Denuncie   Favoritos   Indicar  

Firewall / Squid Autenticado (msnt_auth)

1. Firewall / Squid Autenticado (msnt_auth)

Henrique de Almeida Ribeiro
hrq22
(usa Ubuntu)

Enviado em 31/03/2009 - 10:16h

E ai galera, preciso de uma ajuda.

Eu uso iptables pra configurar o firewall e tambem o squid com autenticaçao no AD usando o msnt_auth. Pois bem, quando rodo o firewall a autenticaçao para de funcionar mas, quando limpo as regras do firewall a autenticaçao funciona normalmente.

Alguem pode me dar uma dica de uma regra que eu possa colocar no firewall para que ele libere a autenticaçao no squid?

0 0
  • Quote

    •   


    2. Re: Firewall / Squid Autenticado (msnt_auth)

    Julian Castaman
    maninhx
    (usa Slackware)

    Enviado em 02/04/2009 - 13:44h

    coloca teu firwall para darmos uma olhada.

    0 0
  • Quote

    • 3. Firewall

    Henrique de Almeida Ribeiro
    hrq22
    (usa Ubuntu)

    Enviado em 02/04/2009 - 14:30h

    #!/bin/bash

    #LIMPANDO TODAS AS CHAIN
    echo "***Limpando todas as REGRAS***"
    iptables -F
    sleep 2

    #ATRIBUINDO UMA REGRA PADRAO PARA BLOQUEAR TODO O TRAFEGO DE E/S DA PLACA DE REDE
    echo "***Bloqueando a chain FORWARD***"
    iptables -P FORWARD DROP
    sleep 2

    #ATRIBUINDO UMA REGRA PADRAO PARA BLOQUEAR TODO O TRAFEGO QUE ENTRA NA PLACA DE REDE
    echo "***Bloqueando a chain INPUT***"
    iptables -P INPUT DROP
    sleep 2

    #ATRIBUINDO UMA REGRA PADRAO PARA BLOQUEAR TODO O TRAFEGO QUE SAI NA PLACA DE REDE
    echo "***Bloqueando a chain OUTPUT***"
    iptables -P OUTPUT DROP
    sleep 2

    #ATIVANDO O ENCAMINHAMENTO DE PACOTES
    echo "***Ativando o ENCAMINHAMENTO de pacotes***"
    echo "1" > /proc/sys/net/ipv4/ip_forward
    sleep 2

    #REDIRECIONANDO O RDP DO WINDOWS 2003
    echo "***Redirecionando o Remote Desktop***"
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT --to 172.23.0.1:3389

    #MASCARANDO A REDE
    echo "***Mascarando a REDE***"
    iptables -t nat -A POSTROUTING -o eth0 -s 172.23.0.0/16 -j MASQUERADE
    iptables -t nat -A POSTROUTING -o eth0 -s 201.63.91.116 -j MASQUERADE
    iptables -t nat -A POSTROUTING -o eth0 -d 201.63.91.116 -j MASQUERADE

    sleep 2

    #ABRINDO SSH
    echo "***Habilitando conexao SSH***"
    iptables -t filter -A INPUT -p tcp -m tcp -i eth0 --dport 22 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -m tcp -i eth0 --sport 22 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -m tcp -i eth1 --dport 22 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -m tcp -i eth1 --sport 22 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -m tcp -o eth0 --dport 22 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -m tcp -o eth0 --sport 22 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -m tcp -o eth1 --dport 22 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -m tcp -o eth1 --sport 22 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -m tcp --dport 22 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -m tcp --sport 22 -j ACCEPT
    sleep 2

    #LIBERAR ICMP
    echo "***Liberando PING***"
    iptables -t filter -A INPUT -p icmp -m icmp -i eth0 --icmp-type 8 -j ACCEPT
    iptables -t filter -A INPUT -p icmp -m icmp -i eth0 --icmp-type 0 -j ACCEPT
    iptables -t filter -A INPUT -p icmp -m icmp -i eth1 --icmp-type 8 -j ACCEPT
    iptables -t filter -A INPUT -p icmp -m icmp -i eth1 --icmp-type 0 -j ACCEPT

    iptables -t filter -A OUTPUT -p icmp -m icmp -o eth0 --icmp-type 8 -j ACCEPT
    iptables -t filter -A OUTPUT -p icmp -m icmp -o eth0 --icmp-type 0 -j ACCEPT
    iptables -t filter -A OUTPUT -p icmp -m icmp -o eth1 --icmp-type 8 -j ACCEPT
    iptables -t filter -A OUTPUT -p icmp -m icmp -o eth1 --icmp-type 0 -j ACCEPT

    iptables -t filter -A FORWARD -p icmp -m icmp --icmp-type 8 -j ACCEPT
    iptables -t filter -A FORWARD -p icmp -m icmp --icmp-type 0 -j ACCEPT
    echo "***PING OK ***"

