Voltando ao meu post anterior
como falei quando conecto atraves do ftp pelo dos dos computadores, ele conecta
na boa ate consigo listar os arquivos
agora quando conecto atraves do gerenciador de ftp ou pagina no iexplorer , ele
pede senha e depois time out
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl rede_local src 192.168.0.0/24
acl sites_negados url_regex -i "/etc/squid/blacklist_squid"
acl sites_liberados url_regex -i "/etc/squid/sites_liberados.txt"
acl ip_liberados arp "/etc/squid/total_acesso.txt"
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow ip_liberados all
http_access allow rede_local all
http_access deny to_localhost
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid
error_directory /usr/share/squid/errors/Portuguese
#!/bin/bash
echo "##################################################"
echo "#### Firewall Feito por data. ###"
echo "#### Dia 24/04/2009 ###"
echo "#### Contato:[email protected] ###"
echo "##################################################"
IPT="/sbin/iptables"
IFACE_LOCAL="eth1"
IFACE_INET="eth0"
function zera_tabelas()
{
for tb in filter nat mangle
do
$IPT -t $tb -F
done
}
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
zera_tabelas
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -p TCP --dport 22 --sport 1024: -j ACCEPT
iptables -A INPUT -p TCP --dport 1024: --sport 22 -j ACCEPT
$IPT -A INPUT -p ALL -i lo -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type 0 -j ACCEPT
$IPT -A FORWARD -p icmp --icmp-type 8 -j ACCEPT
$IPT -A FORWARD -p icmp --icmp-type 0 -j ACCEPT
#Liberando portas locais
PORTAS_TCP_IN="20 21 53 1434 80 443 3128"
for PT_TCP in $PORTAS_TCP_IN
do
$IPT -A INPUT -p TCP --dport $PT_TCP --sport 1024: -j ACCEPT
$IPT -A INPUT -p TCP --dport 1024: --sport $PT_TCP -j ACCEPT
done
PORTAS_UDP_IN="20 21 53 443 "
for PT_TCP in $PORTAS_UDP_IN
do
$IPT -A INPUT -p UDP --dport $PT_TCP --sport 1024: -j ACCEPT
$IPT -A INPUT -p UDP --dport 1024: --sport $PT_TCP -j ACCEPT
done
# Liberando porta para Forward
PORTAS_TCP="20 21 22 1433 23 25 443 53 80 110 2631 3389 61639"
for PT_TCP in $PORTAS_TCP
do
$IPT -A FORWARD -p TCP --dport $PT_TCP --sport 1024: -j ACCEPT
$IPT -A FORWARD -p TCP --dport 1024: --sport $PT_TCP -j ACCEPT
done
PORTAS_UDP="20 21 25 53 110"
for PT_UDP in $PORTAS_UDP
do
$IPT -A FORWARD -p UDP --dport $PT_UDP --sport 1024: -j ACCEPT
$IPT -A FORWARD -p UDP --dport 1024: --sport $PT_UDP -j ACCEPT
done
# Redirecionamento de portas
$IPT -t nat -A PREROUTING -p TCP -s 0/0 -i $IFACE_INET --dport 3389 -j DNAT
--to-destination 192.168.0.254:3389
$IPT -t nat -A POSTROUTING -o $IFACE_INET -s 192.168.0.0/24 -j MASQUERADE
$IPT -t nat -A PREROUTING -p TCP -i $IFACE_LOCAL -d ! 200.201.0.0/16 --dport 80
-j REDIRECT --to-ports 3128
--
Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/comece
Lista de discussão Ubuntu Brasil
Histórico, descadastramento e outras opções:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-br
