[CentOS-pt-br] Regra IPTables
Fabio Fraga [DS]
fabio em dataspace.com.br
Quarta Janeiro 14 21:29:29 UTC 2015
Maravilha, Jorge.
Estamos aí para ajudar uns aos outros.
Abraço!
Atenciosamente,
Fábio Fraga Machado
Diretor de Tecnologia e Infraestrutura
Data Space Networks & TI
: Telefone: (48) 4052-9252
: MSN: fabio em dataspace.com.br
: GTalk: fabio em dataspace.com.br
2015-01-14 19:20 GMT-02:00 Jorge Silveira <jlrs19833 em gmail.com>:
> Boa noite!
>
> Gostaria de agradecer a atenção de todos e principalmente a do Fabio, que
> foi muito prestativo e atencioso.
>
> Consegui resolver o meu problema após contato com o suporte do VPS, onde
> descobri que era necessário ativar a opção "IPTABLES NAT" no painel para
> que o mesmo funcionasse de maneira correta.
>
> Assim encerro o tópico.
>
> Grato e boa noite a todos!
>
>
> [image: Sua Foto] <jlrs19833 em gmail.com>Jorge Luiz Rodrigues da SilveiraPorto
> Alegre - RS | Mobile: (51) 9103-6319Veja minhas redes sociais:
> <http://br.linkedin.com/in/josilveira>
> <https://www.facebook.com/silveirajorge>
> <https://twitter.com/silveirajorge> <http://instagram.com/silveira_jorge>
>
> Em 14 de janeiro de 2015 14:49, Fabio Fraga [DS] <fabio em dataspace.com.br>
> escreveu:
>
> Ultima tentativa:
>>
>> #grep -R iptables /etc
>>
>> Senão, cria teu arquivo /etc/sysconfig/iptables e cola teu script. Ele
>> está no modelo RedHat Firewall, certo?
>>
>>
>> Atenciosamente,
>> Fábio Fraga Machado
>> Diretor de Tecnologia e Infraestrutura
>> Data Space Networks & TI
>>
>> : Telefone: (48) 4052-9252
>> : MSN: fabio em dataspace.com.br
>> : GTalk: fabio em dataspace.com.br
>>
>> 2015-01-14 14:36 GMT-02:00 Jorge Silveira <jlrs19833 em gmail.com>:
>>
>>> Locais onde estão os iptables.
>>>
>>> [root em vps54896be34eb14 src]# which iptables
>>> /sbin/iptables
>>> [root em vps54896be34eb14 src]# which iptables-save
>>> /sbin/iptables-save
>>>
>>>
>>>
>>>
>>>
>>> [image: Sua Foto] <jlrs19833 em gmail.com>Jorge Luiz Rodrigues da SilveiraPorto
>>> Alegre - RS | Mobile: (51) 9103-6319Veja minhas redes sociais:
>>> <http://br.linkedin.com/in/josilveira>
>>> <https://www.facebook.com/silveirajorge>
>>> <https://twitter.com/silveirajorge>
>>> <http://instagram.com/silveira_jorge>
>>>
>>> Em 14 de janeiro de 2015 14:28, Fabio Fraga [DS] <fabio em dataspace.com.br
>>> > escreveu:
>>>
>>> Seu iptables está carregando de outro lugar que não seja o sysconfig?
>>>>
>>>> Ele é carregado em outro diretório com iptables-save ou outro programa?
>>>>
>>>> Dá um #iptables -nvL e cola aqui pra nós. Você falou em VPS, por acaso
>>>> é cPanel ou Plesk?
>>>>
>>>>
>>>> Atenciosamente,
>>>> Fábio Fraga Machado
>>>> Diretor de Tecnologia e Infraestrutura
>>>> Data Space Networks & TI
>>>>
>>>> : Telefone: (48) 4052-9252
>>>> : MSN: fabio em dataspace.com.br
>>>> : GTalk: fabio em dataspace.com.br
>>>>
>>>> On Wed, Jan 14, 2015 at 2:23 PM, Jorge Silveira <jlrs19833 em gmail.com>
>>>> wrote:
>>>>
>>>>> Segue o retorno do comando iptables -N INPUT
>>>>>
>>>>> iptables: Chain already exists.
>>>>>
>>>>>
>>>>> [image: Sua Foto] <jlrs19833 em gmail.com>Jorge Luiz Rodrigues da
>>>>> SilveiraPorto Alegre - RS | Mobile: (51) 9103-6319Veja minhas redes
>>>>> sociais: <http://br.linkedin.com/in/josilveira>
>>>>> <https://www.facebook.com/silveirajorge>
>>>>> <https://twitter.com/silveirajorge>
>>>>> <http://instagram.com/silveira_jorge>
>>>>>
>>>>> 2015-01-14 14:22 GMT-02:00 Jorge Silveira <jlrs19833 em gmail.com>:
>>>>>
>>>>> Olá Fábio;
>>>>>>
>>>>>> Não achei o /etc/sysconfig/iptables, mas sim o iptables-config.
