(linux-br) =?iso-8859-1?q?rodo_o_script_do_iptables=2C_mas_minha_r?= =?iso-8859-1?q?ede_interna_n=E3o_acessa_o_samba_mais=2E=2E=2E?=

Sat, 28 Feb 2004 11:05:43 -0800 

Ol�!
Algu�m me ajuda... eu consegui fazer funcionar o outlook atr�ves do
iptables... eu fiz um script, blz... s� que minha rede interna n�o acessa
mais o smb... segue abaixo o script, por favor... oq est� errado? Oq devo
acrescentar?
Muito obrigado,
Rafael.

Segue abaixo o script:
#!/bin/sh
#
#
# # fev/2004
############################################################################
##
############################################################################
#####
#Carga dos M�dulos necess�rios
#
#/sbin/depmod -a
#/sbin/modprobe ip_tables
#/sbin/modporbe ip_conntrack
#/sbin/modprobe iptable_filter
#/sbin/modprobe iptable_mangle
#/sbin/modprobe iptable_nat
#/sbin/modprobe ipt_LOG
#/sbin/modprobe ipt_limit
#/sbin/modprobe ipt_state
#/sbin/modprobe ipt_owner
#/sbin/modprobe ipt_REJECT
#/sbin/modprobe ipt_MASQUERADE
#/sbin/modprobe ipt_conntrack_ftp
#/sbin/modprobe ipt_conntrack_irc
#
############################################################################
##############
# Flush
/usr/sbin/iptables -F
/usr/sbin/iptables -Z
/usr/sbin/iptables -X
/usr/sbin/iptables -t nat -F

# Regras
/usr/sbin/iptables -P INPUT DROP
/usr/sbin/iptables -P FORWARD DROP
/usr/sbin/iptables -P OUTPUT ACCEPT

#
# Habilitando roteamento...
#
echo "1" > /proc/sys/net/ipv4/ip_forward
#
# Agora uma regra que toda a conex�o estabilizada ou relacionada com meu
# firewall deve ser mantinda e n�o analizada pelas proximas regras
/usr/sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Libera as portas dos DNS para meu Firewall
/usr/sbin/iptables -A INPUT -p udp -s 200.204.0.10 --sport 53 -j ACCEPT
/usr/sbin/iptables -A INPUT -p udp -s 200.204.0.138 --sport 53 -j ACCEPT

# Acesso ao Squid
/usr/sbin/iptables -A INPUT -p TCP -i eth1 -s 192.168.1.0/24 --dport
3128 -j ACCEPT

# Libera resposta de servidores www para meu squid
/usr/sbin/iptables -A INPUT -p TCP -i eth1 --sport 80 -j ACCEPT
/usr/sbin/iptables -A INPUT -p TCP -i eth1 --sport 443 -j ACCEPT
/usr/sbin/iptables -A INPUT -p TCP -i eth1 --sport 20 -j ACCEPT
/usr/sbin/iptables -A INPUT -p UDP -i eth1 --sport 21 -j ACCEPT


# FORWARD
#/usr/sbin/iptables -A FORWARD -m state --state INVALID -j DROP
/usr/sbin/iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

# OUTLOOK
/usr/sbin/iptables -A FORWARD -p udp -s 192.168.1.0/24 -d 200.204.0.10
--dport 53 -j ACCEPT
/usr/sbin/iptables -A FORWARD -p udp -s 192.168.1.0/24 -d 200.204.0.138
--dport 53 -j ACCEPT
/usr/sbin/iptables -A FORWARD -p udp -s 200.204.0.10 --sport 53 -d
192.168.1.0/24 -j ACCEPT
/usr/sbin/iptables -A FORWARD -p udp -s 200.204.0.138 --sport 53 -d
192.168.1.0/24 -j ACCEPT

# Liberar portas para minha rede interna acessar servidores externos
/usr/sbin/iptables -A FORWARD -p TCP -s 192.168.1.0/24 --dport 25 -j ACCEPT
/usr/sbin/iptables -A FORWARD -p TCP -s 192.168.1.0/24 --dport 110 -j ACCEPT

/usr/sbin/iptables -A FORWARD -p tcp --sport 25 -j ACCEPT
/usr/sbin/iptables -A FORWARD -p tcp --sport 110 -j ACCEPT

# masquerade
/usr/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE -o ppp0
##
#
############################################################################
################

---------------------------------------------------------------------------
Esta lista � patrocinada pela Conectiva S.A. Visite http://www.conectiva.com.br

Arquivo: http://bazar2.conectiva.com.br/mailman/listinfo/linux-br
Regras de utiliza��o da lista: http://linux-br.conectiva.com.br
FAQ: http://www.zago.eti.br/menu.html

Responder a