<div dir="ltr">iptables -t filter -I FORWARD -d 177.135.260.61 -p tcp -m multiport --dport 3051,5836,5837,725 -j ACCEPT<br>iptables -t filter -I FORWARD -d 177.135.260.61 -p udp -m multiport --dport 3051,5836,5837,725 -j ACCEPT<br><br>Como você não informou o protocolo da camada de transporte estou colocando a regra para UDP e TCP.<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Atenciosamente,<br><div><div><div><div><div><br></div><b>João Paulo Ferreira</b><br></div><i>B.S. Ciência da Computação</i> - <font size="1">UNIVERSIDADE SALVADOR</font><br><i>Esp. Redes de Computadores e Telecomunicações</i> - <font size="1">UNIVERSIDADE SALVADOR</font><br><i>Novell Certified Linux Administrator</i> - <font size="1">NOVELL</font><br><i>Certified Linux Professional Institute </i>- <font size="1">LPI</font><br><i>CompTIA Linux+</i> - <font size="1">COMPTIA</font><br><i>Mikrotik Certified Network Associate</i> - <font size="1">MIKROTIK</font><br></div>Cel.: +55 (71) 9918-1235 <font size="1">VIVO</font><br>Cel.: +55 (71) 8837-7080 <font size="1">OI</font><br></div>Skype.: <a href="http://joaopaulo.cf" target="_blank">joaopaulo.cf</a><br></div>G-Talk/Mail: <a href="mailto:jferreira.ba@gmail.com" target="_blank">jferreira.ba@gmail.com</a></div></div></div>
<br><div class="gmail_quote">Em 6 de setembro de 2016 14:03, Glenio Cortes Himmen <span dir="ltr"><<a href="mailto:glenio.11622x@aparecida.go.gov.br" target="_blank">glenio.11622x@aparecida.go.gov.br</a>></span> escreveu:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:12pt;color:#000000"><div>Sou novo com IPTABLES e SQUID, preciso liberar um determinado programa para acessar o endereço e portas abaixo relacionados sem passar pelo proxy.<br></div><div><br></div><div>177.135.260.61:3051<br><a href="http://177.135.250.61:5836" target="_blank">177.135.250.61:5836</a><br><a href="http://177.135.250.61:5837" target="_blank">177.135.250.61:5837</a><br><a href="http://177.135.250.61:725" target="_blank">177.135.250.61:725</a></div><div><br></div><div>As requisições de saída sairão do IP <a href="http://172.16.0.48/255.255.255.192" target="_blank">172.16.0.48/255.255.255.192</a>.<br></div><div><br></div><div>Abaixo o script firewall.sh que utilizo.<br></div><div><br></div><div>#!/bin/bash<br>#___________._________________<wbr>_________ __ _____ .____ .____<br>#\_ _____/| \______ \_ _____/ \ / \/ _ \ | | | |<br># | __) | || _/| __)_\ \/\/ / /_\ \| | | |<br># | \ | || | \| \\ / | \ |___| |___<br># \___ / |___||____|_ /_______ / \__/\ /\____|__ /_______ \_______ \<br># \/ \/ \/ \/ \/ \/ \/<br>##############################<wbr>##############################<wbr>#########<br># VARIAVEIS<br>##############################<wbr>##############################<wbr>#########<br># -d ip de destino - rede destino - ip da rede 192.168.2.1 <a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a><br># -s ip de origem - rede de origem - ip da internet<br># --sport NUMERO porta origem<br># --dport NUMERO porta destino<br># -j ACAO<br>LOG_OPTIONS="--log-tcp-<wbr>sequence --log-ip-options --log-tcp-options --log-level info"<br>IPT="/sbin/iptables"<br>### INTERFACE DA REDE EXTERNA INTERNET<br>IF_EXT="eth0"<br><br>### INTERFACE DA REDE INTERNA LAN<br>IF_INT="eth1"<br></div><div><br>### REDE INTERNA<br>REDE_INTERNA="<a href="http://172.16.0.0/26" target="_blank">172.16.0.0/26</a>"<br><br>### PORTAS LIBERADAS TCP INPUT<br>PORTAS_REDE_INTERNA="23 25 53 137 443 8080 1194 2928 3128 3389 80"<br><br>### PORTAS LIBERADAS UDP INPUT<br>PORTAS_UDP="53 161 3128"<br><br>### Portas liberadas de fora internet para a rede interna<br>PORTAS_FORWARD="23 25 53 443 8080 137 1194 2928 3389 3128"<br><br># ======== FORWARD LIBERADO PARA IP EXTERNO<br>IP_FORWARD_EXTERNO="<br>189.2.188.173<br>187.5.111.45<br>"<br>### FORWARD LIBERADO PARA IP DA REDE INTERNA<br>### Informar os IP's da rede interna que poderão passar sem configurar o proxy<br>IP_FORWARD_INTERNO="<br>172.16.0.3<br>172.16.0.7<br></div><div>172.16.0.25<br>172.16.0.11<br>172.16.0.50<br>172.16.0.47<br>172.16.0.38<br>172.16.0.61<br>172.16.0.24<br>172.16.0.10<br>172.16.0.9<br>172.16.0.49<br>172.16.0.18<br>172.16.0.15<br>172.16.0.36<br>172.16.0.51<br>172.16.0.39<br>172.16.0.45<br>172.16.0.29<br>172.16.0.36<br>"<br>echo "INICIANDO FIREWALL ...................