>>>>>>
>>>>>> Segue abaixo:
>>>>>>
>>>>>> # Load additional iptables modules (nat helpers)
>>>>>> # Default: -none-
>>>>>> # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'),
>>>>>> which
>>>>>> # are loaded after the firewall rules are applied. Options for the
>>>>>> helpers are
>>>>>> # stored in /etc/modprobe.conf.
>>>>>> IPTABLES_MODULES=""
>>>>>>
>>>>>> # Unload modules on restart and stop
>>>>>> # Value: yes|no, default: yes
>>>>>> # This option has to be 'yes' to get to a sane state for a firewall
>>>>>> # restart or stop. Only set to 'no' if there are problems unloading
>>>>>> netfilter
>>>>>> # modules.
>>>>>> IPTABLES_MODULES_UNLOAD="yes"
>>>>>>
>>>>>> # Save current firewall rules on stop.
>>>>>> # Value: yes|no, default: no
>>>>>> # Saves all firewall rules to /etc/sysconfig/iptables if firewall
>>>>>> gets stopped
>>>>>> # (e.g. on system shutdown).
>>>>>> IPTABLES_SAVE_ON_STOP="no"
>>>>>>
>>>>>> # Save current firewall rules on restart.
>>>>>> # Value: yes|no, default: no
>>>>>> # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
>>>>>> # restarted.
>>>>>> IPTABLES_SAVE_ON_RESTART="no"
>>>>>>
>>>>>> # Save (and restore) rule and chain counter.
>>>>>> # Value: yes|no, default: no
>>>>>> # Save counters for rules and chains to /etc/sysconfig/iptables if
>>>>>> # 'service iptables save' is called or on stop or restart if
>>>>>> SAVE_ON_STOP or
>>>>>> # SAVE_ON_RESTART is enabled.
>>>>>> IPTABLES_SAVE_COUNTER="no"
>>>>>>
>>>>>> # Numeric status output
>>>>>> # Value: yes|no, default: yes
>>>>>> # Print IP addresses and port numbers in numeric format in the status
>>>>>> output.
>>>>>> IPTABLES_STATUS_NUMERIC="yes"
>>>>>>
>>>>>> # Verbose status output
>>>>>> # Value: yes|no, default: yes
>>>>>> # Print info about the number of packets and bytes plus the "input-"
>>>>>> and
>>>>>> # "outputdevice" in the status output.
>>>>>> IPTABLES_STATUS_VERBOSE="no"
>>>>>>
>>>>>> # Status output with numbered lines
>>>>>> # Value: yes|no, default: yes
>>>>>> # Print a counter/number for every rule in the status output.
>>>>>> IPTABLES_STATUS_LINENUMBERS="yes"
>>>>>>
>>>>>> # Reload sysctl settings on start and restart
>>>>>> # Default: -none-
>>>>>> # Space separated list of sysctl items which are to be reloaded on
>>>>>> start.
>>>>>> # List items will be matched by fgrep.
>>>>>> #IPTABLES_SYSCTL_LOAD_LIST=".nf_conntrack .bridge-nf"
>>>>>>
>>>>>>
>>>>>> [image: Sua Foto] <jlrs19833 em gmail.com>Jorge Luiz Rodrigues da
>>>>>> SilveiraPorto Alegre - RS | Mobile: (51) 9103-6319Veja minhas redes
>>>>>> sociais: <http://br.linkedin.com/in/josilveira>
>>>>>> <https://www.facebook.com/silveirajorge>
>>>>>> <https://twitter.com/silveirajorge>
>>>>>> <http://instagram.com/silveira_jorge>
>>>>>>
>>>>>> Em 14 de janeiro de 2015 10:00, Fabio Fraga [DS] <
>>>>>> fabio em dataspace.com.br> escreveu:
>>>>>>
>>>>>>> Olá Jorge,
>>>>>>>
>>>>>>> Parece-me que você não tem a chain INPUT.
>>>>>>>
>>>>>>> Poderia colar o seu /etc/sysconfig/iptables aqui?
>>>>>>>
>>>>>>> Você pode realizar um teste criando a chain.
>>>>>>>
>>>>>>> Segue:
>>>>>>> iptables -N INPUT
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Atenciosamente,
>>>>>>> Fábio Fraga Machado
>>>>>>> Diretor de Tecnologia e Infraestrutura
>>>>>>> Data Space Networks & TI
>>>>>>>
>>>>>>> : Telefone: (48) 4052-9252
>>>>>>> : MSN: fabio em dataspace.com.br
>>>>>>> : GTalk: fabio em dataspace.com.br
>>>>>>>
>>>>>>> 2015-01-14 9:42 GMT-02:00 Jorge Silveira <jlrs19833 em gmail.com>:
>>>>>>>
>>>>>>>> Bom dia a todos!
