[slack-users] Re: ajuda com roteamento de 2 links

Jefferson Aranha Thu, 25 Sep 2008 10:10:41 -0700

Tu tens que habilitar o relay no postfix.

2008/9/24 Renato Rudnicki <[EMAIL PROTECTED]>


> Ola pessoal.
> Estou precisando de uma ajuda para adicionar mais um link na rede de um
> cliente. Eu ja consegui fazer a divisão dos links (usar um link para navegar
> e outro para mandar email). Porém, quando eu tento mandar email, o email é
> rejeitado (tanto ao tentar enviar, quanto ao tentar receber). Bom, vamos por
> partes. No meu caso, eu tenho um link dedicado da embratel, com ip fixo, que
> está funcionando sem problemas. Estou tentando adicionar um link da NET, com
> ip dinamico. A ideia, é usar o ip da embratel para enviar e receber emails,
> e o da NET, para a navegaçao...Ja consegui colocar o ip da Net e navegar com
> ele, porém, os emails não funcionam. Quando tento enviar um email, recebo a
> seguinte mensagem de erro:
>
> The Postfix program
>
> <[EMAIL PROTECTED]>: host gmail-smtp-in.l.google.com[72.14.247.27]
>     said: 550-5.7.1 [201.21.224.119] The IP you're using to send mail is
> not
>     authorized 550-5.7.1 to send email directly to our servers. Please use
> the
>     SMTP 550-5.7.1 relay at your service provider instead. Learn more at
>     550 5.7.1 http://mail.google.com/support/bin/answer.py?answer=10336
>     18si5430872agb.12 (in reply to end of DATA command)
>
>
> OBS: minha rede tem um firewall (iptables) e um proxy (squid) no mesmo
> servidor (ip 192.168.7.105). Também tem um servidor de emails, rodando
> postfix (ip 192.168.7.104).
>
> Abaixo estou colocando como esta meu firewall original.
>
> # Generated by iptables-save v1.3.8 on Tue Sep 23 10:44:22 2008
> *nat
> :PREROUTING ACCEPT [716473:54166331]
> :POSTROUTING ACCEPT [2413283:20526690499]
> :OUTPUT ACCEPT [2407842:20526743312]
> -A PREROUTING -p tcp -m tcp --dport 5900 -j DNAT --to-destination
> 192.168.7.201:5900
> -A PREROUTING -p tcp -m tcp --dport 5900 -j DNAT --to-destination
> 192.168.7.202:5900
> -A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 81 -j DNAT
> --to-destination 192.168.7.101:80
> -A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 1494 -j DNAT
> --to-destination 192.168.7.101
> -A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 1494 -j DNAT
> --to-destination 192.168.7.102
> -A PREROUTING -s 192.168.7.0/255.255.255.0 -d 192.168.7.105 -p tcp -m tcp
> --dport 25 -j DNAT --to-destination 192.168.7.104
> -A PREROUTING -s 192.168.7.0/255.255.255.0 -d 192.168.7.105 -p tcp -m tcp
> --dport 143 -j DNAT --to-destination 192.168.7.104
> -A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 25 -j DNAT
> --to-destination 192.168.7.104
> -A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 143 -j DNAT
> --to-destination 192.168.7.104
> -A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 80 -j DNAT
> --to-destination 192.168.7.104
> -A POSTROUTING -d 10.10.10.203 -j MASQUERADE
> -A POSTROUTING -d 192.168.7.123 -j MASQUERADE
