Servidor de internet nao aceita anexar arquivos
1. Servidor de internet nao aceita anexar arquivos
marcelohbr
(usa CentOS)
Enviado em 22/11/2011 - 09:33h
Caros amigos, tenho um servidor de internet CentOS.Agora a pouco, um dos usuarios dessa internet servida por ele me ligou dizendo q nao esta conseguindo anexar arquivos em seu email para envirar para seus clientes.
Acessei o servidor e entao apos liberar o micro dele de passar pelo proxy squid e pelo firewall, ele enfim conseguiu anexar os arquivos.
Alguem tem uma ideia do q devo fazer?
Desde já, muito obrigado
Marcelo Rodrigues
2. Re: Servidor de internet nao aceita anexar arquivos
danniel-lara
(usa Fedora)
Enviado em 22/11/2011 - 09:41h
quais seriam suas regras de firewall ? pode postar ?3. Re: Servidor de internet nao aceita anexar arquivos
4. Regras firewall
marcelohbr
(usa CentOS)
Enviado em 22/11/2011 - 09:49h
#Liberando Roteamento e protegendo contra spoofing echo "1" > /proc/sys/net/ipv4/ip_forward #Limpando Regras iptables -F iptables -X iptables -F -t nat iptables -X -t nat iptables -F -t mangle iptables -X -t mangle #Definindo politica padrão iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT #Comunicacao entre processos Loopback iptables -A INPUT -i lo -j ACCEPT #libera acesso a porta do sintegra iptables -A OUTPUT -p tcp --dport 8017 -j ACCEPT iptables -A OUTPUT -p udp --dport 8017 -j ACCEPT # ICMP iptables -A INPUT -p icmp -j ACCEPT iptables -A FORWARD -p icmp -j ACCEPT # Regra criada para o DHCP iptables -A OUTPUT -o eth1 -p UDP --sport 67 --dport 68 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth1 -p UDP --sport 68 --dport 67 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth1 -p UDP --sport 67 --dport 68 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth1 -p UDP --sport 68 --dport 67 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth2 -p UDP --sport 67 --dport 68 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth2 -p UDP --sport 68 --dport 67 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth2 -p UDP --sport 67 --dport 68 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth2 -p UDP --sport 68 --dport 67 -m state --state NEW,ESTABLISHED -j ACCEPT # DNS iptables -A INPUT -i eth2 -p udp -s 10.0.1.0/24 --dport 53 -j ACCEPT iptables -A INPUT -i eth2 -p tcp -s 10.0.1.0/24 --dport 53 -j ACCEPT iptables -A INPUT -i eth1 -p udp -s 192.168.1.0/24 --dport 53 -j ACCEPT iptables -A INPUT -i eth1 -p tcp -s 192.168.1.0/24 --dport 53 -j ACCEPT # SSH e FTP rede interna iptables -A INPUT -i eth1 -s 192.168.1.0/24 -p tcp --dport 22 --syn -j ACCEPT iptables -A INPUT -i eth1 -s 192.168.1.0/24 -p tcp --dport 21 --syn -j ACCEPT iptables -A INPUT -i eth2 -s 10.0.1.0/24 -p tcp --dport 22 --syn -j ACCEPT iptables -A INPUT -i eth2 -s 10.0.1.0/24 -p tcp --dport 21 --syn -j ACCEPT # SSH rede exterma iptables -A INPUT -i ppp0 -s 0/0 -p tcp --dport 22 --syn -j ACCEPT iptables -A INPUT -i eth0 -s 0/0 -p tcp --dport 22 --syn -j ACCEPT #Webmin rede interna iptables -A INPUT -p tcp -s 192.168.1.0/24 -d 0/0 --dport 10000 --syn -j ACCEPT iptables -A INPUT -p tcp -s 10.0.1.0/24 -d 0/0 --dport 10000 --syn -j ACCEPT #Webmin rede externa iptables -A INPUT -i ppp0 -s 0/0 -p tcp --dport 10000 --syn -j ACCEPT