Servidores não se comunicam

1. Servidores não se comunicam

mateus schott
mschott

(usa Debian)

Enviado em 26/08/2011 - 15:33h

Boa tarde!
Esta acontecendo uma coisa muito estranha aki no meu trabalho, tenho 3 servidores, um firewall(192.168.0.1), um servidor de dados(192.168.0.222) e um de backup(192.168.0.3), o que acontece é que o firewall não pinga o backup e vice-versa, mas qualquer outra máquina da rede pinga o backup, servidor de dados por exemplo pinga as duas, se eu troco o ip da de backup de 192.168.0.3 para 192.168.0.220 por exemplo, ai o firewall pinga ela, seria fácil trocar soh o ip do backup, mas o problema que tenho um monte de regra pelo o ip do backup, alguém tem um idéia do que pode ser? ja parei o squid para ver, mas continua a mesma coisa.


  


2. Re: Servidores não se comunicam

Renato Carneiro Pacheco
renato_pacheco

(usa Debian)

Enviado em 26/08/2011 - 15:35h

Não tem nenhuma regra q esteja bloqueando esse IP não (tanto no firewall quanto no servidor d banco d dados)?


3. Re: Servidores não se comunicam

mateus schott
mschott

(usa Debian)

Enviado em 26/08/2011 - 15:46h

no firewall do 192.168.0.1 só achei 4 regras que tinha o ip 192.168.0.3, duas para liberar o webmin de fora e interno e duas para liberar o ssh, e no 192.168.0.3 não tm firewall, mas estranho que até um tempo atrás tava funcionando normalmente, descobri isso por acaso hj.


4. Re: Servidores não se comunicam

Renato Carneiro Pacheco
renato_pacheco

(usa Debian)

Enviado em 26/08/2011 - 15:51h

Q msg q dá quando vc dá o ping? Algumas dessas máquinas rodam SELinux? Vc olhou na tabela do iptables das máquinas com o comando abaixo?

# iptables -nL


5. Re: Servidores não se comunicam

mateus schott
mschott

(usa Debian)

Enviado em 26/08/2011 - 16:03h

intranet:/etc/squid # iptables -nL | more
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 201.16.29.176/28 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED
ACCEPT tcp -- 201.64.186.192/26 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
In_RULE_1 udp -- 0.0.0.0 255.255.255.255 udp multiport dports 68,67 state NEW
icmp_inbound_INET_01 icmp -- 0.0.0.0/0 189.2.141.2 icmp type 255
tcp_inbound_INET_01 tcp -- 0.0.0.0/0 189.2.141.2 tcp
udp_inbound_INET_01 udp -- 0.0.0.0/0 189.2.141.2 udp
icmp_inbound_LAN_01 icmp -- 192.168.0.0/24 189.2.141.2 icmp type 255
icmp_inbound_LAN_01 icmp -- 192.168.0.0/24 192.168.0.1 icmp type 255
tcp_inbound_LAN_01 tcp -- 192.168.0.0/24 189.2.141.2 tcp
tcp_inbound_LAN_01 tcp -- 192.168.0.0/24 192.168.0.1 tcp
udp_inbound_LAN_01 udp -- 192.168.0.0/24 189.2.141.2 udp
udp_inbound_LAN_01 udp -- 192.168.0.0/24 192.168.0.1 udp
icmp_inbound_LAN_02 icmp -- 172.16.0.0/24 172.16.0.1 icmp type 255
tcp_inbound_LAN_02 tcp -- 172.16.0.0/24 172.16.0.1 tcp
udp_inbound_LAN_02 udp -- 172.16.0.0/24 172.16.0.1 udp
ULOG all -- 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `GLOBAL -- DENY ' queue_threshold 1