> -A POSTROUTING -d 192.168.7.103 -j MASQUERADE
> -A POSTROUTING -d 192.168.7.107 -j MASQUERADE
> -A POSTROUTING -d 192.168.7.101 -j MASQUERADE
> -A POSTROUTING -s 192.168.7.0/255.255.255.0 -j MASQUERADE
> COMMIT
> # Completed on Tue Sep 23 10:44:22 2008
> # Generated by iptables-save v1.3.8 on Tue Sep 23 10:44:22 2008
> *filter
> :INPUT DROP [44194:5541262]
> :FORWARD DROP [47346:2309810]
> :OUTPUT ACCEPT [797688631:1063810322067]
> -A INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 389 -j ACCEPT
> -A INPUT -p udp -m udp --dport 53 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
> -A INPUT -s 200.213.200.200 -p tcp -m tcp --dport 22 -j ACCEPT
> -A INPUT -s 192.168.7.0/255.255.255.0 -j ACCEPT
> -A INPUT -s 192.168.7.0/255.255.255.0 -p tcp -m tcp --dport 22 -j ACCEPT
> -A INPUT -s 192.168.7.0/255.255.255.0 -p tcp -m tcp --dport 3128 -j ACCEPT
> -A INPUT -s 192.168.7.0/255.255.255.0 -p tcp -m tcp --dport 143 -j ACCEPT
> -A INPUT -s 192.168.7.0/255.255.255.0 -p tcp -m tcp --dport 110 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A INPUT -s 127.0.0.1 -j ACCEPT
> -A INPUT -s 192.168.7.105 -j ACCEPT
> -A INPUT -s 200.248.222.222 -j ACCEPT
> -A INPUT -s 192.168.7.107 -j ACCEPT
> -A FORWARD -s 192.168.7.25 -j ACCEPT
> -A FORWARD -s 192.168.7.176 -j ACCEPT
> -A FORWARD -s 192.168.7.170 -j ACCEPT
> -A FORWARD -s 192.168.7.23 -j ACCEPT
> -A FORWARD -s 192.168.7.92 -j ACCEPT
> -A FORWARD -s 192.168.7.27 -j ACCEPT
> -A FORWARD -s 192.168.7.42 -j ACCEPT
> -A FORWARD -s 192.168.7.30 -j ACCEPT
> -A FORWARD -s 192.168.7.30 -j ACCEPT
> -A FORWARD -s 192.168.7.40 -j ACCEPT
> -A FORWARD -s 192.168.7.146 -j ACCEPT
> -A FORWARD -s 192.168.7.27 -j ACCEPT
> -A FORWARD -s 192.168.7.2 -j ACCEPT
> -A FORWARD -s 192.168.7.38 -j ACCEPT
> -A FORWARD -s 192.168.7.207 -j ACCEPT
> -A FORWARD -s 192.168.7.239 -j ACCEPT
> -A FORWARD -s 192.168.7.43 -j ACCEPT
> -A FORWARD -s 192.168.7.94 -j ACCEPT
> -A FORWARD -p tcp -m tcp --dport 5017 -j ACCEPT
> -A FORWARD -s 192.168.7.29 -j ACCEPT
> -A FORWARD -s 192.168.7.35 -j ACCEPT
> -A FORWARD -s 192.168.7.34 -j ACCEPT
> -A FORWARD -s 192.168.7.33 -j ACCEPT
> -A FORWARD -s 192.168.7.9 -j ACCEPT
> -A FORWARD -s 192.168.7.31 -j ACCEPT
> -A FORWARD -s 192.168.7.108 -j ACCEPT
> -A FORWARD -s 192.168.7.29 -j ACCEPT
> -A FORWARD -s 192.168.7.27 -j ACCEPT
> -A FORWARD -s 192.168.7.26 -j ACCEPT
> -A FORWARD -s 192.168.7.99 -j ACCEPT
> -A FORWARD -s 192.168.7.2 -j ACCEPT
> -A FORWARD -s 192.168.7.2 -j ACCEPT
> -A FORWARD -s 192.168.7.94 -j ACCEPT
> -A FORWARD -s 192.168.7.53 -j ACCEPT
> -A FORWARD -s 192.168.7.6 -j ACCEPT
> -A FORWARD -s 10.10.10.203 -j ACCEPT
> -A FORWARD -d 10.10.10.203 -j ACCEPT
> -A FORWARD -s 192.168.7.68 -j ACCEPT
> -A FORWARD -s 192.168.7.25 -j ACCEPT
> -A FORWARD -s 192.168.7.26 -j ACCEPT
> -A FORWARD -s 192.168.7.66 -j ACCEPT
> -A FORWARD -s 192.168.7.100 -j ACCEPT
> -A FORWARD -s 192.168.7.101 -j ACCEPT
> -A FORWARD -d 192.168.7.101 -j ACCEPT
