[Fedora-users-br] Firewall
redes em habil.eti.br
redes em habil.eti.br
Quarta Março 31 16:07:38 UTC 2010
Segue:
[root em linux squidadmin]# iptables -L -nxv
Chain INPUT (policy DROP 446 packets, 56259 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1081
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:1081
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:1080
138 18262 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
6414 2179699 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:4321
5 240 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:4321
435 20880 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:3128
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
9157 910846 ACCEPT all -- * * 192.168.0.28
0.0.0.0/0
0 0 ACCEPT all -- * * 192.168.0.49
0.0.0.0/0
0 0 ACCEPT all -- * * 192.168.0.50
0.0.0.0/0
22 2279 ACCEPT all -- * * 192.168.0.252
0.0.0.0/0
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:3389
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:25
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:110
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:995
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:465
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:123
0 0 ACCEPT udp -- * * 192.168.0.0/24
0.0.0.0/0 udp dpt:123
0 0 ACCEPT udp -- * * 192.168.0.0/24
0.0.0.0/0 udp dpt:53
0 0 ACCEPT udp -- * * 192.168.0.0/24
0.0.0.0/0 udp dpt:22
0 0 ACCEPT udp -- * * 192.168.0.0/24
0.0.0.0/0 udp dpt:21
0 0 DROP all -- * * 192.168.0.0/24
0.0.0.0/0
0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5
2673 455462 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 1/sec burst 5
0 0 ACCEPT all -- * * 192.168.0.0/24
0.0.0.0/0
6966 2101392 ACCEPT all -- eth1 * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 6855 packets, 1050763 bytes)
pkts bytes target prot opt in out source
destination
199 16347 ACCEPT all -- * eth1 0.0.0.0/0
0.0.0.0/0
[root em linux squidadmin]# iptables -t nat -L -nxv
Chain PREROUTING (policy ACCEPT 1733 packets, 181085 bytes)
pkts bytes target prot opt in out source
destination
0 0 DNAT tcp -- eth1 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:3389 to:192.168.0.252:3389
0 0 DROP all -- eth1 * 10.0.0.0/8
0.0.0.0/0
0 0 DROP all -- eth1 * 176.0.0.0/16
0.0.0.0/0
4 319 DROP all -- eth1 * 192.168.0.0/24
0.0.0.0/0
0 0 ACCEPT tcp -- * * 192.168.0.50
0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 192.168.0.49
0.0.0.0/0 tcp dpt:80
446 21408 ACCEPT tcp -- * * 192.168.0.28
0.0.0.0/0 tcp dpt:80
Chain POSTROUTING (policy ACCEPT 72 packets, 21370 bytes)
pkts bytes target prot opt in out source
destination
1304 124853 MASQUERADE all -- * eth1 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 141 packets, 26148 bytes)
pkts bytes target prot opt in out source
destination
----- Original Message -----
From: "Alejandro Flores" <alejandrorflores em gmail.com>
To: "Lista de discussão voltada para os usuários brasileiros do Fedora"
<br-users em lists.fedoraproject.org>
Sent: Tuesday, March 30, 2010 11:58 PM
Subject: Re: [Fedora-users-br] Firewall
Opa,
Estranho não estar funcionando, cola aqui os seguintes comandos:
iptables -L -nxv
iptables -t nat -L -nxv
Abraço.
> Olá... obrigado por ter respondido
>
> desta forma
> $IPTABLES -t nat -I PREROUTING -p tcp -i $IF_LINK --dport 3389 -j
> DNAT --to
> 192.168.0.252:3389
> $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A FORWARD -d 192.168.0.252/32 -p tcp --dport 3389 -j ACCEPT
> $IPTABLES -A FORWARD -s $NT_LAN -p tcp --dport 110 -j ACCEPT
> $IPTABLES -A FORWARD -s $NT_LAN -p tcp --dport 25 -j ACCEPT
> $IPTABLES -A FORWARD -s $NT_LAN -j DROP
>
> não esta Dropando a rede $NT_LAN
> passo até tirar o comando $IPTABLES -A FORWARD -d 192.168.0.252/32 -p
> tcp --dport 3389 -j ACCEPT
> q mesmo assim funcionando, pois isso q adotei o -I já tinha testado com -A
> isso que não estou entendendo
>
> Alguama dica?
--
Alejandro Flores
http://www.triforsec.com.br/
--
br-users mailing list
br-users em lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/br-users
Mais detalhes sobre a lista de discussão br-users