[OK]"<br>##############################<wbr>##############################<wbr>#########<br># MODULOS<br>##############################<wbr>##############################<wbr>#########<br></div><div>/sbin/modprobe ip_conntrack<br>/sbin/modprobe ip_conntrack_ftp<br>/sbin/modprobe ip_nat_ftp<br>/sbin/modprobe iptable_nat<br>/sbin/modprobe ipt_tos<br>/sbin/modprobe ipt_MASQUERADE<br><br>echo "LIMPANDO AS REGRAS ...................[OK]"<br>### APAGANDO REGRAS PADRAO<br>$IPT -F<br>$IPT -t nat -F<br>$IPT -t mangle -F<br><br>### APAGANDO CHAINS<br>$IPT -X<br>$IPT -t nat -X<br>$IPT -t mangle -X<br><br>### ZERANDO CONTADORES<br>$IPT -Z<br>$IPT -t nat -Z<br>$IPT -t mangle -Z<br></div><div><br>echo "APLICADO REGRAS PADRÕES ..............[OK]"<br>##############################<wbr>##############################<wbr>##########<br># REGRAS PADROES<br>##############################<wbr>##############################<wbr>##########<br>$IPT -P INPUT DROP<br>$IPT -P FORWARD DROP<br>$IPT -P OUTPUT ACCEPT<br><br>### HABILITANDO ROTEAMENTO NO KERNEL<br>echo "1" > /proc/sys/net/ipv4/ip_forward<br><br>##############################<wbr>##############################<wbr>##########<br># REGRAS DE NAT<br>##############################<wbr>##############################<wbr>##########<br>### COMPARTILHAR INTERNET<br><br>#$IPT -t nat -A POSTROUTING -s $REDE_INTERNA -o $IF_EXT -j MASQUERADE<br>$IPT -t nat -A POSTROUTING -o $IF_EXT -j MASQUERADE<br><br>#Redirecionar 443 para 3128<br>#$IPT -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 3128<br></div><div><br>### PROXY TRANSPARENTE<br>#$IPT -t nat -A PREROUTING -i $IF_EXT -p tcp --dport 80 -j DNAT --to <a href="http://10.1.1.1:3128" target="_blank">10.1.1.1:3128</a><br>#$IPT -t nat -A PREROUTING -i $IF_INT -p tcp --dport 80 -j REDIRECT --to-port 3128<br><br>### REDIRECIONAR ACESSO EXTERNO RDP PARA HOST INTERNO<br>#$IPT -t nat -A PREROUTING -i $IF_EXT -p tcp --dport 3389 -j DNAT --to-destination <a href="http://10.1.1.54:3389" target="_blank">10.1.1.54:3389</a><br>#$IPT -t filter -A FORWARD -i $IF_EXT -d 10.1.1.54 -p tcp --dport 3389 -j ACCEPT<br><br>echo "APLICANDO REGRAS MANUAIS .............[OK]"<br>##############################<wbr>##############################<wbr>#########<br># REGRAS INPUT<br>##############################<wbr>##############################<wbr>#########<br>$IPT -t filter -A INPUT -p tcp -i lo -j ACCEPT<br>$IPT -t filter -A INPUT -p icmp -j ACCEPT<br>$IPT -t filter -A INPUT -p tcp --dport 443 -j DROP<br><br>for i in $PORTAS_REDE_INTERNA; do<br> $IPT -t filter -A INPUT -p tcp --dport $i -j ACCEPT<br>done<br></div><div><br>for i in $PORTAS_UDP; do<br> $IPT -A INPUT -p udp --dport $i -j ACCEPT<br>done<br><br>$IPT -t filter -A INPUT -m state --state INVALID,RELATED,ESTABLISHED -j ACCEPT<br>$IPT -t filter -A INPUT -j LOG $LOG_OPTIONS --log-prefix "LOG_INPUT"<br>$IPT -t filter -A INPUT -j DROP<br><br>##############################<wbr>##############################<wbr>#########<br># REGRAS DE FORWARD<br>##############################<wbr>##############################<wbr>#########<br>### PORTAS FORWARD<br>for i in $PORTAS_FORWARD; do<br> $IPT -A FORWARD -p tcp --dport $i -j ACCEPT<br>done<br><br>### FORWARD EXTERNA INTERNET<br>for i in $IP_FORWARD_EXTERNO; do<br> $IPT -A FORWARD -d $i -j ACCEPT<br>done<br><br>### FORWARD INTERNO INTERNT<br></div><div>for i in $IP_FORWARD_INTERNO; do<br> $IPT -A FORWARD -s $i -j ACCEPT<br>done<br>###<br><br>for i in $PORTAS_UDP; do<br> $IPT -t filter -A FORWARD -p udp --dport $i -j ACCEPT<br>done<br><br>$IPT -t filter -A FORWARD -m state --state INVALID,RELATED,ESTABLISHED -j ACCEPT<br>$IPT -t filter -A FORWARD -j LOG $LOG_OPTIONS --log-prefix "LOG_FORWARD"<br>$IPT -t filter -A FORWARD -j DROP<br><br>echo "FIREWALL INICIADO ....................[OK]"<br></div><div><br></div><div>Gostaria da ajuda para saber o comando e onde colocar.<br></div></div></div><br>______________________________<wbr>_________________<br>
CentOS-pt-br mailing list<br>
<a href="mailto:CentOS-pt-br@centos.org">CentOS-pt-br@centos.org</a><br>
<a href="https://lists.centos.org/mailman/listinfo/centos-pt-br" rel="noreferrer" target="_blank">https://lists.centos.org/<wbr>mailman/listinfo/centos-pt-br</a><br>
<br></blockquote></div><br></div>