cprvendas
(usa Conectiva)
Enviado em 19/09/2008 - 09:08h
Aqui esta meu firewall:
-----------------------
#!/bin/sh
# description: Inicialização do IPTABLES
#
# chkconfig: 2345 80 30
# processname: iptables
# pidfile: /var/run/iptables.pid
. /etc/rc.d/init.d/functions
. /etc/sysconfig/network
if [ ${NETWORKING} = "no" ]
then
exit 0
fi
case "$1" in
start)
gprintf "Iniciando o serviço de %s: " "IPtables"
echo
echo 1 > /proc/sys/net/ipv4/ip_forward
## Habilitando Modulos
modprobe ip_tables
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_tables
# modprobe ipt_unclean
modprobe ipt_limit
modprobe ipt_LOG
modprobe ipt_REJECT
modprobe ip_nat_ftp
## Definindo a Politica default
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD DROP
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
## Limpando as regras existentes
iptables -t filter -F
iptables -t nat -F
IF_EXTERNA=eth1
## Libera
iptables -A FORWARD -s 192.168.1.0/24 -d 0/0 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.1.0/24 -mstate --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 0/0 -j MASQUERADE
iptables -A FORWARD -p tcp -d 192.168.1.254 --dport 5900 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.1.254 --dport 5900 -j ACCEPT
#iptables -A FORWARD -i $IF_EXTERNA -p tcp --dport 5900 -m state --state NEW,ESTABILISHED,RELATED -j ACCEPT
#iptables -A FORWARD -i $IF_EXTERNA -p udp --dport 5900 -m state --state NEW,ESTABILISHED,RELATED -j ACCEPT
#iptables -t nat -A PREROUTING -p tcp -i $IF_EXTERNA --dport 5900 -j DNAT --to 192.168.1.254:5900
#iptables -t nat -A PREROUTING -p upd -i $IF_EXTERNA --dport 5900 -j DNAT --to 192.168.1.254:5900
iptables -L -n
;;
stop)
gprintf "Parando o serviço de %s: " "IPtables"
echo
echo 0 > /proc/sys/net/ipv4/ip_forward
iptables -t filter -P FORWARD DROP
iptables -t nat -P PREROUTING DROP
iptables -t nat -P OUTPUT DROP
iptables -t nat -P POSTROUTING DROP
iptables -t filter -F
iptables -t nat -F
iptables -t filter -L -n
iptables -t nat -L -n
rmmod ipt_state ipt_MASQUERADE iptable_nat ip_conntrack iptable_filter ip_tables
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
;;
status)
gprintf "Status do serviço de %s: " "IPtables"
iptables -t filter -L -n
iptables -t nat -L -n
;;
*)
gprintf "Uso: iptables (start|stop|status)"
echo
;;
esac
exit 0
------------
Pessoal, se puderem editar meu firewall e colar.. pq dae copío e jogo dentro do meu servidor...
Lembrando q minha eth0(10.1.1.2) é ligada no modem... modem(10.1.1.1)..................................
Minha eth1(192.168.1.1) é ligada no switch...
------------
Meu modem ta com nat aberta (porta 5900) direcionando para 192.168.1.1, 10.1.1.2 e 192.168.1.254(VNCserver) .....já liberei pra três ip´s para garantir!!!
------------
O firewall do modem ta desligado! o modem direto no pc (sem o proxy) funciona normalmente!
------------
Agurado resposta....
Grato!!!
link do iptables:
http://rapidshare.com/files/146570409/iptables.html
http://w14.easy-share.com/1701626227.html