Iptables

1. Iptables

Livio Moreira
liviomm

(usa Debian)

Enviado em 25/01/2010 - 16:57h

Galera, Seguinte estou refazendo o linux na empresa acabei optando pelo Open Suse 11.2 meu servidor antigo Fedora 9 parece que esta louco ..

Iptables Versao v1.4.1.1 ?? Tinha instalado o 3.0 por que isto alguem pode me ajudar e toda minha configuracao feita no mesmo sumiu.

# Generated by iptables-save v1.4.1.1 on Mon Jan 25 10:14:22 2010
*nat
:PREROUTING ACCEPT [6609:816848]
:POSTROUTING ACCEPT [960:57889]
:OUTPUT ACCEPT [1051:63410]
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.151.2:3389
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 3380 -j DNAT --to-destination 192.168.151.3:3389
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 1299 -j DNAT --to-destination 192.168.151.2:1299
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 5000:10000 -j DNAT --to-destination 192.168.151.102
-A PREROUTING -i ppp0 -p udp -m udp --dport 5000:10000 -j DNAT --to-destination 192.168.151.102
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 3002 -j DNAT --to-destination 192.168.151.101
-A PREROUTING -i ppp0 -p udp -m udp --dport 3002 -j DNAT --to-destination 192.168.151.101
-A PREROUTING -i ppp0 -p tcp -m multiport --dports 8000,10000,5060,8133,3478 -j DNAT --to-destination 192.168.151.102
-A PREROUTING -d 200.201.174.0/24 -i eth0 -p tcp -m tcp --dport 80 -j RETURN
-A PREROUTING -d 200.201.128.0/17 -i eth0 -p tcp -m tcp --dport 80 -j RETURN
-A PREROUTING -d 200.201.166.240/32 -i eth0 -p tcp -m tcp --dport 80 -j RETURN
-A PREROUTING -d 200.201.173.68/32 -i eth0 -p tcp -m tcp --dport 80 -j RETURN
-A PREROUTING -d 200.201.173.68/32 -i eth0 -p tcp -m tcp --dport 80 -j RETURN
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -s 192.168.151.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.151.0/24 -d 201.76.37.164/32 -j ACCEPT
COMMIT
# Completed on Mon Jan 25 10:14:22 2010
# Generated by iptables-save v1.4.1.1 on Mon Jan 25 10:14:22 2010
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp -s 192.168.151.0/24 --dport 10000 -j ACCEPT
-A INPUT -p tcp -m tcp ! -s 192.168.151.0/24 -i ppp0 --dport 20 -j DROP
-A INPUT -p udp -m udp ! -s 192.168.151.0/24 -i ppp0 --dport 20 -j DROP
-A INPUT -p tcp -m tcp ! -s 192.168.151.0/24 -i ppp0 --dport 21 -j DROP
-A INPUT -p udp -m udp ! -s 192.168.151.0/24 -i ppp0 --dport 21 -j DROP
-A INPUT -p tcp -m tcp ! -s 192.168.151.0/24 -i ppp0 --dport 23 -j DROP
-A INPUT -p udp -m udp ! -s 192.168.151.0/24 -i ppp0 --dport 23 -j DROP
-A INPUT -p tcp -m tcp ! -s 192.168.151.0/24 -i ppp0 --dport 25 -j DROP
-A INPUT -p udp -m udp ! -s 192.168.151.0/24 -i ppp0 --dport 25 -j DROP
-A INPUT -p tcp -m tcp ! -s 192.168.151.0/24 -i ppp0 --dport 80 -j DROP
-A INPUT -p tcp -m tcp ! -s 192.168.151.0/24 -i ppp0 --dport 3128 -j DROP
-A INPUT -p udp -m udp ! -s 192.168.151.0/24 -i ppp0 --dport 80 -j DROP
-A INPUT -p tcp -m tcp ! -s 192.168.151.0/24 -i ppp0 --dport 53 -j DROP
-A INPUT -p udp -m udp ! -s 192.168.151.0/24 -i ppp0 --dport 53 -j DROP