>>>>>>>>
>>>>>>>> Estou enviando esta mensagem pedindo um auxílio aos amigos no
>>>>>>>> intuito de resolver um problema.
>>>>>>>>
>>>>>>>> Estou implantando um servidor Centos onde nele eu preciso ter
>>>>>>>> algumas regras de IPTables. Até aí tudo bem, nada de anormal, até pq já
>>>>>>>> tenho um script basicamente pronto que coloco em todas as máquinas e até
>>>>>>>> hoje nunca tive problema.
>>>>>>>>
>>>>>>>> Ocorre que neste caso estou realizando a implementação de um VPS e
>>>>>>>> quando tento carregar uma regra para "liberar" o retorno de pacotes por uma
>>>>>>>> conexão já estendida recebo uma mensagem de erro.
>>>>>>>>
>>>>>>>> Abaixo vou listar cada situação:
>>>>>>>>
>>>>>>>> ##Comando IPTables:##
>>>>>>>>
>>>>>>>> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>>>>>>>
>>>>>>>> ##Erro Linux##
>>>>>>>>
>>>>>>>> iptables: No chain/target/match by that name.
>>>>>>>>
>>>>>>>> ##cat /proc/net/ip_tables_matches##
>>>>>>>>
>>>>>>>> u32
>>>>>>>> connbytes
>>>>>>>> owner
>>>>>>>> conntrack
>>>>>>>> conntrack
>>>>>>>> conntrack
>>>>>>>> limit
>>>>>>>> set
>>>>>>>> set
>>>>>>>> recent
>>>>>>>> owner
>>>>>>>> state
>>>>>>>> length
>>>>>>>> ttl
>>>>>>>> tcpmss
>>>>>>>> multiport
>>>>>>>> multiport
>>>>>>>> tos
>>>>>>>> tos
>>>>>>>> dscp
>>>>>>>> icmp
>>>>>>>> udplite
>>>>>>>> udp
>>>>>>>> tcp
>>>>>>>>
>>>>>>>> ##cat /proc/net/ip_tables_names##
>>>>>>>> raw
>>>>>>>> mangle
>>>>>>>> filter
>>>>>>>>
>>>>>>>> ##cat /proc/net/ip_tables_targets##
>>>>>>>> SET
>>>>>>>> SET
>>>>>>>> LOG
>>>>>>>> DNAT
>>>>>>>> SNAT
>>>>>>>> TCPMSS
>>>>>>>> REJECT
>>>>>>>> ERROR
>>>>>>>>
>>>>>>>> Acredito que o problema seja o targets que não possui o
>>>>>>>> ESTABLISHED, mas como nunca passei por essa situação não quero arriscar.
>>>>>>>>
>>>>>>>> Alguém se habilita a ajudar?
>>>>>>>>
>>>>>>>> [image: Sua Foto] <jlrs19833 em gmail.com>Jorge Luiz Rodrigues da
>>>>>>>> SilveiraPorto Alegre - RS | Mobile: (51) 9103-6319Veja minhas
>>>>>>>> redes sociais: <http://br.linkedin.com/in/josilveira>
>>>>>>>> <https://www.facebook.com/silveirajorge>
>>>>>>>> <https://twitter.com/silveirajorge>
>>>>>>>> <http://instagram.com/silveira_jorge>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> CentOS-pt-br mailing list
>>>>>>>> CentOS-pt-br em centos.org
>>>>>>>> http://lists.centos.org/mailman/listinfo/centos-pt-br
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> CentOS-pt-br mailing list
>>>>>>> CentOS-pt-br em centos.org
>>>>>>> http://lists.centos.org/mailman/listinfo/centos-pt-br
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> CentOS-pt-br mailing list
>>>>> CentOS-pt-br em centos.org
>>>>> http://lists.centos.org/mailman/listinfo/centos-pt-br
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> CentOS-pt-br mailing list
>>>> CentOS-pt-br em centos.org
>>>> http://lists.centos.org/mailman/listinfo/centos-pt-br
>>>>
>>>>
>>>
>>> _______________________________________________
>>> CentOS-pt-br mailing list
>>> CentOS-pt-br em centos.org
>>> http://lists.centos.org/mailman/listinfo/centos-pt-br
>>>
>>>
>>
>> _______________________________________________
>> CentOS-pt-br mailing list
>> CentOS-pt-br em centos.org
>> http://lists.centos.org/mailman/listinfo/centos-pt-br
>>
>>
>
> _______________________________________________
> CentOS-pt-br mailing list
> CentOS-pt-br em centos.org
> http://lists.centos.org/mailman/listinfo/centos-pt-br
>
>
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://lists.centos.org/pipermail/centos-pt-br/attachments/20150114/6efb7771/attachment.html>
Mais detalhes sobre a lista de discussão CentOS-pt-br