Segue:
[root@linux squidadmin]# iptables -L -nxv
Chain INPUT (policy DROP 446 packets, 56259 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1081
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:1081
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:1080
138 18262 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
6414 2179699 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:4321
5 240 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:4321
435 20880 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:3128
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
9157 910846 ACCEPT all -- * * 192.168.0.28
0.0.0.0/0
0 0 ACCEPT all -- * * 192.168.0.49
0.0.0.0/0
0 0 ACCEPT all -- * * 192.168.0.50
0.0.0.0/0
22 2279 ACCEPT all -- * * 192.168.0.252
0.0.0.0/0
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:3389
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:25
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:110
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:995
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:465
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:123
0 0 ACCEPT udp -- * * 192.168.0.0/24
0.0.0.0/0 udp dpt:123
0 0 ACCEPT udp -- * * 192.168.0.0/24
0.0.0.0/0 udp dpt:53
0 0 ACCEPT udp -- * * 192.168.0.0/24
0.0.0.0/0 udp dpt:22
0 0 ACCEPT udp -- * * 192.168.0.0/24
0.0.0.0/0 udp dpt:21
0 0 DROP all -- * * 192.168.0.0/24
0.0.0.0/0
0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5
2673 455462 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 1/sec burst 5
0 0 ACCEPT all -- * * 192.168.0.0/24
0.0.0.0/0
6966 2101392 ACCEPT all -- eth1 * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 6855 packets, 1050763 bytes)
pkts bytes target prot opt in out source
destination
199 16347 ACCEPT all -- * eth1 0.0.0.0/0
0.0.0.0/0
[root@linux squidadmin]# iptables -t nat -L -nxv
Chain PREROUTING (policy ACCEPT 1733 packets, 181085 bytes)
pkts bytes target prot opt in out source
destination
0 0 DNAT tcp -- eth1 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:3389 to:192.168.0.252:3389
0 0 DROP all -- eth1 * 10.0.0.0/8
0.0.0.0/0
0 0 DROP all -- eth1 * 176.0.0.0/16
0.0.0.0/0
4 319 DROP all -- eth1 * 192.168.0.0/24
0.0.0.0/0
0 0 ACCEPT tcp -- * * 192.168.0.50
0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 192.168.0.49
0.0.0.0/0 tcp dpt:80
446 21408 ACCEPT tcp -- * * 192.168.0.28
0.0.0.0/0 tcp dpt:80
Chain POSTROUTING (policy ACCEPT 72 packets, 21370 bytes)
pkts bytes target prot opt in out source
destination
1304 124853 MASQUERADE all -- * eth1 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 141 packets, 26148 bytes)
pkts bytes target prot opt in out source
destination
----- Original Message -----
From: "Alejandro Flores" <alejandrorflores(a)gmail.com>
To: "Lista de discussão voltada para os usuários brasileiros do Fedora"
<br-users(a)lists.fedoraproject.org>
Sent: Tuesday, March 30, 2010 11:58 PM
Subject: Re: [Fedora-users-br] Firewall
Opa,
Estranho não estar funcionando, cola aqui os seguintes comandos:
iptables -L -nxv
iptables -t nat -L -nxv
Abraço.
Olá... obrigado por ter respondido
desta forma
$IPTABLES -t nat -I PREROUTING -p tcp -i $IF_LINK --dport 3389 -j
DNAT --to
192.168.0.252:3389
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -d 192.168.0.252/32 -p tcp --dport 3389 -j ACCEPT
$IPTABLES -A FORWARD -s $NT_LAN -p tcp --dport 110 -j ACCEPT
$IPTABLES -A FORWARD -s $NT_LAN -p tcp --dport 25 -j ACCEPT
$IPTABLES -A FORWARD -s $NT_LAN -j DROP
não esta Dropando a rede $NT_LAN
passo até tirar o comando $IPTABLES -A FORWARD -d 192.168.0.252/32 -p
tcp --dport 3389 -j ACCEPT
q mesmo assim funcionando, pois isso q adotei o -I já tinha testado com -A
isso que não estou entendendo
Alguama dica?
--
Alejandro Flores
http://www.triforsec.com.br/
--
br-users mailing list
br-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/br-users