-A INPUT -p tcp -m tcp ! -s 192.168.151.0/24 -i ppp0 --dport 111 -j DROP
-A INPUT -p udp -m udp ! -s 192.168.151.0/24 -i ppp0 --dport 111 -j DROP
-A INPUT -p tcp -m tcp ! -s 192.168.151.0/24 -i ppp0 --dport 515 -j DROP
-A INPUT -p udp -m udp ! -s 192.168.151.0/24 -i ppp0 --dport 515 -j DROP
-A INPUT -p tcp -m tcp ! -s 192.168.151.0/24 -i ppp0 --dport 3306 -j DROP
-A INPUT -p udp -m udp ! -s 192.168.151.0/24 -i ppp0 --dport 3306 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.5/32 --dport 1863 -j DROP
-A FORWARD -s 192.168.151.5/32 -d 65.54.186.80/32 -j DROP
-A FORWARD -s 192.168.151.5/32 -d 65.54.186.78/32 -j DROP
-A FORWARD -s 192.168.151.5/32 -d 65.54.165.178/32 -j DROP
-A FORWARD -s 192.168.151.5/32 -d 65.54.165.138/32 -j DROP
-A FORWARD -s 192.168.151.5/32 -d 65.54.186.50/32 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.51/32 --dport 1863 -j DROP
-A FORWARD -s 192.168.151.51/32 -d 65.54.186.78/32 -j DROP
-A FORWARD -s 192.168.151.51/32 -d 65.54.165.178/32 -j DROP
-A FORWARD -s 192.168.151.51/32 -d 65.54.165.138/32 -j DROP
-A FORWARD -s 192.168.151.51/32 -d 65.54.186.50/32 -j DROP
-A FORWARD -s 192.168.151.51/32 -d 65.54.186.80/32 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.53/32 --dport 1863 -j DROP
-A FORWARD -s 192.168.151.53/32 -d 65.54.165.178/32 -j DROP
-A FORWARD -s 192.168.151.53/32 -d 65.54.165.138/32 -j DROP
-A FORWARD -s 192.168.151.53/32 -d 65.54.186.50/32 -j DROP
-A FORWARD -s 192.168.151.53/32 -d 65.54.186.80/32 -j DROP
-A FORWARD -s 192.168.151.53/32 -d 65.54.186.78/32 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.54/32 --dport 1863 -j DROP
-A FORWARD -s 192.168.151.54/32 -d 65.54.165.138/32 -j DROP
-A FORWARD -s 192.168.151.54/32 -d 65.54.186.50/32 -j DROP
-A FORWARD -s 192.168.151.54/32 -d 65.54.186.80/32 -j DROP
-A FORWARD -s 192.168.151.54/32 -d 65.54.186.78/32 -j DROP
-A FORWARD -s 192.168.151.54/32 -d 65.54.165.178/32 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.55/32 --dport 1863 -j DROP
-A FORWARD -s 192.168.151.55/32 -d 65.54.186.50/32 -j DROP
-A FORWARD -s 192.168.151.55/32 -d 65.54.186.80/32 -j DROP
-A FORWARD -s 192.168.151.55/32 -d 65.54.186.78/32 -j DROP
-A FORWARD -s 192.168.151.55/32 -d 65.54.165.178/32 -j DROP
-A FORWARD -s 192.168.151.55/32 -d 65.54.165.138/32 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.58/32 --dport 1863 -j DROP
-A FORWARD -s 192.168.151.58/32 -d 65.54.186.80/32 -j DROP
-A FORWARD -s 192.168.151.58/32 -d 65.54.186.78/32 -j DROP
-A FORWARD -s 192.168.151.58/32 -d 65.54.165.178/32 -j DROP
-A FORWARD -s 192.168.151.58/32 -d 65.54.165.138/32 -j DROP
-A FORWARD -s 192.168.151.58/32 -d 65.54.186.50/32 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.59/32 --dport 1863 -j DROP
-A FORWARD -s 192.168.151.59/32 -d 65.54.186.78/32 -j DROP
-A FORWARD -s 192.168.151.59/32 -d 65.54.165.178/32 -j DROP
-A FORWARD -s 192.168.151.59/32 -d 65.54.165.138/32 -j DROP
-A FORWARD -s 192.168.151.59/32 -d 65.54.186.50/32 -j DROP
