma olhada com cuidado nos scripts do firewall...
    tenta achar brechas de segurança... sempre tem!!!
    Olha os logs... use um nmap p/ descobrir as portas abertas e serviços...
    refaça os passos de boot... tenha certeza que no boot ele carrega o seu script original...

    é isso aí... todo cuidado é pouco... firewalls com linux são muito bons, robustos e seguros... porém devem ser configurados com cuidado e boa dose de paranóia em segurança...

    [ ]´s
    Mauzão

  16. #16

    Padrão firewall

    vleu mauzao.......


    todo cuidado é pouco com firewall...


    valeu a força....