----- Original Message -----
Sent: Wednesday, November 01, 2006 3:53
PM
Subject: [slack-users] Iptables -
Firewall
Ola,
Aqui na empresa tenho um servidor de internet que roda squid, tenho que
criar um firewall com a politica padrão de fechar tudo e liberar somente as
portas que preciso:
- Proxy Squid
- POP/SMTP (E-mail): Servidor externo (tipo
locaweb)
- DNS
- SSH (Porta 10101)
Fiz o arquivo conforme abaixo, porem não funciona nada... o que posso
estar fazendo de errado? ou esta tudo errado?
Interface Externa: Eth0
Interface Interna: Eth1
Att,
Euzébio
#######################################
#!/bin/sh
iptables -F
iptables -X
iptables -F -t nat
iptables -X -t
nat
iptables -F -t mangle
iptables -X -t mangle
modprobe iptable_nat
modprobe ip_conntrack
modprobe
ip_nat_ftp
modprobe ipt_LOG
modprobe ipt_REJECT
modprobe
ipt_MASQUERADE
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -A POSTROUTING -t nat -o eth1 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT
--to-port 8080
# Liberacao de Portas
iptables -A INPUT -p TCP --dport 25 -j
ACCEPT # SMTP
iptables -A INPUT -p TCP --dport 110 -j ACCEPT
# POP
iptables -A INPUT -p TCP --dport 21 -j
ACCEPT # FTP
iptables -A INPUT -p TCP --dport 22 -j
ACCEPT # SSH
iptables -A INPUT -p TCP --dport 80 -j
ACCEPT # https
iptables -A INPUT -p TCP --dport 443 -j
ACCEPT # https
iptables -A INPUT -p TCP --dport 8080 -j
ACCEPT # squid
iptables -A INPUT -p TCP --dport 10101 -j
ACCEPT # ssh
iptables -A OUTPUT -p TCP --dport 25 -j ACCEPT #
SMTP
iptables -A OUTPUT -p TCP --dport 110 -j ACCEPT #
POP
iptables -A OUTPUT -p TCP --dport 21 -j ACCEPT #
FTP
iptables -A OUTPUT -p TCP --dport 22 -j ACCEPT #
SSH
iptables -A OUTPUT -p TCP --dport 80 -j ACCEPT #
https
iptables -A OUTPUT -p TCP --dport 443 -j ACCEPT #
https
iptables -A OUTPUT -p TCP --dport 8080 -j ACCEPT #
squid
iptables -A OUTPUT -p TCP --dport 10101 -j ACCEPT # ssh
iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport 25 -j ACCEPT #
SMTP
iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport 110 -j ACCEPT #
POP
iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport 21 -j ACCEPT #
FTP
iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport 22 -j ACCEPT #
SSH
iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport 80 -j ACCEPT #
https
iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport 443 -j ACCEPT #
https
iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport 8080 -j
ACCEPT # squid
iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport 10101
-j ACCEPT # ssh
iptables -A FORWARD -p TCP -s 0/0 --sport 25 -d 0/0 -j ACCEPT #
SMTP
iptables -A FORWARD -p TCP -s 0/0 --sport 110 -d 0/0 -j ACCEPT #
POP
iptables -A FORWARD -p TCP -s 0/0 --sport 21 -d 0/0 -j ACCEPT #
FTP
iptables -A FORWARD -p TCP -s 0/0 --sport 22 -d 0/0 -j ACCEPT #
SSH
iptables -A FORWARD -p TCP -s 0/0 --sport 80 -d 0/0 -j ACCEPT #
https
iptables -A FORWARD -p TCP -s 0/0 --sport 443 -d 0/0 -j ACCEPT #
https
iptables -A FORWARD -p TCP -s 0/0 --sport 8080 -d 0/0 -j
ACCEPT # squid
iptables -A FORWARD -p TCP -s 0/0 --sport 10101 -d 0/0
-j ACCEPT # ssh
iptables -P OUTPUT DROP
iptables -P INPUT DROP
Novidade no Yahoo! Mail: receba alertas de novas mensagens no seu celular. Registre
seu aparelho
agora!
--~--~---------~--~----~------------~-------~--~----~
--
GUS-BR - Grupo de Usuarios Slackware - BR
http://www.slackwarebrasil.org/
http://groups-beta.google.com/group/slack-users-br
Archives:
- http://www.mail-archive.com/[email protected]/
- http://news.gmane.org/gmane.org.user-groups.linux.brazil.slackware/
-~----------~----~----~----~------~----~------~--~---
