Olá
Tenho a Simples configuração de iptables; # Tabela filter iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT # Tabela nat iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P OUTPUT ACCEPT iptables -t nat -P POSTROUTING ACCEPT # Tabela mangle iptables -t mangle -P INPUT ACCEPT iptables -t mangle -P PREROUTING ACCEPT iptables -t mangle -P FORWARD ACCEPT iptables -t mangle -P POSTROUTING ACCEPT iptables -t mangle -P OUTPUT ACCEPT # Habilitar IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_dynaddr #cria uma nova cadeia athinput iptables -N athin iptables -N athout echo "##########################Cadeia Filter#############################" #Aceita loopback iptables -A INPUT -i lo -j DROP #Cria uma cadeia para as conexões da interenet chamada athin iptables -A INPUT -i ath0 -j athin #Cria uma cadeia para as conexões de desntro para fora iptables -A OUTPUT -o ath0 -j athout #aceita a rede local iptables -A INPUT -i eth0 -j DROP #Tudo o resto é rejeitado e rejistado iptables -A INPUT -j DROP echo "##########################Cadeia FORWARD#############################" iptables -A FORWARD -j DROP echo "##########################Cadeia athin###############################" #Aceitas respostas de destino inatingível e ping com um limite de 2 por segundo iptables -A athin -p icmp --icmp-type 3 -m limit --limit 2/s -j ACCEPT iptables -A athin -m state --state INVALID -j DROP #Aceita conecções para o apache iptables -A athin -p tcp --dport 80 -j ULOG --ulog-prefix "FIREWALL: Apache" iptables -A athin -p tcp --dport 80 -j ACCEPT #Aceita serviço de HTML iptables -A athin -p tcp --sport 80: --dport 1024: -j ACCEPT #Resposta de DNS iptables -A athin -p udp --sport 53 --dport 1024: -j ACCEPT #rejeita tudo o resto iptables -A athin -j ULOG --ulog-nlgroup 1 --ulog-prefix "FIREWALL: Excluido" iptables -A athin -j DROP echo "##########################Cadeia OUT###############################" #Pedido de Serviço HTML iptables -A athout -p tcp --dport 80 -j ACCEPT #Pedido de Serviço DNS iptables -A athout -p udp --dport 53 -j ACCEPT #Tudo o resto Rejeitado iptables -A athout -j DROP echo "##########################Cadeia NAT###############################" # iptables -t nat -A PREROUTING -i eth0 -s 192.168.1.0/24 -j DNAT --to 200.200.217.40-200.200.217.50:1024:5000 # iptables -t nat -A PREROUTING -j DNAT -p udp --dport 53 -i eth0 --to-destination 195.22.0.136 # iptables -t nat -A PREROUTING -j DNAT -p tcp --dport 53 -i eth0 --to-destination 195.22.0.136 # # #iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o ath0 -j MASQUERADE # iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE exit 0 Mas se correr o nmap com as opções nmap -sT -F -P0 192.168.1.253 Devolve; Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-04-21 15:53 WEST Interesting ports on silvinosilva.no-ip.org (192.168.1.253): Not shown: 656 closed ports, 581 filtered ports PORT STATE SERVICE 80/tcp open http 6017/tcp open xmail-ctrl Nmap finished: 1 IP address (1 host up) scanned in 13.222 seconds Eu não autorizo no iptables 6017/tcp open xmail-ctrl :( Onde esta o meu erro ?