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 200.175.95.94
ACCEPT tcp -- 0.0.0.0/0 200.198.128.96 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 200.198.128.87 tcp dpt:80
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
icmp_forward_LAN_01_LAN_02 icmp -- 192.168.0.0/24 172.16.0.0/24 icmp type 255
tcp_forward_LAN_01_LAN_02 tcp -- 192.168.0.0/24 172.16.0.0/24 tcp
udp_forward_LAN_01_LAN_02 udp -- 192.168.0.0/24 172.16.0.0/24 udp
icmp_forward_LAN_02_LAN_01 icmp -- 172.16.0.0/24 192.168.0.0/24 icmp type 255
tcp_forward_LAN_02_LAN_01 tcp -- 172.16.0.0/24 192.168.0.0/24 tcp
udp_forward_LAN_02_LAN_01 udp -- 172.16.0.0/24 192.168.0.0/24 udp
icmp_forward_LAN_01_INET_01 icmp -- 192.168.0.0/24 0.0.0.0/0 icmp type 255
tcp_forward_LAN_01_INET_01 tcp -- 192.168.0.0/24 0.0.0.0/0 tcp
udp_forward_LAN_01_INET_01 udp -- 192.168.0.0/24 0.0.0.0/0 udp
icmp_forward_INET_01_LAN_01 icmp -- 0.0.0.0/0 192.168.0.0/24 icmp type 255
tcp_forward_INET_01_LAN_01 tcp -- 0.0.0.0/0 192.168.0.0/24 tcp
udp_forward_INET_01_LAN_01 udp -- 0.0.0.0/0 192.168.0.0/24 udp
icmp_forward_LAN_02_INET_01 icmp -- 172.16.0.0/24 0.0.0.0/0 icmp type 255
tcp_forward_LAN_02_INET_01 tcp -- 172.16.0.0/24 0.0.0.0/0 tcp
udp_forward_LAN_02_INET_01 udp -- 172.16.0.0/24 0.0.0.0/0 udp
icmp_forward_INET_01_LAN_02 icmp -- 0.0.0.0/0 172.16.0.0/24 icmp type 255
tcp_forward_INET_01_LAN_02 tcp -- 0.0.0.0/0 172.16.0.0/24 tcp
udp_forward_INET_01_LAN_02 udp -- 0.0.0.0/0 172.16.0.0/24 udp
ULOG all -- 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `GLOBAL -- DENY ' queue_threshold 1


Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 201.16.29.176/28 tcp spt:22 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 201.64.186.192/26 tcp spt:22 state RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
icmp_outbound_INET_01 icmp -- 189.2.141.2 0.0.0.0/0 icmp type 255
tcp_outbound_INET_01 tcp -- 189.2.141.2 0.0.0.0/0 tcp
udp_outbound_INET_01 udp -- 189.2.141.2 0.0.0.0/0 udp
icmp_outbound_LAN_01 icmp -- 192.168.0.1 192.168.0.0/24 icmp type 255
tcp_outbound_LAN_01 tcp -- 192.168.0.1 192.168.0.0/24 tcp
udp_outbound_LAN_01 udp -- 192.168.0.1 192.168.0.0/24 udp
icmp_outbound_LAN_02 icmp -- 172.16.0.1 172.16.0.0/24 icmp type 255
tcp_outbound_LAN_02 tcp -- 172.16.0.1 172.16.0.0/24 tcp
udp_outbound_LAN_02 udp -- 172.16.0.1 172.16.0.0/24 udp
ULOG all -- 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `GLOBAL -- DENY ' queue_threshold 1

Chain Cid31641X31091.0 (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 201.55.240.7
ACCEPT all -- 0.0.0.0/0 201.55.240.8
ACCEPT all -- 0.0.0.0/0 201.55.240.9

Chain In_RULE_1 (1 references)
target prot opt source destination
ULOG all -- 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `RULE 1 -- ACCEPT ' queue_threshold 1
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain icmp_forward_INET_01_LAN_01 (1 references)
target prot opt source destination
ULOG icmp -- 0.0.0.0/0 192.168.0.0/24 icmp type 255 ULOG copy_range 0 nlgroup 1 prefix `ICMP_FOR_INET01_LAN01 -- DENY ' queue_threshold 1

