PREROUTING FTP e TELNET para HP-UX

1. PREROUTING FTP e TELNET para HP-UX

oraculo3
(usa Red Hat)

Enviado em 26/08/2011 - 15:43h

Boa tarde a todos,

Estou com um problema no meu Firewall, preciso liberar as portas 21(FTP) e 23(TELNET), para um servidor HP que esta rodando HPUX. Até ai blz criei as regras, mas da impressão que a requisição não chega nele, ou ele bloqueia alguma coisa. Da minha rede interna eu consigo fazer telnet e ftp sem problemas, outros serviços que direciono para outros servidores funciona normal.
Alguém poderia me dar uma força ?
Segue meu Iptables:

case "$1" in
start)
for off in /proc/sys/net/ipv4/conf/*/accept_redirects /proc/sys/net/ipv4/conf/*/send_redirects
do
echo $off
echo 0 > $off
done
/sbin/modprobe des3_ede
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ppp_mppe
echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/lo/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth1/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth1/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/lo/accept_redirects
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding

#firewall
/sbin/iptables -I FORWARD -s 192.168.10.250 -j ACCEPT

##########
# fim #
##########

/sbin/iptables -t nat -I POSTROUTING -o eth1 -s 192.168.10.0/16 -j MASQUERADE

/sbin/iptables -A INPUT -mstate --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -mstate --state ESTABLISHED,RELATED -j ACCEPT

###################################
# Libera INPUT no servidor Firewall
###################################

/sbin/iptables -A INPUT -i eth0 -p tcp --dport 9000 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 3128 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT

###########################################################
# Libera portas externas para acesso dentro para fora #
###########################################################

/sbin/iptables -A FORWARD -i eth0 -p icmp -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -p udp --dport 53 -j REJECT
/sbin/iptables -A FORWARD -i eth0 -p tcp --dport 23 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -p udp --dport 23 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -p tcp --dport 20 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -p tcp --dport 21 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -p udp --dport 47 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -p tcp --dport 443 -j ACCEPT

###########################################################
# Libera portas externas para acesso fora para dentro #
###########################################################
/sbin/iptables -A INPUT -i eth1 -p tcp --dport 20 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p tcp --dport 21 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p tcp --dport 23 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp --sport 23 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p tcp --dport 443 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p tcp --dport 3128 -j DROP
###########################################################
# Libera portas externas para acesso #
###########################################################

# FTP Server HP #
# ============================== #
# ============================= #
#/sbin/iptables -I FORWARD -d 192.168.10.1 -p tcp --dport 21 -j ACCEPT
#/sbin/iptables -A FORWARD -i eth1 -d 192.168.10.1 -p tcp --dport 21 -j ACCEPT
#/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to 192.168.10.1:21
/sbin/iptables -A FORWARD -i eth1 -d 192.168.10.1 -p tcp --dport 20 -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 20 -j DNAT --to 192.168.10.1:20

/sbin/iptables -A FORWARD -i eth1 -d 192.168.10.1 -p tcp --dport 21 -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to 192.168.10.1:21

# CAM #
# ============================== #
# ============================= #
/sbin/iptables -I FORWARD -d 192.168.10.100 -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -d 192.168.10.100 -p tcp --dport 80 -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.10.100:80
###########################################################
# bloqueia tudo #
###########################################################

/sbin/iptables -A INPUT -i eth0 -j DROP
# /sbin/iptables -A INPUT -i eth1 -j DROP
/sbin/iptables -A FORWARD -j DROP
;;

stop)
printf "Finalizando o serviTo de %s: " "IPtables"
/sbin/iptables -F
echo 0 > /proc/sys/net/ipv4/ip_forward
service iptables stop
#/sbin/rmmod iptables
;;
esac
exit 0

0 0

Quote