Preciso de ajuda com meu firewall

marcelomiguel
(usa Debian)

Enviado em 09/09/2013 - 10:33h

Não sei se está configurado corretamente, mas está bloqueando a porta 8080


root@esafw:/etc/init.d# cat firewall

#Carregando os modulos

modprobe iptable_nat

modprobe ip_conntrack

echo "Modulos Carredados"



#Liberando o Forward

echo 1 >/proc/sys/net/ipv4/ip_forward

echo "Forward habilitado"



##Definindo Constantes

#Referentes a este servidor

ESAFW="192.168.0.1"

IFINTERNA="eth1"

IFEXTERNA="eth2"



#impressora financeiro

IMPRESSORA="192.168.0.176"



#Servidor

SERVIDOR="192.168.0.63"



#Servidor de cameras

CAMERAS="192.168.0.133"



#Caixa Economica

REDECAIXA="200.201.174.0/24"

HOSTCAIXA="200.223.0.0"



#QiQuality

SRVQI1="201.55.64.42"

SRVQI2="189.19.47.115"



#programa cantina builtcode

cantina="186.202.124.2"



#Acessa Brasil

SRVACB="200.229.195.51"



#Senac

SENAC="200.231.172.32"



echo "Constantes criadas"



#Limpando as Configuracoes

iptables -F

iptables -t nat -F

echo "Configuracoes Limpas"



# Colocando as Policies em DROP

iptables -P INPUT DROP

iptables -P FORWARD DROP

iptables -P OUTPUT ACCEPT



echo "Policies em DROP"



##INPUT

#Liberando trafego interno

iptables -A INPUT -i lo -j ACCEPT



# Liberando a porta do SSH

iptables -A INPUT -p tcp --dport 15061 -j ACCEPT



#Liberando porta 80 para o apache

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

iptables -A INPUT -p tcp --dport 8080 -j ACCEPT



# Liberando a porta programa CAT

iptables -A INPUT -p tcp --dport 5017 -j ACCEPT

iptables -A INPUT -p tcp --dport 5022 -j ACCEPT



#Liberando porta 20 21 para FTP

iptables -A INPUT -p tcp --dport 20 -j ACCEPT

iptables -A INPUT -p tcp --dport 21 -j ACCEPT

iptables -A INPUT -p tcp --dport 22 -j ACCEPT



#Liberando recebimento de PING

iptables -A INPUT -p icmp -j ACCEPT



# Liberando porta do SQUID

iptables -A INPUT -i $IFINTERNA -p tcp --dport 3128 -j ACCEPT



#Liberando entrada de conexoes de retorno

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT



echo "Fim da secao INPUT"



#OUTPUT

#Libernado trafego interno

iptables -A OUTPUT -o lo -j ACCEPT



#Liberando a saida de DNS

iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT

iptables -A OUTPUT -p udp --dport 53 -j ACCEPT



#Liberando a saida http

iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT

iptables -A OUTPUT -p tcp --dport 8080 -j ACCEPT



# Liberando a porta programa CAT

iptables -A OUTPUT -p tcp --dport 5017 -j ACCEPT

iptables -A OUTPUT -p tcp --dport 5022 -j ACCEPT



#Liberando a saida FTP

iptables -A OUTPUT -p tcp --dport 20 -j ACCEPT

iptables -A OUTPUT -p tcp --dport 21 -j ACCEPT

iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT



#Liberando NTP

iptables -A OUTPUT -p udp --dport 123 -j ACCEPT



#Liberando o bind

iptables -A OUTPUT -p udp --dport 839 -j ACCEPT



#Liberando a saida do PING

iptables -A OUTPUT -p icmp -j ACCEPT



#Libera conexoes de retorno

iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT



echo "Fim da secao OUTPUT"



##FORWARD

#NAT

iptables -t nat -A POSTROUTING -o $IFEXTERNA -j MASQUERADE



#DNS

iptables -A FORWARD -i $IFINTERNA -p tcp --dport 53 -j ACCEPT

iptables -A FORWARD -i $IFINTERNA -p udp --dport 53 -j ACCEPT



#Email

iptables -A FORWARD -p tcp -d $SRVACB --dport 587 -j ACCEPT

iptables -A FORWARD -p tcp -d $SRVACB --dport 25 -j ACCEPT

iptables -A FORWARD -p tcp -d $SRVACB --dport 110 -j ACCEPT

iptables -A FORWARD -p tcp -d $SRVACB --dport 143 -j ACCEPT



#Liberando servidor de cameras do bercario

iptables -A FORWARD -p tcp -d $CAMERAS --dport 8600 -j ACCEPT

iptables -A FORWARD -p tcp -d $CAMERAS --dport 8601 -j ACCEPT

iptables -A FORWARD -p tcp -d $CAMERAS --dport 8602 -j ACCEPT

iptables -A FORWARD -p tcp -d $CAMERAS --dport 8080 -j ACCEPT

iptables -A FORWARD -p tcp -d $CAMERAS --dport 80 -j ACCEPT

iptables -t nat -A PREROUTING -i $IFEXTERNA -p tcp --dport 8600 -j DNAT --to-destination $CAMERAS

iptables -t nat -A PREROUTING -i $IFEXTERNA -p tcp --dport 8601 -j DNAT --to-destination $CAMERAS

iptables -t nat -A PREROUTING -i $IFEXTERNA -p tcp --dport 8602 -j DNAT --to-destination $CAMERAS

iptables -t nat -A PREROUTING -i $IFEXTERNA -p tcp --dport 8080 -j DNAT --to-destination $CAMERAS:8080