Chain icmp_forward_INET_01_LAN_02 (1 references)
target prot opt source destination
ULOG icmp -- 0.0.0.0/0 172.16.0.0/24 icmp type 255 ULOG copy_range 0 nlgroup 1 prefix `ICMP_FOR_INET01_LAN02 -- DENY ' queue_threshold 1

Chain icmp_forward_LAN_01_INET_01 (1 references)
target prot opt source destination
ACCEPT icmp -- 192.168.0.0/24 0.0.0.0/0 icmp type 8 code 0
ULOG icmp -- 192.168.0.0/24 0.0.0.0/0 icmp type 255 ULOG copy_range 0 nlgroup 1 prefix `ICMP_FOR_LAN01_INET01 -- DENY ' queue_threshold 1

Chain icmp_forward_LAN_01_LAN_02 (1 references)
target prot opt source destination
ULOG icmp -- 192.168.0.0/24 172.16.0.0/24 icmp type 255 ULOG copy_range 0 nlgroup 1 prefix `ICMP_FOR_LAN01_LAN02 -- DENY ' queue_threshold 1

Chain icmp_forward_LAN_02_INET_01 (1 references)
target prot opt source destination
ACCEPT icmp -- 172.16.0.0/24 0.0.0.0/0 icmp type 8 code 0
ULOG icmp -- 172.16.0.0/24 0.0.0.0/0 icmp type 255 ULOG copy_range 0 nlgroup 1 prefix `ICMP_FOR_LAN02_INET01 -- DENY ' queue_threshold 1


Chain icmp_forward_LAN_02_LAN_01 (1 references)
target prot opt source destination
ULOG icmp -- 172.16.0.0/24 192.168.0.0/24 icmp type 255 ULOG copy_range 0 nlgroup 1 prefix `ICMP_FOR_LAN02_LAN01 -- DENY ' queue_threshold 1

Chain icmp_inbound_INET_01 (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 189.2.141.2 icmp type 8 code 0
ULOG icmp -- 0.0.0.0/0 189.2.141.2 icmp type 255 ULOG copy_range 0 nlgroup 1 prefix `ICMP_IN_INET01 -- DENY ' queue_threshold 1

Chain icmp_inbound_LAN_01 (2 references)
target prot opt source destination
ACCEPT icmp -- 192.168.0.0/24 192.168.0.1 icmp type 8 code 0
ULOG icmp -- 192.168.0.0/24 192.168.0.1 icmp type 255 ULOG copy_range 0 nlgroup 1 prefix `ICMP_IN_LAN01 -- DENY ' queue_threshold 1

Chain icmp_inbound_LAN_02 (1 references)
target prot opt source destination
ACCEPT icmp -- 172.16.0.0/24 172.16.0.1 icmp type 8 code 0
ULOG icmp -- 172.16.0.0/24 172.16.0.1 icmp type 255 ULOG copy_range 0 nlgroup 1 prefix `ICMP_IN_LAN02 -- DENY ' queue_threshold 1

Chain icmp_outbound_INET_01 (1 references)
target prot opt source destination
ACCEPT icmp -- 189.2.141.2 0.0.0.0/0 icmp type 8 code 0
ULOG icmp -- 189.2.141.2 0.0.0.0/0 icmp type 255 ULOG copy_range 0 nlgroup 1 prefix `ICMP_OUT_INET01 -- DENY ' queue_threshold 1

Chain icmp_outbound_LAN_01 (1 references)
target prot opt source destination
ACCEPT icmp -- 192.168.0.1 192.168.0.0/24 icmp type 8 code 0
ULOG icmp -- 192.168.0.1 192.168.0.0/24 icmp type 255 ULOG copy_range 0 nlgroup 1 prefix `ICMP_OUT_LAN01 -- DENY ' queue_threshold 1

Chain icmp_outbound_LAN_02 (1 references)
target prot opt source destination
ACCEPT icmp -- 172.16.0.1 0.0.0.0/0 icmp type 8 code 0
ULOG icmp -- 172.16.0.1 0.0.0.0/0 icmp type 255 ULOG copy_range 0 nlgroup 1 prefix `ICMP_OUT_LAN02 -- DENY ' queue_threshold 1

