[Ubuntu-BR] ftp

Paulo Tue, 28 Apr 2009 13:35:17 -0700

Boa tarde
Tenho sevidor linux ubuntu como firewall
minhas estação não consegue fazer ftp através do internet explorer como 
ftp.datahelp.com.br, coloco login e senha ele dar time out


segue em anexo minha regra do firewall e squid

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl rede_local src 192.168.0.0/24
acl sites_negados url_regex -i "/etc/squid/blacklist_squid"
acl sites_liberados url_regex -i "/etc/squid/sites_liberados.txt"
acl ip_liberados               arp "/etc/squid/total_acesso.txt"
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443          # https
acl SSL_ports port 563          # snews
acl SSL_ports port 873          # rsync
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 631         # cups
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow ip_liberados all
http_access allow rede_local all
http_access deny to_localhost
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid
error_directory /usr/share/squid/errors/Portuguese

#!/bin/bash
echo "##################################################"
echo "#### Firewall Feito por data.      ###"
echo "#### Dia 24/04/2009                            ###"   
echo "#### Contato:[email protected]        ###"
echo "##################################################"

IPT="/sbin/iptables"

IFACE_LOCAL="eth1" 
IFACE_INET="eth0"



function zera_tabelas()
{
        for tb in filter nat mangle
        do
                $IPT -t $tb -F
        done
}

$IPT -P INPUT   DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT  ACCEPT

zera_tabelas 

echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -A INPUT -p TCP --dport 22 --sport 1024: -j ACCEPT
iptables -A INPUT -p TCP --dport 1024: --sport 22 -j ACCEPT
$IPT -A INPUT -p ALL -i lo -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type 8  -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type 0  -j ACCEPT
$IPT -A FORWARD -p icmp --icmp-type 8  -j ACCEPT
$IPT -A FORWARD -p icmp --icmp-type 0  -j ACCEPT






#Liberando portas locais 
PORTAS_TCP_IN="20 21 53 1434 80 443 3128"
for PT_TCP in $PORTAS_TCP_IN
do
        $IPT -A INPUT -p TCP  --dport $PT_TCP --sport 1024:    -j ACCEPT
        $IPT -A INPUT -p TCP --dport 1024:   --sport $PT_TCP  -j ACCEPT
done

PORTAS_UDP_IN="20 21 53 443 "
for PT_TCP in $PORTAS_UDP_IN
do
        $IPT -A INPUT -p UDP  --dport $PT_TCP --sport 1024:    -j ACCEPT
        $IPT -A INPUT -p UDP  --dport 1024:   --sport $PT_TCP  -j ACCEPT
done


# Liberando porta para Forward

PORTAS_TCP="20 21 22 1433 23 25 443 53 80 110 2631 3389 61639"
for PT_TCP in $PORTAS_TCP
do
        $IPT -A FORWARD -p TCP  --dport $PT_TCP --sport 1024:    -j ACCEPT
        $IPT -A FORWARD -p TCP  --dport 1024:   --sport $PT_TCP  -j ACCEPT
done


PORTAS_UDP="20 21 25 53 110"
for PT_UDP in $PORTAS_UDP
do
        $IPT -A FORWARD -p UDP  --dport $PT_UDP --sport 1024:    -j ACCEPT
        $IPT -A FORWARD -p UDP  --dport 1024:   --sport $PT_UDP  -j ACCEPT
done

# Redirecionamento de portas 
$IPT -t nat  -A PREROUTING  -p TCP -s 0/0 -i $IFACE_INET --dport 3389 -j DNAT 
--to-destination 192.168.0.254:3389

$IPT -t nat -A POSTROUTING -o $IFACE_INET -s 192.168.0.0/24 -j MASQUERADE

$IPT -t nat -A PREROUTING -p TCP -i $IFACE_LOCAL -d ! 200.201.0.0/16 --dport 80 
-j REDIRECT --to-ports 3128

-- 
Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/comece

Lista de discussão Ubuntu Brasil
Histórico, descadastramento e outras opções:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-br

[Ubuntu-BR] ftp

Responder a