(linux-br) =?iso-8859-1?q?usu=E1rios_n=E3o_passam_pelo_proxy_parte_2?=

Tue, 04 May 2004 11:47:28 -0700 

Ol�
Fiz uma regra no meu firewall para que
todos os usuarios passem pelo proxy,
mas alguns n�o est�o passando.. a
regra que eu fiz � essa. Acontece tb
que quando tira o proxy do navegador o
usu�rio navega normal e tb acessas os
sites restritos...
Segue meu firewall para vcs darem uma
olhada.
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A FORWARD -i $IFADM -o
$IFFAB -j ACCEPT
iptables -A FORWARD -i $IFFAB -o
$IFADM -j ACCEPT
iptables -A FORWARD -i $IFEXT -o
$IFFAB -j ACCEPT
iptables -A FORWARD -i $IFEXT -o
$IFADM -j ACCEPT
iptables -A FORWARD -i $IFADM -o
$IFEXT -p tcp --dport 20 -j ACCEPT
iptables -A FORWARD -i $IFADM -o
$IFEXT -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -i $IFADM -o
$IFEXT -p tcp --dport 22 -j ACCEPT
iptables -A FORWARD -i $IFADM -o
$IFEXT -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -i $IFADM -o
$IFEXT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -i $IFEXT -p tcp
--dport 3128 -j ACCEPT
iptables -A INPUT -i $IFEXT -p tcp
--dport 80 -j ACCEPT
iptables -A FORWARD -i $IFADM -o
$IFEXT -p tcp --dport 8017 -j ACCEPT
iptables -A FORWARD -i $IFADM -o
$IFEXT -p tcp --dport 27000 -j ACCEPT
iptables -A FORWARD -i $IFADM -o
$IFEXT -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -i $IFADM -o
$IFEXT -p tcp --dport 995 -j ACCEPT
iptables -A FORWARD -i $IFADM -o
$IFEXT -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -i $IFADM -o
$IFEXT -p tcp --dport 553 -j ACCEPT
iptables -A FORWARD -i $IFADM -o
$IFEXT -p tcp --dport 3306 -j ACCEPT
iptables -A FORWARD -i $IFADM -o
$IFEXT -p tcp --dport 5432 -j ACCEPT
iptables -A FORWARD -i $IFFAB -o
$IFEXT -p tcp --dport 20 -j ACCEPT
iptables -A FORWARD -i $IFFAB -o
$IFEXT -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -i $IFFAB -o
$IFEXT -p tcp --dport 22 -j ACCEPT
iptables -A FORWARD -i $IFFAB -o
$IFEXT -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -i $IFFAB -o
$IFEXT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -i $IFEXT -p tcp
--dport 3128 -j ACCEPT
iptables -A INPUT -i $IFEXT -p tcp
--dport 80 -j ACCEPT
iptables -A FORWARD -i $IFFAB -o
$IFEXT -p tcp --dport 8017 -j ACCEPT
iptables -A FORWARD -i $IFFAB -o
$IFEXT -p tcp --dport 27000 -j ACCEPT
iptables -A FORWARD -i $IFFAB -o
$IFEXT -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -i $IFFAB -o
$IFEXT -p tcp --dport 995 -j ACCEPT
iptables -A FORWARD -i $IFFAB -o
$IFEXT -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -i $IFFAB -o
$IFEXT -p tcp --dport 553 -j ACCEPT
iptables -A FORWARD -i $IFFAB -o
$IFEXT -p tcp --dport 3306 -j ACCEPT
iptables -A FORWARD -i $IFFAB -o
$IFEXT -p tcp --dport 5432 -j ACCEPT
iptables -A INPUT -i $IFEXT -s $LOOP
-j DROP
iptables -A FORWARD -i $IFEXT -s $LOOP
-j DROP
iptables -A INPUT -i $IFEXT -d $LOOP
-j DROP
iptables -A FORWARD -i $IFEXT -d $LOOP
-j DROP
iptables -A FORWARD -i $IFEXT -s
192.168.0.0/16 -j DROP
iptables -A FORWARD -i $IFEXT -s
172.16.0.0/12 -j DROP
iptables -A FORWARD -i $IFEXT -s
10.0.0.0/8 -j DROP
iptables -A INPUT -i $IFEXT -s
192.168.0.0/16 -j DROP
iptables -A INPUT -i $IFEXT -s
172.16.0.0/12 -j DROP
iptables -A INPUT -i $IFEXT -s
10.0.0.0/8 -j DROP
iptables -A FORWARD -s !
192.168.0.0/16 -i eth1 -j DROP
iptables -A FORWARD -s !
192.168.0.0/16 -i eth2 -j DROP
iptables -A INPUT -s $LOOP -j ACCEPT
iptables -A INPUT -d $LOOP -j ACCEPT
iptables -A INPUT -m state --state
RELATED,ESTABLISHED -j )
iptables -A INPUT -p icmp --icmp-type
echo-request -j ACCEPT
iptables -A FORWARD -p icmp