Chain tcp_forward_INET_01_LAN_01 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 192.168.0.222 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 192.168.0.3 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 192.168.0.226 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 192.168.0.222 tcp dpt:10500
ACCEPT tcp -- 0.0.0.0/0 192.168.0.3 tcp dpt:10400
ACCEPT tcp -- 0.0.0.0/0 192.168.0.226 tcp dpt:10600
ACCEPT tcp -- 0.0.0.0/0 192.168.0.226 tcp dpt:5901
ACCEPT tcp -- 0.0.0.0/0 192.168.0.226 tcp dpt:5902
ACCEPT tcp -- 0.0.0.0/0 192.168.0.226 tcp dpt:5903
ACCEPT tcp -- 0.0.0.0/0 192.168.0.5 tcp dpt:5904
ACCEPT tcp -- 0.0.0.0/0 192.168.0.1 tcp dpt:9090
ACCEPT tcp -- 0.0.0.0/0 192.168.0.1 tcp dpt:5222
ACCEPT tcp -- 0.0.0.0/0 192.168.0.1 tcp dpt:1521
ACCEPT tcp -- 0.0.0.0/0 192.168.0.2 tcp dpt:5900
ACCEPT tcp -- 0.0.0.0/0 192.168.0.1 tcp dpt:20

ACCEPT tcp -- 0.0.0.0/0 192.168.0.1 tcp dpt:21
ULOG tcp -- 0.0.0.0/0 192.168.0.0/24 tcp ULOG copy_range 0 nlgroup 1 prefix `TCP_FOR_INET01_LAN01 -- DENY ' queue_threshold 1

Chain tcp_forward_INET_01_LAN_02 (1 references)
target prot opt source destination
ULOG tcp -- 0.0.0.0/0 172.16.0.0/24 tcp ULOG copy_range 0 nlgroup 1 prefix `TCP_FOR_INET01_LAN02 -- DENY ' queue_threshold 1

Chain tcp_forward_LAN_01_INET_01 (1 references)
target prot opt source destination
ACCEPT all -- 192.168.0.2 0.0.0.0/0
ACCEPT all -- 192.168.0.5 0.0.0.0/0
ACCEPT all -- 192.168.0.223 0.0.0.0/0
ACCEPT all -- 192.168.0.224 0.0.0.0/0
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:53
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:110
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:995
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:465
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:143
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:993
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:21
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp spt:20 dpts:1024:65535
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:20
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:5190
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:1863
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:2631
ACCEPT tcp -- 192.168.0.0/24 201.3.168.101 tcp dpt:8084
ACCEPT tcp -- 192.168.0.0/24 200.142.128.31 tcp dpt:7003
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:1935
ACCEPT tcp -- 192.168.0.0/24 201.55.240.6 tcp dpt:3017
ACCEPT tcp -- 192.168.0.0/24 201.21.250.188 tcp dpt:8000
ACCEPT tcp -- 192.168.0.0/24 200.198.128.46 tcp dpt:8017
ACCEPT tcp -- 192.168.0.0/24 200.152.32.148 tcp dpt:5017
ACCEPT tcp -- 192.168.0.0/24 200.228.185.2 tcp dpt:3306
ULOG tcp -- 192.168.0.0/24 0.0.0.0/0 tcp ULOG copy_range 0 nlgroup 1 prefix `TCP_FOR_LAN01_INET01 -- DENY ' queue_threshold 1
ACCEPT tcp -- 192.168.0.0/24 201.3.234.167 tcp dpt:8080
ACCEPT tcp -- 192.168.0.0/24 200.175.53.159 tcp dpt:8080
ACCEPT tcp -- 192.168.0.0/24 187.7.111.77 tcp dpt:3390
ACCEPT tcp -- 192.168.0.0/24 200.215.15.66 tcp dpt:20
ACCEPT tcp -- 192.168.0.0/24 200.215.15.66 tcp dpt:21
ACCEPT tcp -- 192.168.0.0/24 189.16.169.130 tcp dpt:20
ACCEPT tcp -- 192.168.0.0/24 189.16.169.130 tcp dpt:21
ACCEPT all -- 192.168.0.224 0.0.0.0/0

