<b><font class="Apple-style-span" color="#FF0000">VELOX, e alguns provedores ADSL bloqueia algumas portas padrões, exemplo a porta 21</font></b>.<br><br><div class="gmail_quote">2009/11/13 Wagner Quedi <span dir="ltr"><<a href="mailto:wagner@quedinet.com.br">wagner@quedinet.com.br</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">ta sim .. segue aqui o firewall<br>
<br>
<br>
#! /bin/sh<br>
<br>
iptables -F<br>
iptables -t nat -F<br>
iptables -t mangle -F<br>
iptables -X<br>
iptables -Z<br>
<br>
modprobe iptable_nat<br>
modprobe iptable_filter<br>
modprobe ip_tables<br>
modprobe ip_conntrack<br>
modprobe ip_conntrack_ftp<br>
modprobe ip_nat_ftp<br>
modprobe ipt_MASQUERADE<br>
modprobe ipt_LOG<br>
modprobe ipt_layer7<br>
<br>
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 22 -j LOG<br>
<div class="im">--log-prefix="ACESSO SSH INVALIDO "<br>
</div>iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 2123 -j<br>
<div class="im">LOG --log-prefix="ACESSO SSH VALIDO "<br>
</div>iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8291 -j<br>
<div class="im">LOG --log-prefix="ACESSO WINBOX "<br>
</div>#iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 21 -j LOG<br>
--log-prefix="ACESSO FTP "<br>
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 3389 -j LOG<br>
<div class="im">--log-prefix="ACESSO TERMINAL REMOTO WIN "<br>
<br>
<br>
</div>#iptables -A FORWARD -m layer7 --l7proto msnmessenger -j DROP<br>
iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP<br>
iptables -A FORWARD -m layer7 --l7proto gnutella -j DROP<br>
iptables -A FORWARD -m layer7 --l7proto edonkey -j DROP<br>
iptables -A FORWARD -m layer7 --l7proto directconnect -j DROP<br>
iptables -A FORWARD -m layer7 --l7proto napster -j DROP<br>
iptables -A FORWARD -m layer7 --l7proto soulseek -j DROP<br>
iptables -A FORWARD -m layer7 --l7proto fasttrack -j DROP<br>
iptables -A FORWARD -m layer7 --l7proto ares -j DROP<br>
iptables -A FORWARD -m layer7 --l7proto httpvideo -j DROP<br>
iptables -A FORWARD -m layer7 --l7proto skypeout -j DROP<br>
iptables -A FORWARD -m layer7 --l7proto skypetoskype -j DROP<br>
iptables -A FORWARD -m layer7 --l7proto msn-filetransfer -j DROP<br>
<br>
#imspector<br>
# MSN:<br>
iptables -t nat -A PREROUTING -p tcp --destination-port 1863 -j<br>
REDIRECT --to-ports 16667<br>
# Jabber:<br>
iptables -t nat -A PREROUTING -p tcp --destination-port 5222 -j<br>
REDIRECT --to-ports 16667<br>
# Jabber over SSL:<br>
iptables -t nat -A PREROUTING -p tcp --destination-port 5223 -j<br>
REDIRECT --to-ports 16667<br>
# ICQ/AIM:<br>
iptables -t nat -A PREROUTING -p tcp --destination-port 5190 -j<br>
REDIRECT --to-ports 16667<br>
# Yahoo:<br>
iptables -t nat -A PREROUTING -p tcp --destination-port 5050 -j<br>
REDIRECT --to-ports 16667<br>
# IRC:<br>
iptables -t nat -A PREROUTING -p tcp --destination-port 6667 -j<br>
REDIRECT --to-ports 16667<br>
# Gadu-Gadu:<br>
iptables -t nat -A PREROUTING -p tcp --destination-port 8074 -j<br>
REDIRECT --to-ports 16667<br>
<br>
echo 1 > /proc/sys/net/ipv4/ip_forward<br>
<br>
iptables -t nat -A PREROUTING -p tcp -s <a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a> -d <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
<div class="im">--dport 80 -j DNAT --to-destination <a href="http://192.168.0.1:3128" target="_blank">192.168.0.1:3128</a><br>
