tente utilizar o seguinte (pode ser que resolva)
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT
--to-destination ip_do_servidor:8080
iptables -t nat -A PREROUTING -p tcp --dport 80 -s sua_classe_IP -j
DNAT --to-destination ip_do_servidor:8080
--------------------------------------
Ânderson P. R. Rodrigues _
Linux User: #360179 °v°
[EMAIL PROTECTED] /(_)\
UnC - Concórdia ^ ^
--------------------------------------
"Feliz aquele que transfere o que sabe
e aprende o que ensina."
(Cora Coralina)
Euzebio Mattos escreveu:
> A Porta realmente nao eh a padrao, mas utilizei essa.
> Ja esta alterada no squid.conf. Sera que alguem
> conseguiria me ajudar nesse firewall? soh preciso que
> ele libere o que esta descrito mais abaixo.
>
> Abs
>
> --- Antonio Carlos <[EMAIL PROTECTED]>
> escreveu:
>
>
>> a porta do squid não estaria errada ? 8080 não é a
>> padrao.
>> ----- Original Message -----
>> From: Euzebio Mattos
>> To: [email protected]
>> Sent: Wednesday, November 01, 2006 3:53 PM
>> Subject: [slack-users] Iptables - Firewall
>>
>>
>> Ola,
>> Aqui na empresa tenho um servidor de internet que
>> roda squid, tenho que criar um firewall com a
>> politica padrão de fechar tudo e liberar somente as
>> portas que preciso:
>> - Proxy Squid
>> - POP/SMTP (E-mail): Servidor externo (tipo
>> locaweb)
>> - DNS
>> - SSH (Porta 10101)
>> Fiz o arquivo conforme abaixo, porem não funciona
>> nada... o que posso estar fazendo de errado? ou esta
>> tudo errado?
>> Interface Externa: Eth0
>> Interface Interna: Eth1
>> Att,
>> Euzébio
>> #######################################
>> #!/bin/sh
>>
>> iptables -F
>> iptables -X
>> iptables -F -t nat
>> iptables -X -t nat
>> iptables -F -t mangle
>> iptables -X -t mangle
>> modprobe iptable_nat
>> modprobe ip_conntrack
>> modprobe ip_nat_ftp
>> modprobe ipt_LOG
>> modprobe ipt_REJECT
>> modprobe ipt_MASQUERADE
>>
>> echo "1" > /proc/sys/net/ipv4/ip_forward
>> iptables -A POSTROUTING -t nat -o eth1 -j
>> MASQUERADE
>> iptables -t nat -A PREROUTING -i eth1 -p tcp
>> --dport 80 -j REDIRECT --to-port 8080
>>
>> # Liberacao de Portas
>> iptables -A INPUT -p TCP --dport 25 -j ACCEPT #
>> SMTP
>> iptables -A INPUT -p TCP --dport 110 -j ACCEPT #
>> POP
>> iptables -A INPUT -p TCP --dport 21 -j ACCEPT #
>> FTP
>> iptables -A INPUT -p TCP --dport 22 -j ACCEPT #
>> SSH
>> iptables -A INPUT -p TCP --dport 80 -j ACCEPT #
>> https
>> iptables -A INPUT -p TCP --dport 443 -j ACCEPT #
>> https
>> iptables -A INPUT -p TCP --dport 8080 -j ACCEPT #
>> squid
>> iptables -A INPUT -p TCP --dport 10101 -j ACCEPT #
>> ssh
>> iptables -A OUTPUT -p TCP --dport 25 -j ACCEPT #
>> SMTP
>> iptables -A OUTPUT -p TCP --dport 110 -j ACCEPT #
>> POP
>> iptables -A OUTPUT -p TCP --dport 21 -j ACCEPT #
>> FTP
>> iptables -A OUTPUT -p TCP --dport 22 -j ACCEPT #
>> SSH
>> iptables -A OUTPUT -p TCP --dport 80 -j ACCEPT #
>> https
>> iptables -A OUTPUT -p TCP --dport 443 -j ACCEPT #
>> https
>> iptables -A OUTPUT -p TCP --dport 8080 -j ACCEPT #
>> squid
>> iptables -A OUTPUT -p TCP --dport 10101 -j ACCEPT
>> # ssh
>> iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport
>> 25 -j ACCEPT # SMTP
>> iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport
>> 110 -j ACCEPT # POP
>> iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport
>> 21 -j ACCEPT # FTP
>> iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport
>> 22 -j ACCEPT # SSH
>> iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport
>> 80 -j ACCEPT # https
>> iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport
>> 443 -j ACCEPT # https
>> iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport
>> 8080 -j ACCEPT # squid
>> iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport
>> 10101 -j ACCEPT # ssh
>> iptables -A FORWARD -p TCP -s 0/0 --sport 25 -d
>> 0/0 -j ACCEPT # SMTP
>> iptables -A FORWARD -p TCP -s 0/0 --sport 110 -d
>> 0/0 -j ACCEPT # POP
>> iptables -A FORWARD -p TCP -s 0/0 --sport 21 -d
>> 0/0 -j ACCEPT # FTP
>> iptables -A FORWARD -p TCP -s 0/0 --sport 22 -d
>> 0/0 -j ACCEPT # SSH
>> iptables -A FORWARD -p TCP -s 0/0 --sport 80 -d
>> 0/0 -j ACCEPT # https
>> iptables -A FORWARD -p TCP -s 0/0 --sport 443 -d
>> 0/0 -j ACCEPT # https
>> iptables -A FORWARD -p TCP -s 0/0 --sport 8080 -d
>> 0/0 -j ACCEPT # squid
>> iptables -A FORWARD -p TCP -s 0/0 --sport 10101 -d
>> 0/0 -j ACCEPT # ssh
>>
>> iptables -P OUTPUT DROP
>> iptables -P INPUT DROP
>>
>>
>>
>>
>>
> ------------------------------------------------------------------------------
>
>> Novidade no Yahoo! Mail: receba alertas de novas
>> mensagens no seu celular. Registre seu aparelho
>> agora!
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>
>
>
>
>
> _______________________________________________________
> Você quer respostas para suas perguntas? Ou você sabe muito e quer
> compartilhar seu conhecimento? Experimente o Yahoo! Respostas !
> http://br.answers.yahoo.com/
>
> --~--~---------~--~----~------------~-------~--~----~
>
--~--~---------~--~----~------------~-------~--~----~
--
GUS-BR - Grupo de Usuarios Slackware - BR
http://www.slackwarebrasil.org/
http://groups-beta.google.com/group/slack-users-br
Archives:
- http://www.mail-archive.com/[email protected]/
- http://news.gmane.org/gmane.org.user-groups.linux.brazil.slackware/
-~----------~----~----~----~------~----~------~--~---
