amigos, gostaria de uma ajuda de vcs para tentar entender pq FTP nao passa por esse firewall nem via internet explorer / firefox nem via filezilla
IPTABLE-SAVE [root@xeon squid]# iptables-save # Generated by iptables-save v1.3.5 on Fri Nov 13 10:10:38 2009 *mangle :PREROUTING ACCEPT [81554731:45935143966] :INPUT ACCEPT [71344510:41716336442] :FORWARD ACCEPT [10175480:4216524496] :OUTPUT ACCEPT [75822741:44330541946] :POSTROUTING ACCEPT [85748172:48529137407] COMMIT # Completed on Fri Nov 13 10:10:38 2009 # Generated by iptables-save v1.3.5 on Fri Nov 13 10:10:38 2009 *nat :PREROUTING ACCEPT [787179:52922477] :POSTROUTING ACCEPT [4202374:263842377] :OUTPUT ACCEPT [4205329:264793510] -A PREROUTING -i eth0 -p tcp -m tcp --dport 22 -j LOG --log-prefix "ACESSO SSH INVALIDO " -A PREROUTING -i eth0 -p tcp -m tcp --dport 2123 -j LOG --log-prefix "ACESSO SSH VALIDO " -A PREROUTING -i eth0 -p tcp -m tcp --dport 8291 -j LOG --log-prefix "ACESSO WINBOX " -A PREROUTING -p tcp -m tcp --dport 3389 -j LOG --log-prefix "ACESSO TERMINAL REMOTO WIN " -A PREROUTING -p tcp -m tcp --dport 1863 -j REDIRECT --to-ports 16667 -A PREROUTING -p tcp -m tcp --dport 5222 -j REDIRECT --to-ports 16667 -A PREROUTING -p tcp -m tcp --dport 5223 -j REDIRECT --to-ports 16667 -A PREROUTING -p tcp -m tcp --dport 5190 -j REDIRECT --to-ports 16667 -A PREROUTING -p tcp -m tcp --dport 5050 -j REDIRECT --to-ports 16667 -A PREROUTING -p tcp -m tcp --dport 6667 -j REDIRECT --to-ports 16667 -A PREROUTING -p tcp -m tcp --dport 8074 -j REDIRECT --to-ports 16667 -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128 -A PREROUTING -s 10.1.1.0/255.255.255.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128 -A PREROUTING -p tcp -m tcp --dport 21 -j LOG --log-prefix "ACESSO-FTP 1: " -A PREROUTING -p tcp -m tcp --dport 21 -j ACCEPT -A PREROUTING -i eth0 -p tcp -m tcp --dport 8291 -j DNAT --to-destination 10.1.1.2 -A PREROUTING -i eth0 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.0.161 -A PREROUTING -i eth1 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.0.161 -A PREROUTING -i eth2 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.0.161 -A POSTROUTING -s 192.168.0.0/255.255.255.0 -j MASQUERADE -A POSTROUTING -s 10.1.1.0/255.255.255.0 -j MASQUERADE COMMIT # Completed on Fri Nov 13 10:10:38 2009 # Generated by iptables-save v1.3.5 on Fri Nov 13 10:10:38 2009 *filter :INPUT ACCEPT [71344513:41716336648] :FORWARD ACCEPT [9925408:4198594581] :OUTPUT ACCEPT [75822716:44330539614] -A FORWARD -m layer7 --l7proto bittorrent -j DROP -A FORWARD -m layer7 --l7proto gnutella -j DROP -A FORWARD -m layer7 --l7proto edonkey -j DROP -A FORWARD -m layer7 --l7proto directconnect -j DROP -A FORWARD -m layer7 --l7proto napster -j DROP -A FORWARD -m layer7 --l7proto soulseek -j DROP -A FORWARD -m layer7 --l7proto fasttrack -j DROP -A FORWARD -m layer7 --l7proto ares -j DROP -A FORWARD -m layer7 --l7proto httpvideo -j DROP -A FORWARD -m layer7 --l7proto skypeout -j DROP -A FORWARD -m layer7 --l7proto skypetoskype -j DROP -A FORWARD -m layer7 --l7proto msn-filetransfer -j DROP COMMIT # Completed on Fri Nov 13 10:10:38 2009
alguem poderia me dar uma luz ???