iptables -A INPUT -i eth0 -s 0/0 -p tcp --dport 10000 --syn -j ACCEPT iptables -A INPUT -i ppp0 -s 0/0 -p tcp --dport 10000 --syn -j ACCEPT iptables -A INPUT -p tcp --dport 10000 -j ACCEPT iptables -A INPUT -p tcp -i ppp0 --dport 10000 -j ACCEPT # NetBIOS rede interna iptables -A INPUT -i eth1 -s 192.168.1.0/24 -p tcp --dport 137:139 --syn -j ACCEPT iptables -A INPUT -i eth1 -s 192.168.1.0/24 -p udp --dport 137:139 -j ACCEPT iptables -A INPUT -i eth2 -s 10.0.1.0/24 -p tcp --dport 137:139 --syn -j ACCEPT iptables -A INPUT -i eth2 -s 10.0.1.0/24 -p udp --dport 137:139 -j ACCEPT # Acesso interno ao PROXY iptables -A INPUT -i eth1 -s 192.168.1.0/24 -d 192.168.1.1 -p tcp --dport 3128 --tcp-flags ACK,SYN SYN -j ACCEPT iptables -A INPUT -i eth2 -s 10.0.1.0/255.0.0.0 -d 10.0.1.1 -p tcp --dport 3128 --tcp-flags ACK,SYN SYN -j ACCEPT #Pacotes TCP e UDP de retorno sempre abertos (ACK) iptables -A INPUT -s 0/0 -d 0/0 -p tcp -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -s 0/0 -d 0/0 -p udp -m state --state ESTABLISHED -j ACCEPT #Nat Reverso E-Mail #iptables -t nat -A PREROUTING -s 0/0 -d 0/0 -p tcp --dport 5900 -j DNAT --to 10.0.1.50:5900 #iptables -A FORWARD -s 0/0 -d 192.168.2.2 -p tcp --dport 25 -j ACCEPT #iptables -A FORWARD -s 192.168.2.2 -d 0/0 -p tcp --sport 25 -j ACCEPT # Regra de masquerading iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.1.0/24 -d 0/0 -j MASQUERADE iptables -t nat -A POSTROUTING -o ppp0 -s 10.0.1.0/24 -d 0/0 -j MASQUERADE # Regras de roteamento # Acesso interno ao SMTP e POP iptables -A FORWARD -s 192.168.1.0/24 -d 0/0 -p tcp --dport 25 -j ACCEPT iptables -A FORWARD -s 0/0 -d 192.168.1.0/24 -p tcp --sport 25 -j ACCEPT iptables -A FORWARD -s 10.0.1.0/24 -d 0/0 -p tcp --dport 25 -j ACCEPT iptables -A FORWARD -s 0/0 -d 10.0.1.0/24 -p tcp --sport 25 -j ACCEPT iptables -A FORWARD -s 192.168.1.0/24 -d 0/0 -p tcp --dport 110 -j ACCEPT iptables -A FORWARD -s 0/0 -d 192.168.1.0/24 -p tcp --sport 110 -j ACCEPT iptables -A FORWARD -s 10.0.1.0/24 -d 0/0 -p tcp --dport 110 -j ACCEPT iptables -A FORWARD -s 0/0 -d 10.0.1.0/24 -p tcp --sport 110 -j ACCEPT #NTP iptables -A FORWARD -p udp --dport 123 -j ACCEPT ##################### Regras especificas para MSN ########################################### # LIBERA MSN Gerente iptables -A FORWARD -o ppp0 -p tcp -s 10.0.1.160/24 -m multiport --dports 1863,7001 -j ACCEPT iptables -A FORWARD -o ppp0 -p udp -s 10.0.1.160/24 --dport 7001 -j ACCEPT iptables -A FORWARD -i ppp0 -p tcp -d 10.0.1.160/24 -m multiport --sports 1863,7001 -j ACCEPT iptables -A FORWARD -i ppp0 -p udp -d 10.0.1.160/24 --sport 7001 -j ACCEPT # LIBERA MSN Financeiro iptables -A FORWARD -o ppp0 -p tcp -s 10.0.1.157/24 -m multiport --dports 1863,7001 -j ACCEPT iptables -A FORWARD -o ppp0 -p udp -s 10.0.1.157/24 --dport 7001 -j ACCEPT iptables -A FORWARD -i ppp0 -p tcp -d 10.0.1.157/24 -m multiport --sports 1863,7001 -j ACCEPT iptables -A FORWARD -i ppp0 -p udp -d 10.0.1.157/24 --sport 7001 -j ACCEPT # Libera o MSN Gerencia Tecnica iptables -A FORWARD -o ppp0 -p tcp -s 10.0.1.57/24 -m multiport --dports 1863,7001 -j ACCEPT iptables -A FORWARD -o ppp0 -p udp -s 10.0.1.57/24 --dport 7001 -j ACCEPT iptables -A FORWARD -i ppp0 -p tcp -d 10.0.1.57/24 -m multiport --sports 1863,7001 -j ACCEPT iptables -A FORWARD -i ppp0 -p udp -d 10.0.1.57/24 --sport 7001 -j ACCEPT # Libera MSN Garantia #iptables -A FORWARD -o ppp0 -p tcp -s 10.0.1.59/24 -m multiport --dports 1863,7001 -j ACCEPT #iptables -A FORWARD -o ppp0 -p udp -s 10.0.1.59/24 --dport 7001 -j ACCEPT #iptables -A FORWARD -i ppp0 -p tcp -d 10.0.1.59/24 -m multiport --sports 1863,7001 -j ACCEPT #iptables -A FORWARD -i ppp0 -p udp -d 10.0.1.59/24 --sport 7001 -j ACCEPT # Bloqueia MSN Geral iptables -A FORWARD -o ppp0 -p tcp -m multiport --dports 1863,7001 -j DROP iptables -A FORWARD -o ppp0 -p udp --dport 7001 -j DROP ############################################################################################# # Sicoob CEDENTE iptables -A OUTPUT -p tcp --dport 5006 -j ACCEPT # Conexao com a base da cooperativa iptables -A OUTPUT -p udp --dport 5006 -j ACCEPT iptables -A OUTPUT -p tcp --dport 8080 -j ACCEPT # Envio de arquivo de movimento iptables -A OUTPUT -p udp --dport 8080 -j ACCEPT iptables -t filter -A FORWARD -i eth2 -o ppp0 -s 10.0.1.0/24 -d 189.75.117.230/24 -p tcp -j ACCEPT # Conexao com a base da c iptables -t filter -A FORWARD -i eth2 -o ppp0 -s 10.0.1.0/24 -d 189.75.117.230/24 -p tcp -j ACCEPT # Envio de arquivo de mov iptables -t filter -A FORWARD -i eth2 -o ppp0 -s 10.0.1.0/24 -d 189.75.117.230/24 -p udp -j ACCEPT iptables -t filter -A FORWARD -i eth2 -o ppp0 -s 10.0.1.0/24 -d 189.75.117.230/24 -p udp -j ACCEPT iptables -t filter -A FORWARD -i ppp0 -o eth2 -s 189.75.117.230/24 -d 10.0.1.0/24 -p tcp -j ACCEPT iptables -t filter -A FORWARD -i ppp0 -o eth2 -s 189.75.117.230/24 -d 10.0.1.0/24 -p udp -j ACCEPT iptables -t filter -A FORWARD -i ppp0 -o eth2 -s 189.75.117.230/24 -d 10.0.1.0/24 -p tcp -j ACCEPT iptables -t filter -A FORWARD -i ppp0 -o eth2 -s 189.75.117.230/24 -d 10.0.1.0/24 -p udp -j ACCEPT # Liberando o OUTLOOK iptables -A FORWARD -p udp -s 10.0.1.0/24 -d 200.165.132.155 --dport 53 -j ACCEPT iptables -A FORWARD -p udp -s 200.165.132.155 --sport 53 -d 10.0.1.0/24 -j ACCEPT iptables -A FORWARD -p udp -s 10.0.1.0/24 -d 200.165.132.147 --dport 53 -j ACCEPT iptables -A FORWARD -p udp -s 200.165.132.147 --sport 53 -d 10.0.1.0/24 -j ACCEPT iptables -A FORWARD -p udp -s 192.168.1.0/24 -d 200.165.132.155 --dport 53 -j ACCEPT iptables -A FORWARD -p udp -s 200.165.132.155 --sport 53 -d 192.168.1.0/24 -j ACCEPT iptables -A FORWARD -p udp -s 192.168.1.0/24 -d 200.165.132.147 --dport 53 -j ACCEPT iptables -A FORWARD -p udp -s 200.165.132.147 --sport 53 -d 192.168.1.0/24 -j ACCEPT iptables -A FORWARD -p TCP -s 10.0.1.0/24 --dport 25 -j ACCEPT iptables -A FORWARD -p TCP -s 10.0.1.0/24 --dport 110 -j ACCEPT iptables -A FORWARD -p TCP -s 192.168.1.0/24 --dport 25 -j ACCEPT iptables -A FORWARD -p TCP -s 192.168.1.0/24 --dport 110 -j ACCEPT iptables -A FORWARD -p tcp --sport 25 -j ACCEPT iptables -A FORWARD -p tcp --sport 110 -j ACCEPT # Regra especifica NF-e iptables -t nat -A PREROUTING -p tcp -d 201.55.62.0/24 -j ACCEPT iptables -A FORWARD -p tcp -d 201.55.62.0/24 --dport 80 -j ACCEPT # Liberando acesso a NFE (Nota fiscal Eletronica) iptables -t nat -I PREROUTING -p tcp --dport 80 -s 10.0.1.0/24 -d 200.189.133.249 -j ACCEPT iptables -t nat -I PREROUTING -p tcp --dport 80 -s 10.0.1.0/24 -d 200.189.133.247 -j ACCEPT iptables -t nat -A PREROUTING -p tcp -d 200.189.133.249 -j ACCEPT iptables -A FORWARD -p tcp -d 200.189.133.249 -j ACCEPT iptables -t nat -A PREROUTING -p tcp -d 200.189.133.247 -j ACCEPT iptables -A FORWARD -p tcp -d 200.189.133.247 -j ACCEPT iptables -t nat -I PREROUTING -s 10.0.1.0/24 -p tcp --dport 4199 -j ACCEPT iptables -t nat -I PREROUTING -s 10.0.1.0/24 -p tcp --dport 5656 -j ACCEPT iptables -t nat -A POSTROUTING -j MASQUERADE # Liberar Conexao TED iptables -A OUTPUT -p tcp --dport 8017 -j ACCEPT iptables -A OUTPUT -p udp --dport 8017 -j ACCEPT iptables -t filter -A FORWARD -i eth2 -o ppp0 -s 10.0.1.0/24 -d 201.16.234.27/24 -p tcp -j ACCEPT iptables -t filter -A FORWARD -i eth2 -o ppp0 -s 10.0.1.0/24 -d 200.166.92.27/24 -p tcp -j ACCEPT iptables -t filter -A FORWARD -i eth2 -o ppp0 -s 10.0.1.0/24 -d 201.16.234.27/24 -p udp -j ACCEPT iptables -t filter -A FORWARD -i eth2 -o ppp0 -s 10.0.1.0/24 -d 200.166.92.27/24 -p udp -j ACCEPT iptables -t filter -A FORWARD -i ppp0 -o eth2 -s 201.16.234.27/24 -d 10.0.1.0/24 -p tcp -j ACCEPT iptables -t filter -A FORWARD -i ppp0 -o eth2 -s 201.16.234.27/24 -d 10.0.1.0/24 -p udp -j ACCEPT iptables -t filter -A FORWARD -i ppp0 -o eth2 -s 200.166.92.27/24 -d 10.0.1.0/24 -p tcp -j ACCEPT iptables -t filter -A FORWARD -i ppp0 -o eth2 -s 200.166.92.27/24 -d 10.0.1.0/24 -p udp -j ACCEPT # Fecha o roteamento com destino a porta 80 e 443 iptables -A FORWARD -s 192.168.1.0/24 -d 0/0 -p tcp --sport 1:65535 --dport www -j DROP iptables -A FORWARD -s 192.168.1.0/24 -d 0/0 -p tcp --sport 1:65535 --dport 443 -j DROP iptables -A FORWARD -s 10.0.1.0/24 -d 0/0 -p tcp --sport 1:65535 --dport www -j DROP iptables -A FORWARD -s 10.0.1.0/24 -d 0/0 -p tcp --sport 1:65535 --dport 443 -j DROP iptables -A FORWARD -s 192.168.1.0/24 -d 0/0 -p tcp -j DROP # Libera o roteamento DNS iptables -A FORWARD -s 192.168.1.0/24 -d 0/0 -p udp --dport 53 -j ACCEPT iptables -A FORWARD -s 192.168.1.0/24 -d 0/0 -p tcp --dport 53 -j ACCEPT iptables -A FORWARD -s 0/0 -d 192.168.1.0/24 -p udp --sport 53 -j ACCEPT iptables -A FORWARD -s 0/0 -d 192.168.1.0/24 -p tcp --sport 53 -j ACCEPT iptables -A FORWARD -s 10.0.1.0/24 -d 0/0 -p udp --dport 53 -j ACCEPT iptables -A FORWARD -s 10.0.1.0/24 -d 0/0 -p tcp --dport 53 -j ACCEPT iptables -A FORWARD -s 0/0 -d 10.0.1.0/24 -p udp --sport 53 -j ACCEPT iptables -A FORWARD -s 0/0 -d 10.0.1.0/24 -p tcp --sport 53 -j ACCEPT #Log do Firewall iptables -A INPUT -p tcp -j LOG # Fecha todo o resto do roteamento iptables -A INPUT -s 0/0 -d 0/0 -j LOG iptables -A INPUT -s 0/0 -d 0/0 -j DROP iptables -A FORWARD -s 0/0 -d 0/0 -j LOG iptables -A FORWARD -s 0/0 -d 0/0 -j DROP
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Artigos
Como gerar um podcast a partir de um livro em PDF
Automatizando digitação de códigos 2FA no browser
Resolver problemas de Internet
Como compartilhar a tela do Ubuntu com uma Smart TV (LG, Samsung, etc.)
Dicas
Conheça a 4Devs, caixa de ferramentas online para desenvolvedores
Como converter um vídeo MP4 para um GIF para publicar no README.md do seu repositório Github
Como Instalar o Microsoft Teams no Linux Ubuntu
Tópicos
Top 10 do mês
Scripts
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
