[slack-users] Re: ajuda com roteamento de 2 links

Jairo Thu, 25 Sep 2008 21:37:00 -0700

segundo os log os e-mails n esta sendo enviado por causa do seu ip, n
estar na lista dos servers
tente habilitar o relay do postfix que possivelmente isso não irá
acontecer novamente.


Jairo CarneiroO\;


2008/9/25 Jefferson Aranha <[EMAIL PROTECTED]>:
> Tu tens que habilitar o relay no postfix.
>
> 2008/9/24 Renato Rudnicki <[EMAIL PROTECTED]>
>>
>> Ola pessoal.
>> Estou precisando de uma ajuda para adicionar mais um link na rede de um
>> cliente. Eu ja consegui fazer a divisão dos links (usar um link para navegar
>> e outro para mandar email). Porém, quando eu tento mandar email, o email é
>> rejeitado (tanto ao tentar enviar, quanto ao tentar receber). Bom, vamos por
>> partes. No meu caso, eu tenho um link dedicado da embratel, com ip fixo, que
>> está funcionando sem problemas. Estou tentando adicionar um link da NET, com
>> ip dinamico. A ideia, é usar o ip da embratel para enviar e receber emails,
>> e o da NET, para a navegaçao...Ja consegui colocar o ip da Net e navegar com
>> ele, porém, os emails não funcionam. Quando tento enviar um email, recebo a
>> seguinte mensagem de erro:
>>
>> The Postfix program
>>
>> <[EMAIL PROTECTED]>: host gmail-smtp-in.l.google.com[72.14.247.27]
>>     said: 550-5.7.1 [201.21.224.119] The IP you're using to send mail is
>> not
>>     authorized 550-5.7.1 to send email directly to our servers. Please use
>> the
>>     SMTP 550-5.7.1 relay at your service provider instead. Learn more at
>>     550 5.7.1 http://mail.google.com/support/bin/answer.py?answer=10336
>>     18si5430872agb.12 (in reply to end of DATA command)
>>
>>
>> OBS: minha rede tem um firewall (iptables) e um proxy (squid) no mesmo
>> servidor (ip 192.168.7.105). Também tem um servidor de emails, rodando
>> postfix (ip 192.168.7.104).
>>
>> Abaixo estou colocando como esta meu firewall original.
>>
>> # Generated by iptables-save v1.3.8 on Tue Sep 23 10:44:22 2008
>> *nat
>> :PREROUTING ACCEPT [716473:54166331]
>> :POSTROUTING ACCEPT [2413283:20526690499]
>> :OUTPUT ACCEPT [2407842:20526743312]
>> -A PREROUTING -p tcp -m tcp --dport 5900 -j DNAT --to-destination
>> 192.168.7.201:5900
>> -A PREROUTING -p tcp -m tcp --dport 5900 -j DNAT --to-destination
>> 192.168.7.202:5900
>> -A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 81 -j DNAT
>> --to-destination 192.168.7.101:80
>> -A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 1494 -j DNAT
>> --to-destination 192.168.7.101
>> -A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 1494 -j DNAT
>> --to-destination 192.168.7.102
>> -A PREROUTING -s 192.168.7.0/255.255.255.0 -d 192.168.7.105 -p tcp -m tcp
>> --dport 25 -j DNAT --to-destination 192.168.7.104
>> -A PREROUTING -s 192.168.7.0/255.255.255.0 -d 192.168.7.105 -p tcp -m tcp
>> --dport 143 -j DNAT --to-destination 192.168.7.104
>> -A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 25 -j DNAT
>> --to-destination 192.168.7.104
>> -A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 143 -j DNAT
>> --to-destination 192.168.7.104
>> -A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 80 -j DNAT
>> --to-destination 192.168.7.104
>> -A POSTROUTING -d 10.10.10.203 -j MASQUERADE