-A FORWARD -s 192.168.151.59/32 -d 65.54.186.80/32 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.60/32 --dport 1863 -j DROP
-A FORWARD -s 192.168.151.60/32 -d 65.54.165.178/32 -j DROP
-A FORWARD -s 192.168.151.60/32 -d 65.54.165.138/32 -j DROP
-A FORWARD -s 192.168.151.60/32 -d 65.54.186.50/32 -j DROP
-A FORWARD -s 192.168.151.60/32 -d 65.54.186.80/32 -j DROP
-A FORWARD -s 192.168.151.60/32 -d 65.54.186.78/32 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.61/32 --dport 1863 -j DROP
-A FORWARD -s 192.168.151.61/32 -d 65.54.165.138/32 -j DROP
-A FORWARD -s 192.168.151.61/32 -d 65.54.186.50/32 -j DROP
-A FORWARD -s 192.168.151.61/32 -d 65.54.186.80/32 -j DROP
-A FORWARD -s 192.168.151.61/32 -d 65.54.186.78/32 -j DROP
-A FORWARD -s 192.168.151.61/32 -d 65.54.165.178/32 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.62/32 --dport 1863 -j DROP
-A FORWARD -s 192.168.151.62/32 -d 65.54.186.50/32 -j DROP
-A FORWARD -s 192.168.151.62/32 -d 65.54.186.80/32 -j DROP
-A FORWARD -s 192.168.151.62/32 -d 65.54.186.78/32 -j DROP
-A FORWARD -s 192.168.151.62/32 -d 65.54.165.178/32 -j DROP
-A FORWARD -s 192.168.151.62/32 -d 65.54.165.138/32 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.65/32 --dport 1863 -j DROP
-A FORWARD -s 192.168.151.65/32 -d 65.54.186.80/32 -j DROP
-A FORWARD -s 192.168.151.65/32 -d 65.54.186.78/32 -j DROP
-A FORWARD -s 192.168.151.65/32 -d 65.54.165.178/32 -j DROP
-A FORWARD -s 192.168.151.65/32 -d 65.54.165.138/32 -j DROP
-A FORWARD -s 192.168.151.65/32 -d 65.54.186.50/32 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.67/32 --dport 1863 -j DROP
-A FORWARD -s 192.168.151.67/32 -d 65.54.186.78/32 -j DROP
-A FORWARD -s 192.168.151.67/32 -d 65.54.165.178/32 -j DROP
-A FORWARD -s 192.168.151.67/32 -d 65.54.165.138/32 -j DROP
-A FORWARD -s 192.168.151.67/32 -d 65.54.186.50/32 -j DROP
-A FORWARD -s 192.168.151.67/32 -d 65.54.186.80/32 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.69/32 --dport 1863 -j DROP
-A FORWARD -s 192.168.151.69/32 -d 65.54.165.178/32 -j DROP
-A FORWARD -s 192.168.151.69/32 -d 65.54.165.138/32 -j DROP
-A FORWARD -s 192.168.151.69/32 -d 65.54.186.50/32 -j DROP
-A FORWARD -s 192.168.151.69/32 -d 65.54.186.80/32 -j DROP
-A FORWARD -s 192.168.151.69/32 -d 65.54.186.78/32 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.70/32 --dport 1863 -j DROP
-A FORWARD -s 192.168.151.70/32 -d 65.54.165.138/32 -j DROP
-A FORWARD -s 192.168.151.70/32 -d 65.54.186.50/32 -j DROP
-A FORWARD -s 192.168.151.70/32 -d 65.54.186.80/32 -j DROP
-A FORWARD -s 192.168.151.70/32 -d 65.54.186.78/32 -j DROP
-A FORWARD -s 192.168.151.70/32 -d 65.54.165.178/32 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.71/32 --dport 1863 -j DROP
-A FORWARD -s 192.168.151.71/32 -d 65.54.186.50/32 -j DROP
-A FORWARD -s 192.168.151.71/32 -d 65.54.186.80/32 -j DROP
-A FORWARD -s 192.168.151.71/32 -d 65.54.186.78/32 -j DROP
-A FORWARD -s 192.168.151.71/32 -d 65.54.165.178/32 -j DROP
-A FORWARD -s 192.168.151.71/32 -d 65.54.165.138/32 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.72/32 --dport 1863 -j DROP