    #ABRINDO HTTP (80), DNS (53), PROXY (3128), HTTPS (443), SMTP (501), POP3 (502)
    echo "***Habilitando HTTP, DNS, PROXY, HTTPS, SMTP, POP3, FTP,***"

    #TCP
    echo "***TCP OK***"

    iptables -t filter -A INPUT -p tcp -i eth0 --dport 3128 -j DROP
    iptables -t filter -A INPUT -p tcp -i eth0 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth0 -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth0 -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth0 -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -i eth0 --dport 501 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -i eth0 --dport 502 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -i eth0 --dport 501 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -i eth0 --dport 502 -j ACCEPT


    iptables -t filter -A INPUT -p tcp -i eth1 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth1 -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth1 -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth1 -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -i eth1 --dport 501 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -i eth1 --dport 502 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -i eth1 --dport 501 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -i eth1 --dport 502 -j ACCEPT


    iptables -t filter -A INPUT -p tcp -i eth0 -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth0 -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth0 -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth0 -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -i eth0 --sport 501 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -i eth0 --sport 502 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -i eth0 --sport 501 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -i eth0 --sport 502 -j ACCEPT

    iptables -t filter -A INPUT -p tcp -i eth1 -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth1 -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth1 -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth1 -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -i eth1 --sport 501 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -i eth1 --sport 502 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -i eth1 --sport 501 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -i eth1 --sport 502 -j ACCEPT

    #UDP
    echo "***UDP OK***"
    iptables -t filter -A INPUT -p udp -i eth0 --dport 3128 -j DROP
    iptables -t filter -A INPUT -p udp -i eth0 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth0 -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth0 -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth0 -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -i eth0 --dport 501 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -i eth0 --dport 502 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -i eth0 --dport 501 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -i eth0 --dport 502 -j ACCEPT

    iptables -t filter -A INPUT -p udp -i eth1 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth1 -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth1 -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth1 -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -i eth1 --dport 501 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -i eth1 --dport 502 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -i eth1 --dport 501 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -i eth1 --dport 502 -j ACCEPT

    iptables -t filter -A INPUT -p udp -i eth0 -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth0 -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth0 -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth0 -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -i eth0 --sport 501 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -i eth0 --sport 502 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -i eth0 --sport 501 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -i eth0 --sport 502 -j ACCEPT

    iptables -t filter -A INPUT -p udp -i eth1 -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth1 -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth1 -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth1 -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -i eth1 --sport 501 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -i eth1 --sport 502 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -i eth1 --sport 501 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -i eth1 --sport 502 -j ACCEPT

    echo "***INPUT OK***"
    sleep 2

    #TCP
    echo "***TCP OK***"

    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -o eth0 --dport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -o eth0 --dport 502 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --dport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --dport 502 -j ACCEPT

    iptables -t filter -A OUTPUT -p tcp -o eth1 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth1 -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth1 -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth1 -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -o eth1 --dport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -o eth1 --dport 502 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -o eth1 --dport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -o eth1 --dport 502 -j ACCEPT

    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -o eth0 --sport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -o eth0 --sport 502 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --sport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --sport 502 -j ACCEPT

    iptables -t filter -A OUTPUT -p tcp -o eth1 -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth1 -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth1 -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth1 -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -o eth1 --sport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -o eth1 --sport 502 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -o eth1 --sport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -o eth1 --sport 502 -j ACCEPT