>> -A POSTROUTING -d 192.168.7.123 -j MASQUERADE
>> -A POSTROUTING -d 192.168.7.103 -j MASQUERADE
>> -A POSTROUTING -d 192.168.7.107 -j MASQUERADE
>> -A POSTROUTING -d 192.168.7.101 -j MASQUERADE
>> -A POSTROUTING -s 192.168.7.0/255.255.255.0 -j MASQUERADE
>> COMMIT
>> # Completed on Tue Sep 23 10:44:22 2008
>> # Generated by iptables-save v1.3.8 on Tue Sep 23 10:44:22 2008
>> *filter
>> :INPUT DROP [44194:5541262]
>> :FORWARD DROP [47346:2309810]
>> :OUTPUT ACCEPT [797688631:1063810322067]
>> -A INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
>> -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
>> -A INPUT -p tcp -m tcp --dport 389 -j ACCEPT
>> -A INPUT -p udp -m udp --dport 53 -j ACCEPT
>> -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
>> -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
>> -A INPUT -s 200.213.200.200 -p tcp -m tcp --dport 22 -j ACCEPT
>> -A INPUT -s 192.168.7.0/255.255.255.0 -j ACCEPT
>> -A INPUT -s 192.168.7.0/255.255.255.0 -p tcp -m tcp --dport 22 -j ACCEPT
>> -A INPUT -s 192.168.7.0/255.255.255.0 -p tcp -m tcp --dport 3128 -j ACCEPT
>> -A INPUT -s 192.168.7.0/255.255.255.0 -p tcp -m tcp --dport 143 -j ACCEPT
>> -A INPUT -s 192.168.7.0/255.255.255.0 -p tcp -m tcp --dport 110 -j ACCEPT
>> -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
>> -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
>> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>> -A INPUT -s 127.0.0.1 -j ACCEPT
>> -A INPUT -s 192.168.7.105 -j ACCEPT
>> -A INPUT -s 200.248.222.222 -j ACCEPT
>> -A INPUT -s 192.168.7.107 -j ACCEPT
>> -A FORWARD -s 192.168.7.25 -j ACCEPT
>> -A FORWARD -s 192.168.7.176 -j ACCEPT
>> -A FORWARD -s 192.168.7.170 -j ACCEPT
>> -A FORWARD -s 192.168.7.23 -j ACCEPT
>> -A FORWARD -s 192.168.7.92 -j ACCEPT
>> -A FORWARD -s 192.168.7.27 -j ACCEPT
>> -A FORWARD -s 192.168.7.42 -j ACCEPT
>> -A FORWARD -s 192.168.7.30 -j ACCEPT
>> -A FORWARD -s 192.168.7.30 -j ACCEPT
>> -A FORWARD -s 192.168.7.40 -j ACCEPT
>> -A FORWARD -s 192.168.7.146 -j ACCEPT
>> -A FORWARD -s 192.168.7.27 -j ACCEPT
>> -A FORWARD -s 192.168.7.2 -j ACCEPT
>> -A FORWARD -s 192.168.7.38 -j ACCEPT
>> -A FORWARD -s 192.168.7.207 -j ACCEPT
>> -A FORWARD -s 192.168.7.239 -j ACCEPT
>> -A FORWARD -s 192.168.7.43 -j ACCEPT
>> -A FORWARD -s 192.168.7.94 -j ACCEPT
>> -A FORWARD -p tcp -m tcp --dport 5017 -j ACCEPT
>> -A FORWARD -s 192.168.7.29 -j ACCEPT
>> -A FORWARD -s 192.168.7.35 -j ACCEPT
>> -A FORWARD -s 192.168.7.34 -j ACCEPT
>> -A FORWARD -s 192.168.7.33 -j ACCEPT
>> -A FORWARD -s 192.168.7.9 -j ACCEPT
>> -A FORWARD -s 192.168.7.31 -j ACCEPT
>> -A FORWARD -s 192.168.7.108 -j ACCEPT
>> -A FORWARD -s 192.168.7.29 -j ACCEPT
>> -A FORWARD -s 192.168.7.27 -j ACCEPT
>> -A FORWARD -s 192.168.7.26 -j ACCEPT
>> -A FORWARD -s 192.168.7.99 -j ACCEPT
>> -A FORWARD -s 192.168.7.2 -j ACCEPT
>> -A FORWARD -s 192.168.7.2 -j ACCEPT
>> -A FORWARD -s 192.168.7.94 -j ACCEPT
>> -A FORWARD -s 192.168.7.53 -j ACCEPT
>> -A FORWARD -s 192.168.7.6 -j ACCEPT
>> -A FORWARD -s 10.10.10.203 -j ACCEPT
>> -A FORWARD -d 10.10.10.203 -j ACCEPT
>> -A FORWARD -s 192.168.7.68 -j ACCEPT
>> -A FORWARD -s 192.168.7.25 -j ACCEPT
>> -A FORWARD -s 192.168.7.26 -j ACCEPT
>> -A FORWARD -s 192.168.7.66 -j ACCEPT
>> -A FORWARD -s 192.168.7.100 -j ACCEPT
>> -A FORWARD -s 192.168.7.101 -j ACCEPT