--icmp-type echo-request -m limit
--limit 1/s -j ACCEPT
iptables -A FORWARD -m unclean -j DROP
iptables -A INPUT -p tcp -i $IFEXT
--dport 1723 -j ACCEPT
iptables -A INPUT -p tcp -i $IFEXT
--dport 47 -j ACCEPT
iptables -A FORWARD -p tcp --dport
1723 -j ACCEPT
iptables -A FORWARD -p tcp --dport 47
-j ACCEPT
iptables -A INPUT -p tcp -i $IFEXT
--dport 1512 -j ACCEPT
iptables -A INPUT -p udp -i $IFEXT
--dport 1512 -j ACCEPT
iptables -A FORWARD -p all -i $IFEXT
-o $IFFAB --dport 1512 -j ACCEPT
iptables -A FORWARD -p all -i $IFEXT
-o $IFADM --dport 1512 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j
ACCEPT
iptables -A INPUT -p udp --dport 53 -j
ACCEPT
iptables -A FORWARD -p tcp --dport 53
-j ACCEPT
iptables -A FORWARD -p udp --dport 53
-j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j
ACCEPT
iptables -A FORWARD -p tcp --dport 22
-j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j
ACCEPT
iptables -A INPUT -p tcp --dport 443
-j ACCEPT
iptables -A INPUT -p tcp --dport 553
-j ACCEPT
iptables -A FORWARD -p tcp --dport 80
-j ACCEPT
iptables -A FORWARD -p tcp --dport 443
-j ACCEPT
iptables -A FORWARD -p tcp --dport 553
-j ACCEPT
iptables -A INPUT -p tcp --dport 110
-j ACCEPT
iptables -A INPUT -p tcp --dport 995
-j ACCEPT
iptables -A INPUT -p udp --dport 995
-j ACCEPT
iptables -A FORWARD -p tcp --dport 110
-j ACCEPT
iptables -A FORWARD -p tcp --dport 995
-j ACCEPT
iptables -A FORWARD -p udp --dport 995
-j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j
ACCEPT
iptables -A FORWARD -p tcp --dport 25
-j ACCEPT
iptables -A FORWARD -p tcp -s $REDEFAB
--dport 3128 -j ACCEPT
iptables -A FORWARD -p tcp -s $REDEADM
--dport 3128 -j ACCEPT
iptables -A FORWARD -p tcp -s $REDEFAB
--dport 67 -j ACCEPT
iptables -A FORWARD -p tcp -s $REDEADM
--dport 67 -j ACCEPT
iptables -A FORWARD -p udp -s $REDEFAB
--dport 67 -j ACCEPT
iptables -A FORWARD -p udp -s $REDEADM
--dport 67 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080
-j ACCEPT
iptables -A FORWARD -p tcp --dport
8080 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 8080
-j ACCEPT
iptables -A INPUT -p udp --dport 8080
-j ACCEPT
iptables -A FORWARD -p udp --dport
8080 -j ACCEPT
iptables -A OUTPUT -p udp --dport 8080
-j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A INPUT -i eth2 -j ACCEPT
iptables -A FORWARD -i eth2 -j ACCEPT
iptables -A OUTPUT -m state --state
NEW -o $IFEXT -j ACCEPT
iptables -A OUTPUT -m state --state
NEW -o eth1 -j ACCEPT
iptables -A OUTPUT -m state --state
NEW -o eth2 -j ACCEPT
iptables -A INPUT -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state
NEW -o $IFEXT -j ACCEPT
iptables -A FORWARD -m state --state
NEW -o eth1 -j ACCEPT
iptables -A FORWARD -m state --state
NEW -o eth2 -j ACCEPT
iptables -A FORWARD -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -s
$REDEADM -o $IFEXT -j MASQUERADE
iptables -t nat -A POSTROUTING -s
$REDEFAB -o $IFEXT -j MASQUERADE
iptables -t nat -A PREROUTING  -p tcp
--dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING  -p udp
--dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING  -p tcp
--dport 80 -j DNAT --to-destination
192.168.1.10:3128


---
Acabe com aquelas janelinhas que pulam na sua tela.
AntiPop-up UOL - � gr�tis!
http://antipopup.uol.com.br

---------------------------------------------------------------------------
Esta lista � patrocinada pela Conectiva S.A. Visite http://www.conectiva.com.br

Arquivo: http://bazar2.conectiva.com.br/mailman/listinfo/linux-br
Regras de utiliza��o da lista: http://linux-br.conectiva.com.br
FAQ: http://www.zago.eti.br/menu.html

Responder a