</div>iptables -t nat -A PREROUTING -p tcp -s <a href="http://10.1.1.0/24" target="_blank">10.1.1.0/24</a> -d <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
<div class="im">--dport 80 -j DNAT --to-destination <a href="http://192.168.0.1:3128" target="_blank">192.168.0.1:3128</a><br>
<br>
</div>iptables -t nat -A POSTROUTING -s <a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a> -d 0/0 -j MASQUERADE<br>
iptables -t nat -A POSTROUTING -s <a href="http://10.1.1.0/24" target="_blank">10.1.1.0/24</a> -d 0/0 -j MASQUERADE<br>
<br>
iptables -t nat -A PREROUTING -p tcp --dport 21 -j LOG<br>
<div class="im">--log-prefix="ACESSO-FTP 1: "<br>
</div>iptables -t nat -A PREROUTING -p tcp --dport 21 -j ACCEPT<br>
<br>
<br>
# redirecionamentos de portas<br>
# MK<br>
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8291 -j DNAT<br>
<div class="im">--to-destination 10.1.1.2<br>
</div># ISS<br>
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT<br>
<div class="im">--to-destination 192.168.0.161<br>
</div>iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 3389 -j DNAT<br>
<div class="im">--to-destination 192.168.0.161<br>
</div>iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 3389 -j DNAT<br>
<div class="im">--to-destination 192.168.0.161<br>
<br>
<br>
<br>
<br>
</div>2009/11/13 Bruno L F Cabral <<a href="mailto:bruno@openline.com.br">bruno@openline.com.br</a>>:<br>
<div><div></div><div class="h5">>> seguinte .. a rede interna <a href="http://10.1.1.0/24" target="_blank">10.1.1.0/24</a> e a rede <a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a><br>
>> precisam ter acesso a ftp externo (datasus) so que nao conecta<br>
><br>
> Ja viu se falta<br>
><br>
> modprobe nf_nat_ftp<br>
> modprobe nf_conntrack_ftp<br>
><br>
> ??<br>
><br>
> !3runo<br>
> _______________________________________________<br>
> CentOS-pt-br mailing list<br>
> <a href="mailto:CentOS-pt-br@centos.org">CentOS-pt-br@centos.org</a><br>
> <a href="http://lists.centos.org/mailman/listinfo/centos-pt-br" target="_blank">http://lists.centos.org/mailman/listinfo/centos-pt-br</a><br>
><br>
<br>
<br>
<br>
</div></div><div class="im">--<br>
Muitas pessoas poderiam ter sucesso em pequenas coisas se não se<br>
deixassem atormentar por grandes ambições!<br>
------------------------------------------------------<br>
Wagner Quedi Rosa .·.<br>
QuediNet Internet Service<br>
Soluções Inteligentes em T.I.<br>
<br>
Fone: (69) 8403-1158<br>
Skype: wagner_quedi<br>
E-Mail/MSN: <a href="mailto:wagner@quedinet.com.br">wagner@quedinet.com.br</a><br>
Site: <a href="http://www.quedinet.com.br" target="_blank">www.quedinet.com.br</a><br>
------------------------------------------------------<br>
_______________________________________________<br>
</div><div><div></div><div class="h5">CentOS-pt-br mailing list<br>
<a href="mailto:CentOS-pt-br@centos.org">CentOS-pt-br@centos.org</a><br>
<a href="http://lists.centos.org/mailman/listinfo/centos-pt-br" target="_blank">http://lists.centos.org/mailman/listinfo/centos-pt-br</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Att.,<br><br>Ciro M. Brandão<br><br>CONTATO<br>Cel.: +55 (75) 8835-1778<br>MSN: <a href="mailto:cirobrandao@gmail.com">cirobrandao@gmail.com</a><br>Skype: ciro.uwc32<br>