>> -A FORWARD -d 192.168.7.101 -j ACCEPT
>> -A FORWARD -d 192.168.7.102 -j ACCEPT
>> -A FORWARD -s 192.168.7.102 -j ACCEPT
>> -A FORWARD -s 192.168.7.104 -j ACCEPT
>> -A FORWARD -d 192.168.7.104 -j ACCEPT
>> -A FORWARD -s 192.168.7.105 -j ACCEPT
>> -A FORWARD -s 192.168.7.123 -j ACCEPT
>> -A FORWARD -s 192.168.7.200 -j ACCEPT
>> -A FORWARD -s 192.168.7.254 -j ACCEPT
>> -A FORWARD -d 64.4.4.4/255.255.0.0 -p tcp -m tcp --dport 80 -j ACCEPT
>> -A FORWARD -d 200.201.211.211/255.255.0.0 -j ACCEPT
>> -A FORWARD -p tcp -m tcp --dport 2631 -j ACCEPT
>> -A FORWARD -p tcp -m tcp --dport 6901 -j ACCEPT
>> -A FORWARD -p tcp -m tcp --dport 1024:65356 -j ACCEPT
>> -A FORWARD -d 10.10.10.203 -j ACCEPT
>> -A FORWARD -d 192.168.7.123 -j ACCEPT
>> -A FORWARD -d 192.168.7.103 -j ACCEPT
>> -A FORWARD -d 192.168.7.107 -j ACCEPT
>> -A FORWARD -p tcp -m tcp --dport 3456 -j ACCEPT
>> -A FORWARD -s 192.168.7.123 -p tcp -m tcp --dport 21 -j ACCEPT
>> -A FORWARD -s 192.168.7.103 -p tcp -m tcp --dport 21 -j ACCEPT
>> -A FORWARD -p tcp -m tcp --dport 1863 -j ACCEPT
>> -A FORWARD -p udp -m udp --dport 53 -j ACCEPT
>> -A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT
>> -A FORWARD -p tcp -m tcp --dport 2500 -j ACCEPT
>> -A FORWARD -p tcp -m tcp --dport 25 -j ACCEPT
>> -A FORWARD -p tcp -m tcp --dport 110 -j ACCEPT
>> -A FORWARD -p udp -m udp --dport 123 -j ACCEPT
>> -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
>> COMMIT
>> # Completed on Tue Sep 23 10:44:22 2008
>>
>>
>> Abaixo, segue as modificações que eu fiz para adicionar o link da NET:
>>
>> IPTABLES - Tabela Mangle:
>>
>>
>> *mangle
>> :PREROUTING ACCEPT [3574:2011155]
>> :INPUT ACCEPT [3373:1996429]
>> :FORWARD ACCEPT [201:14726]
>> :OUTPUT ACCEPT [3745:2112186]
>> :POSTROUTING ACCEPT [3878:2123748]
>> -A PREROUTING -i eth0 -p tcp -m tcp --dport 3128 -j MARK --set-mark 0x2
>> -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j MARK --set-mark 0x2
>> -A INPUT -p tcp -m tcp --dport 25 -j MARK --set-mark 0x3
>> -A OUTPUT -d 192.168.7.104 -o eth0 -p tcp -m tcp --dport 25 -j ACCEPT
>> -A OUTPUT -p tcp -m tcp --dport 80 -j MARK --set-mark 0x2
>> -A OUTPUT -p tcp -m tcp --dport 443 -j MARK --set-mark 0x2
>> -A OUTPUT -p tcp -m tcp --dport 25 -j MARK --set-mark 0x3
>> COMMIT
>>
>> Tabela VLENTO:
>>
>> ip rule add fwmark 2 table main prio 20
>> ip rule add fwmark 3 table vlento prio 20
>> ip rule add from 200.248.222.222 table vlento
>> ip rule add from 193.1.1.5 table vlento
>> ip rule add from 193.1.1.6 table vlento
>> ip rule add from 193.1.1.3 table vlento
>> ip rule add from 193.1.1.13 table vlento
>> ip route add default via 200.248.222.1 dev eth1 table vlento
>> ip route flush cache
>>
>>
>> Se alguem tiver alguma ideia de onde estou errando, eu agradeceria.
>>
>> --
>> []'s, Renato
>>
>> http://www.renator.wordpress.com
>>
>>
>
>
> >
>



-- 
    _
   °v°
 / (_) \
  ^ ^      Jairo Carneiro.
msn: [EMAIL PROTECTED]
GoogleTalk: [EMAIL PROTECTED]
skype: jairo-jr

--~--~---------~--~----~------------~-------~--~----~
GUS-BR - Grupo de Usuários de Slackware Brasil
http://www.slackwarebrasil.org/
http://groups.google.com/group/slack-users-br
-~----------~----~----~----~------~----~------~--~---

[slack-users] Re: ajuda com roteamento de 2 links

Responder a