    #UDP
    echo "***UDP OK***"
    iptables -t filter -A OUTPUT -p udp -o eth0 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth0 -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth0 -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth0 -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -o eth0 --dport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -o eth0 --dport 502 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --dport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --dport 502 -j ACCEPT

    iptables -t filter -A OUTPUT -p udp -o eth1 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth1 -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth1 -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth1 -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -o eth1 --dport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -o eth1 --dport 502 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -o eth1 --dport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --dport 502 -j ACCEPT


    iptables -t filter -A OUTPUT -p udp -o eth0 -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth0 -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth0 -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth0 -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -o eth0 --sport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -o eth0 --sport 502 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --sport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --sport 502 -j ACCEPT

    iptables -t filter -A OUTPUT -p udp -o eth1 -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth1 -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth1 -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth1 -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -o eth1 --sport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -o eth1 --sport 502 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -o eth1 --sport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -o eth1 --sport 502 -j ACCEPT

    echo "***OUTPUT OK***"
    sleep 2

    #TCP
    echo "***TCP OK***"

    iptables -t filter -A FORWARD -p tcp -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -s 172.23.0.10 -d 201.63.91.116 --dport 501 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -s 172.23.0.10 -d 201.63.91.116 --dport 502 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -s 201.63.91.116 -d 172.23.0.10 --dport 501 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -s 201.63.91.116 -d 172.23.0.10 --dport 502 -j ACCEPT

    iptables -t filter -A FORWARD -p tcp -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -s 172.23.0.10 -d 201.63.91.116 --sport 501 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -s 172.23.0.10 -d 201.63.91.116 --sport 502 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -s 201.63.91.116 -d 172.23.0.10 --sport 501 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -s 201.63.91.116 -d 172.23.0.10 --sport 502 -j ACCEPT

    echo "***UDP OK***"
    iptables -t filter -A FORWARD -p udp -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -s 172.23.0.10 -d 201.63.91.116 --dport 501 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -s 172.23.0.10 -d 201.63.91.116 --dport 502 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -s 201.63.91.116 -d 172.23.0.10 --dport 501 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -s 201.63.91.116 -d 172.23.0.10 --dport 502 -j ACCEPT

    iptables -t filter -A FORWARD -p udp -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -s 172.23.0.10 -d 201.63.91.116 --sport 501 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -s 172.23.0.10 -d 201.63.91.116 --sport 502 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -s 201.63.91.116 -d 172.23.0.10 --sport 501 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -s 201.63.91.116 -d 172.23.0.10 --sport 502 -j ACCEPT

    echo "***FORWARD OK***"
    sleep 2


    0 0
  • Quote

    • 4. Force...

    Davi Ribeiro
    dastyler
    (usa Fedora)

    Enviado em 02/04/2009 - 14:56h

    os clientes do AD a usarem o proxy nas confiugurações de grupo de usuarios no mesmo clicando com o botão direito e adcio e adicionar controle.
    Eu usei a regra de proxy transparente em conjunto com o AD e deu certo (com Squid 3.0):

    /sbin/iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-p\
    ort 3128

    E apos ver sua confe teu iptables ta blockando a porta do squid:

    iptables -t filter -A INPUT -p tcp -i eth0 --dport 3128 -j DROP

    A regra abaixo é desnecessria, pois o squid filtra pela tcp:

    iptables -t filter -A INPUT -p udp -i eth0 --dport 3128 -j DROP

    []´s

    0 0
  • Quote





    • Patrocínio

    Site hospedado pelo provedor RedeHost.
    Linux banner

    Destaques

    Artigos

    Compartilhando a tela do Computador no Celular via Deskreen

    Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota

    Configuração para desligamento automatizado de Computadores em um Ambiente Comercial

    O mínimo que você precisa saber sobre o terminal (parte 2)

    O mínimo que você precisa saber sobre o terminal (parte 1)

    Dicas

    Como renomear arquivos de letras maiúsculas para minúsculas

    Imprimindo no formato livreto no Linux

    Vim - incrementando números em substituição

    Efeito "livro" em arquivos PDF

    Como resolver o erro no CUPS: Unable to get list of printer drivers

    Tópicos

    Ubuntu não sai som (1)

    SysAdmin ou DevOps: Qual curso inicial pra essa área? (0)

    Melhores Práticas de Nomenclatura: Pastas, Arquivos e Código (3)

    Setxkb persistente (1)

    Preciso resolver um erro de DPKG (1)

    Top 10 do mês

    Scripts

    [Python] Automação de scan de vulnerabilidades

    [Python] Script para analise de superficie de ataque

    [Shell Script] Novo script para redimensionar, rotacionar, converter e espelhar arquivos de imagem

    [Shell Script] Iniciador de DOOM (DSDA-DOOM, Doom Retro ou Woof!)

    [Shell Script] Script para adicionar bordas às imagens de uma pasta

    A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.

    Site hospedado por: