jlbeneton
(usa Debian)
Enviado em 06/08/2014 - 13:23h
Pessoal boa tarde, estou configurano um servidor de internet com o shorewall + squid, e esta o shorewall e o squid estão funcionando corretamente exceto por um ip que necessito liberar (192.168.1.250), sem passar pelo squid, ja que este ip sera ligado em um outro roteador o qual devera ter acesso total a internet, estou postando o rules do shorewall e espero que possam me ajudar, grato!!
#
# Shorewall version 4.0 - Sample Rules File for two-interface configuration.
# Copyright (C) 2006,2007 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-rules"
######################################################################################################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ALL
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
# Don't allow connection pickup from the net
#
Invalid(DROP) net all
#
# Accept DNS connections from the firewall to the network
#
DNS(ACCEPT) $FW net
#
# Accept SSH connections from the local network for administration
#
SSH(ACCEPT) loc $FW
#
# Allow Ping from the local network
#
Ping(ACCEPT) loc $FW
#
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
#
Ping(DROP) net $FW
ACCEPT $FW loc icmp
ACCEPT $FW net icmp
#
REDIRECT loc 3128 tcp www
ACCEPT $FW net tcp www
ACCEPT all all icmp 8
ACCEPT all all tcp 22
ACCEPT loc net:8.8.8.8 udp 53
ACCEPT loc fw tcp 3128
ACCEPT loc net tcp 25,110,143
ACCEPT loc fw tcp 137,138,139,445
ACCEPT loc fw udp 137,138,139,445
##Redirecionamento de portas##
DNAT net loc:192.168.1.141:3389 tcp 3389
DNAT net loc:192.168.1.141:3389 udp 3389
DNAT net loc:192.168.1.51:5900 tcp 5900
DNAT net loc:192.168.1.51:5900 udp 5900
DNAT net loc:192.168.1.253:3000 tcp 3000
DNAT net loc:192.168.1.253:3001 tcp 3001
DNAT net loc:192.168.1.253:3003 tcp 3003
DNAT net loc:192.168.1.253:8800 tcp 8800
DNAT net loc:192.168.1.253:3007 tcp 3007
DNAT net loc:192.168.1.253:3950 tcp 3950
DNAT net loc:192.168.1.253:3000 udp 3000
DNAT net loc:192.168.1.253:3001 udp 3001
DNAT net loc:192.168.1.253:3003 udp 3003
DNAT net loc:192.168.1.253:8800 udp 8800
DNAT net loc:192.168.1.253:3007 udp 3007
DNAT net loc:192.168.1.253:3950 udp 3950
##IP liberado
ACCEPT loc:192.168.1.250 net tcp -