> -A FORWARD -d 192.168.7.102 -j ACCEPT
> -A FORWARD -s 192.168.7.102 -j ACCEPT
> -A FORWARD -s 192.168.7.104 -j ACCEPT
> -A FORWARD -d 192.168.7.104 -j ACCEPT
> -A FORWARD -s 192.168.7.105 -j ACCEPT
> -A FORWARD -s 192.168.7.123 -j ACCEPT
> -A FORWARD -s 192.168.7.200 -j ACCEPT
> -A FORWARD -s 192.168.7.254 -j ACCEPT
> -A FORWARD -d 64.4.4.4/255.255.0.0 -p tcp -m tcp --dport 80 -j ACCEPT
> -A FORWARD -d 200.201.211.211/255.255.0.0 -j ACCEPT
> -A FORWARD -p tcp -m tcp --dport 2631 -j ACCEPT
> -A FORWARD -p tcp -m tcp --dport 6901 -j ACCEPT
> -A FORWARD -p tcp -m tcp --dport 1024:65356 -j ACCEPT
> -A FORWARD -d 10.10.10.203 -j ACCEPT
> -A FORWARD -d 192.168.7.123 -j ACCEPT
> -A FORWARD -d 192.168.7.103 -j ACCEPT
> -A FORWARD -d 192.168.7.107 -j ACCEPT
> -A FORWARD -p tcp -m tcp --dport 3456 -j ACCEPT
> -A FORWARD -s 192.168.7.123 -p tcp -m tcp --dport 21 -j ACCEPT
> -A FORWARD -s 192.168.7.103 -p tcp -m tcp --dport 21 -j ACCEPT
> -A FORWARD -p tcp -m tcp --dport 1863 -j ACCEPT
> -A FORWARD -p udp -m udp --dport 53 -j ACCEPT
> -A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT
> -A FORWARD -p tcp -m tcp --dport 2500 -j ACCEPT
> -A FORWARD -p tcp -m tcp --dport 25 -j ACCEPT
> -A FORWARD -p tcp -m tcp --dport 110 -j ACCEPT
> -A FORWARD -p udp -m udp --dport 123 -j ACCEPT
> -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> COMMIT
> # Completed on Tue Sep 23 10:44:22 2008
>
>
> Abaixo, segue as modificações que eu fiz para adicionar o link da NET:
>
> IPTABLES - Tabela Mangle:
>
>
> *mangle
> :PREROUTING ACCEPT [3574:2011155]
> :INPUT ACCEPT [3373:1996429]
> :FORWARD ACCEPT [201:14726]
> :OUTPUT ACCEPT [3745:2112186]
> :POSTROUTING ACCEPT [3878:2123748]
> -A PREROUTING -i eth0 -p tcp -m tcp --dport 3128 -j MARK --set-mark 0x2
> -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j MARK --set-mark 0x2
> -A INPUT -p tcp -m tcp --dport 25 -j MARK --set-mark 0x3
> -A OUTPUT -d 192.168.7.104 -o eth0 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 80 -j MARK --set-mark 0x2
> -A OUTPUT -p tcp -m tcp --dport 443 -j MARK --set-mark 0x2
> -A OUTPUT -p tcp -m tcp --dport 25 -j MARK --set-mark 0x3
> COMMIT
>
> Tabela VLENTO:
>
> ip rule add fwmark 2 table main prio 20
> ip rule add fwmark 3 table vlento prio 20
> ip rule add from 200.248.222.222 table vlento
> ip rule add from 193.1.1.5 table vlento
> ip rule add from 193.1.1.6 table vlento
> ip rule add from 193.1.1.3 table vlento
> ip rule add from 193.1.1.13 table vlento
> ip route add default via 200.248.222.1 dev eth1 table vlento
> ip route flush cache
>
>
> Se alguem tiver alguma ideia de onde estou errando, eu agradeceria.
>
> --
> []'s, Renato
>
> http://www.renator.wordpress.com
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
GUS-BR - Grupo de Usuários de Slackware Brasil
http://www.slackwarebrasil.org/
http://groups.google.com/group/slack-users-br
-~----------~----~----~----~------~----~------~--~---

[slack-users] Re: ajuda com roteamento de 2 links

Responder a