-A FORWARD -s 192.168.151.72/32 -d 65.54.186.80/32 -j DROP
-A FORWARD -s 192.168.151.72/32 -d 65.54.186.78/32 -j DROP
-A FORWARD -s 192.168.151.72/32 -d 65.54.165.178/32 -j DROP
-A FORWARD -s 192.168.151.72/32 -d 65.54.165.138/32 -j DROP
-A FORWARD -s 192.168.151.72/32 -d 65.54.186.50/32 -j DROP
-A FORWARD -p tcp -m tcp -s 192.168.151.0/24 --dport 1863 -j ACCEPT
-A FORWARD -s 192.168.151.0/24 -d 65.54.186.78/32 -j ACCEPT
-A FORWARD -s 192.168.151.0/24 -d 65.54.165.178/32 -j ACCEPT
-A FORWARD -s 192.168.151.0/24 -d 65.54.165.138/32 -j ACCEPT
-A FORWARD -s 192.168.151.0/24 -d 65.54.186.50/32 -j ACCEPT
-A FORWARD -s 192.168.151.0/24 -d 65.54.186.80/32 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.151.0/24 --dport 21 -j ACCEPT
-A FORWARD -p udp -m udp -s 192.168.151.0/24 --dport 21 -j ACCEPT
-A FORWARD -p udp -m udp -s 192.168.151.0/24 --dport 20 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.151.0/24 --dport 23 -j ACCEPT
-A FORWARD -p udp -m udp -s 192.168.151.0/24 --dport 23 -j ACCEPT
-A FORWARD -p udp -m udp -s 192.168.151.0/24 --dport 20 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.151.0/24 --dport 8133 -j ACCEPT
-A FORWARD -p udp -m udp -s 192.168.151.0/24 --dport 8133 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.151.0/24 --dport 5060 -j ACCEPT
-A FORWARD -p udp -m udp -s 192.168.151.0/24 --dport 5060 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.151.0/24 --dport 8000 -j ACCEPT
-A FORWARD -p udp -m udp -s 192.168.151.0/24 --dport 8000 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.151.0/24 --dport 10000 -j ACCEPT
-A FORWARD -p udp -m udp -s 192.168.151.0/24 --dport 10000 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.151.0/24 --dport 3478 -j ACCEPT
-A FORWARD -p udp -m udp -s 192.168.151.0/24 --dport 3478 -j ACCEPT
-A FORWARD -p udp -m udp -s 192.168.151.0/24 --dport 1299 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.151.0/24 --dport 1299 -j ACCEPT
-A FORWARD -p udp -m udp -s 192.168.151.0/24 --dport 1298 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.151.0/24 --dport 1298 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 2631 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 2004 -j ACCEPT
-A FORWARD -p tcp -m tcp -m tcpmss --tcp-flags SYN,RST SYN -j TCPMSS --mss 1400:1536 --clamp-mss-to-pmtu
COMMIT
# Completed on Mon Jan 25 10:14:22 2010
# Generated by iptables-save v1.4.1.1 on Mon Jan 25 10:14:22 2010
*mangle
:PREROUTING ACCEPT [125073:64011881]
:INPUT ACCEPT [33520:13126149]
:FORWARD ACCEPT [91549:50885572]
:OUTPUT ACCEPT [35417:13687979]
:POSTROUTING ACCEPT [126966:64573551]
COMMIT
# Completed on Mon Jan 25 10:14:22 2010


  


2. Re: Iptables

Jefferson Diego
Diede

(usa Debian)

Enviado em 26/01/2010 - 00:00h

3.0 ???? Bem... a versão 1.4.0 saiu no final de 2007, e a última é a 1.4.6, que saiu em 9 de dezembro...

Mas, como assim a configuração sumiu? tinha algo além disso que postou?






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts