*VELOX, e alguns provedores ADSL bloqueia algumas portas padrões, exemplo a porta 21*.
2009/11/13 Wagner Quedi wagner@quedinet.com.br
ta sim .. segue aqui o firewall
#! /bin/sh
iptables -F iptables -t nat -F iptables -t mangle -F iptables -X iptables -Z
modprobe iptable_nat modprobe iptable_filter modprobe ip_tables modprobe ip_conntrack modprobe ip_conntrack_ftp modprobe ip_nat_ftp modprobe ipt_MASQUERADE modprobe ipt_LOG modprobe ipt_layer7
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 22 -j LOG --log-prefix="ACESSO SSH INVALIDO " iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 2123 -j LOG --log-prefix="ACESSO SSH VALIDO " iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8291 -j LOG --log-prefix="ACESSO WINBOX " #iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 21 -j LOG --log-prefix="ACESSO FTP " iptables -t nat -A PREROUTING -p tcp -m tcp --dport 3389 -j LOG --log-prefix="ACESSO TERMINAL REMOTO WIN "
#iptables -A FORWARD -m layer7 --l7proto msnmessenger -j DROP iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP iptables -A FORWARD -m layer7 --l7proto gnutella -j DROP iptables -A FORWARD -m layer7 --l7proto edonkey -j DROP iptables -A FORWARD -m layer7 --l7proto directconnect -j DROP iptables -A FORWARD -m layer7 --l7proto napster -j DROP iptables -A FORWARD -m layer7 --l7proto soulseek -j DROP iptables -A FORWARD -m layer7 --l7proto fasttrack -j DROP iptables -A FORWARD -m layer7 --l7proto ares -j DROP iptables -A FORWARD -m layer7 --l7proto httpvideo -j DROP iptables -A FORWARD -m layer7 --l7proto skypeout -j DROP iptables -A FORWARD -m layer7 --l7proto skypetoskype -j DROP iptables -A FORWARD -m layer7 --l7proto msn-filetransfer -j DROP
#imspector # MSN: iptables -t nat -A PREROUTING -p tcp --destination-port 1863 -j REDIRECT --to-ports 16667 # Jabber: iptables -t nat -A PREROUTING -p tcp --destination-port 5222 -j REDIRECT --to-ports 16667 # Jabber over SSL: iptables -t nat -A PREROUTING -p tcp --destination-port 5223 -j REDIRECT --to-ports 16667 # ICQ/AIM: iptables -t nat -A PREROUTING -p tcp --destination-port 5190 -j REDIRECT --to-ports 16667 # Yahoo: iptables -t nat -A PREROUTING -p tcp --destination-port 5050 -j REDIRECT --to-ports 16667 # IRC: iptables -t nat -A PREROUTING -p tcp --destination-port 6667 -j REDIRECT --to-ports 16667 # Gadu-Gadu: iptables -t nat -A PREROUTING -p tcp --destination-port 8074 -j REDIRECT --to-ports 16667
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0 --dport 80 -j DNAT --to-destination 192.168.0.1:3128 iptables -t nat -A PREROUTING -p tcp -s 10.1.1.0/24 -d 0.0.0.0/0 --dport 80 -j DNAT --to-destination 192.168.0.1:3128
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0/0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -d 0/0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 21 -j LOG --log-prefix="ACESSO-FTP 1: " iptables -t nat -A PREROUTING -p tcp --dport 21 -j ACCEPT
# redirecionamentos de portas # MK iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8291 -j DNAT --to-destination 10.1.1.2 # ISS iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT --to-destination 192.168.0.161 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 3389 -j DNAT --to-destination 192.168.0.161 iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 3389 -j DNAT --to-destination 192.168.0.161
2009/11/13 Bruno L F Cabral bruno@openline.com.br:
seguinte .. a rede interna 10.1.1.0/24 e a rede 192.168.0.0/24 precisam ter acesso a ftp externo (datasus) so que nao conecta
Ja viu se falta
modprobe nf_nat_ftp modprobe nf_conntrack_ftp
??
!3runo _______________________________________________ CentOS-pt-br mailing list CentOS-pt-br@centos.org http://lists.centos.org/mailman/listinfo/centos-pt-br
-- Muitas pessoas poderiam ter sucesso em pequenas coisas se não se deixassem atormentar por grandes ambições!
Wagner Quedi Rosa .·. QuediNet Internet Service Soluções Inteligentes em T.I.
Fone: (69) 8403-1158 Skype: wagner_quedi E-Mail/MSN: wagner@quedinet.com.br Site: www.quedinet.com.br
CentOS-pt-br mailing list CentOS-pt-br@centos.org http://lists.centos.org/mailman/listinfo/centos-pt-br