#Acesso SEFIP

iptables -A FORWARD -p tcp -d $REDECAIXA -j ACCEPT

iptables -t nat -A PREROUTING -p tcp -d $REDECAIXA -j ACCEPT

iptables -A FORWARD -p tcp -d $HOSTCAIXA -j ACCEPT

iptables -t nat -A PREROUTING -p tcp -d $HOSTCAIXA -j ACCEPT



#Acesso ao SQL Server

iptables -A FORWARD -p tcp -d $SERVIDOR --dport 1433 -j ACCEPT

iptables -A FORWARD -p udp -d $SERVIDOR --dport 1433 -j ACCEPT



#QiQuality

iptables -t nat -A PREROUTING -p tcp -i $IFEXTERNA -s $SRVQI1 --dport 1433 -j DNAT --to-destination $SERVIDOR

iptables -t nat -A PREROUTING -p udp -i $IFEXTERNA -s $SRVQI1 --dport 1433 -j DNAT --to-destination $SERVIDOR

iptables -t nat -A PREROUTING -p tcp -i $IFEXTERNA -s $SRVQI2 --dport 1433 -j DNAT --to-destination $SERVIDOR

iptables -t nat -A PREROUTING -p udp -i $IFEXTERNA -s $SRVQI2 --dport 1433 -j DNAT --to-destination $SERVIDOR



#Liberando a Porta 80

iptables -A FORWARD -p tcp --dport 80 -j ACCEPT

iptables -A FORWARD -p tcp --dport 8080 -j ACCEPT

iptables -A FORWARD -p tcp --dport 443 -j ACCEPT



# Liberando a porta programa CAT

iptables -A FORWARD -p tcp --dport 5017 -j ACCEPT

iptables -A FORWARD -p tcp --dport 5022 -j ACCEPT



#Liberando a Porta 20 21 22ftp sincBack

iptables -A FORWARD -p tcp --dport 20 -j ACCEPT

iptables -A FORWARD -p tcp --dport 21 -j ACCEPT

iptables -A FORWARD -p tcp --dport 22 -j ACCEPT



#Liberando Pacotes

iptables -A FORWARD -p tcp -s SERVIDOR -j ACCEPT



#Liberando a porta para TS Putty

iptables -A FORWARD -p tcp --dport 15061 -j ACCEPT



#Senac

iptables -A FORWARD -p tcp -d $SENAC -j ACCEPT



#Liberando conexoes de retorno

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT



echo "Fim da secao FORWARD"

echo "Fim do Script de Firewall"

 

root@esafw:/etc/init.d#
root@esafw:/etc/init.d#
root@esafw:/etc/init.d#

danniel-lara
(usa Fedora)

Enviado em 09/09/2013 - 11:45h

libera a porta 8080 no INPUT e OUTPUT
e testa

marcelomiguel
(usa Debian)

Enviado em 09/09/2013 - 14:18h

Não sei como liberar, adicionei as linhas abaixo mas não funciona.


iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 8080 -j ACCEPT

saitam
(usa Slackware)

Enviado em 09/09/2013 - 14:25h

Afinal o que esta sendo executado na porta 8080 ?

Ali em cima nas regras tem Apache 80/8080 no INPUT e no FORWARD servidor de cameras na porta 8080.

Se tiver sendo executado 2 serviços na mesma porta da conflito, tendo que alterar porta.

marcelomiguel
(usa Debian)

Enviado em 09/09/2013 - 16:07h

Sou novo na empresa e a pessoa que instalou sumiu, estou meio perdido. pelo que sei as câmeras do berçario não funcionam pelo site, internamente está tudo ok.


While trying to retrieve the URL: http://187.75.160.30:8080/websystem/

The following error was encountered:
• Connection to Failed

The system returned:
(101) Network is unreachable

The remote host or network may be down. Please try the request again.


--------------------------------------------------------------------------------

Generated Mon, 09 Sep 2013 19:05:38 GMT by esafw (squid/2.7.STABLE3)

marcelomiguel
(usa Debian)

Enviado em 09/09/2013 - 16:57h

Desculpe, este é o erro que aparece:


ERROR

The requested URL could not be retrieved

--------------------------------------------------------------------------------


The following error was encountered while trying to retrieve the URL: http://187.75.160.30:8080/websystem/


Connection to 187.75.160.30 failed.

The system returned: (111) Connection refused

The remote host or network may be down. Please try the request again.

Your cache administrator is


--------------------------------------------------------------------------------


Generated Mon, 09 Sep 2013 20:11:46 GMT by esafw.externato.com.br (squid/2.7.STABLE9)