Chain tcp_forward_LAN_01_LAN_02 (1 references)
target prot opt source destination
ULOG tcp -- 192.168.0.0/24 172.16.0.0/24 tcp ULOG copy_range 0 nlgroup 1 prefix `TCP_FOR_LAN01_LAN02 -- DENY ' queue_threshold 1

Chain tcp_forward_LAN_02_INET_01 (1 references)

target prot opt source destination
ACCEPT tcp -- 172.16.0.0/24 0.0.0.0/0 tcp dpt:53
ACCEPT tcp -- 172.16.0.0/24 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 172.16.0.0/24 0.0.0.0/0 tcp dpt:143
ACCEPT tcp -- 172.16.0.0/24 0.0.0.0/0 tcp dpt:993
ACCEPT tcp -- 172.16.0.0/24 0.0.0.0/0 tcp dpt:110
ACCEPT tcp -- 172.16.0.0/24 0.0.0.0/0 tcp dpt:995
ACCEPT tcp -- 172.16.0.0/24 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 172.16.0.0/24 0.0.0.0/0 tcp dpt:465
ACCEPT tcp -- 172.16.0.0/24 0.0.0.0/0 tcp dpt:5190
ACCEPT tcp -- 172.16.0.0/24 0.0.0.0/0 tcp dpt:1863
ULOG tcp -- 172.16.0.0/24 0.0.0.0/0 tcp ULOG copy_range 0 nlgroup 1 prefix `TCP_FOR_LAN02_INET01 -- DENY ' queue_threshold 1

Chain tcp_forward_LAN_02_LAN_01 (1 references)
target prot opt source destination
ULOG tcp -- 172.16.0.0/24 192.168.0.0/24 tcp ULOG copy_range 0 nlgroup 1 prefix `TCP_FOR_LAN02_LAN01 -- DENY ' queue_threshold 1

Chain tcp_inbound_INET_01 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 189.2.141.2 tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 189.2.141.2 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 189.2.141.2 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 189.2.141.2 tcp dpt:8380
ACCEPT tcp -- 0.0.0.0/0 189.2.141.2 tcp dpt:52222
ACCEPT tcp -- 0.0.0.0/0 189.2.141.2 tcp dpt:10300
ACCEPT tcp -- 0.0.0.0/0 189.2.141.2 tcp dpt:5901
ACCEPT tcp -- 0.0.0.0/0 189.2.141.2 tcp dpt:5902
ACCEPT tcp -- 0.0.0.0/0 189.2.141.2 tcp dpt:5903
ACCEPT tcp -- 0.0.0.0/0 189.2.141.2 tcp dpt:5904
ACCEPT tcp -- 0.0.0.0/0 189.2.141.2 tcp dpt:9090
ACCEPT tcp -- 0.0.0.0/0 189.2.141.2 tcp dpt:5222
ACCEPT tcp -- 0.0.0.0/0 189.2.141.2 tcp dpt:1521
ULOG tcp -- 0.0.0.0/0 189.2.141.2 tcp ULOG copy_range 0 nlgroup 1 prefix `TCP_IN_INET01 -- DENY ' queue_threshold 1
ACCEPT tcp -- 0.0.0.0/0 189.2.141.2 tcp dpt:5900

Chain tcp_inbound_LAN_01 (2 references)
target prot opt source destination
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:53
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:53
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:80
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:80
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:443
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:443
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:3128
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:3128
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:445
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:445
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:139
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:139
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:21
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:21
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp spt:20 dpts:1024:65535

ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp spt:20 dpts:1024:65535
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:20
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:20
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:3306
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:3306
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:22
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:22
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:52222
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:52222
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:10300
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:10300
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpts:55000:55003
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpts:55000:55003
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:8080
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:8080
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:8380
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:8380
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:901
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:901
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:5901
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:5901
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:5902
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:5902
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:5903
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:5903
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:5904
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:5904
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:9090
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:9090
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:5222
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:5222
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:1521
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:1521
ACCEPT tcp -- 192.168.0.0/24 189.2.141.2 tcp dpt:5900
ACCEPT tcp -- 192.168.0.0/24 192.168.0.1 tcp dpt:5900
ULOG tcp -- 192.168.0.0/24 189.2.141.2 tcp ULOG copy_range 0 nlgroup 1 prefix `TCP_IN_LAN01 -- DENY ' queue_threshold 1
ULOG tcp -- 192.168.0.0/24 192.168.0.1 tcp ULOG copy_range 0 nlgroup 1 prefix `TCP_IN_LAN01 -- DENY ' queue_threshold 1

Chain tcp_inbound_LAN_02 (1 references)
target prot opt source destination
ACCEPT tcp -- 172.16.0.0/24 172.16.0.1 tcp dpt:53
ACCEPT tcp -- 172.16.0.0/24 172.16.0.1 tcp dpt:3128
ULOG tcp -- 172.16.0.0/24 172.16.0.1 tcp ULOG copy_range 0 nlgroup 1 prefix `TCP_IN_LAN2 -- DENY ' queue_threshold 1

Chain tcp_outbound_INET_01 (1 references)
target prot opt source destination
ACCEPT tcp -- 189.2.141.2 0.0.0.0/0 tcp state NEW

Chain tcp_outbound_LAN_01 (1 references)
target prot opt source destination
ACCEPT tcp -- 192.168.0.1 192.168.0.0/24 tcp

Chain tcp_outbound_LAN_02 (1 references)
target prot opt source destination
ACCEPT tcp -- 172.16.0.1 172.16.0.0/24 tcp

Chain udp_forward_INET_01_LAN_01 (1 references)
target prot opt source destination
ULOG udp -- 0.0.0.0/0 192.168.0.0/24 udp ULOG copy_range 0 nlgroup 1 prefix `UDP_FOR_INET01_LAN01 -- DENY ' queue_threshold 1

Chain udp_forward_INET_01_LAN_02 (1 references)
target prot opt source destination
ULOG udp -- 0.0.0.0/0 172.16.0.0/24 udp ULOG copy_range 0 nlgroup 1 prefix `UDP_FOR_INET01_LAN02 -- DENY ' queue_threshold 1

Chain udp_forward_LAN_01_INET_01 (1 references)
target prot opt source destination
ACCEPT all -- 192.168.0.2 0.0.0.0/0
ACCEPT all -- 192.168.0.5 0.0.0.0/0
ACCEPT all -- 192.168.0.117 0.0.0.0/0
ACCEPT udp -- 192.168.0.0/24 0.0.0.0/0 udp dpt:53
ACCEPT udp -- 192.168.0.0/24 0.0.0.0/0 udp dpt:123
ACCEPT udp -- 192.168.0.0/24 201.3.186.170 udp dpt:5024
ACCEPT udp -- 192.168.0.0/24 200.228.185.2 udp dpt:69
Cid31641X31091.0 udp -- 192.168.0.0/24 0.0.0.0/0 udp multiport dports 500,10000
ACCEPT udp -- 192.168.0.0/24 10.0.112.10 udp dpt:10000
ULOG udp -- 192.168.0.0/24 0.0.0.0/0 udp ULOG copy_range 0 nlgroup 1 prefix `UDP_FOR_LAN01_INET01 -- DENY ' queue_threshold 1

Chain udp_forward_LAN_01_LAN_02 (1 references)
target prot opt source destination
ULOG udp -- 192.168.0.0/24 172.16.0.0/24 udp ULOG copy_range 0 nlgroup 1 prefix `UDP_FOR_LAN01_LAN02 -- DENY ' queue_threshold 1

Chain udp_forward_LAN_02_INET_01 (1 references)
target prot opt source destination
ACCEPT udp -- 172.16.0.0/24 0.0.0.0/0 udp dpt:53
ULOG udp -- 172.16.0.0/24 0.0.0.0/0 udp ULOG copy_range 0 nlgroup 1 prefix `UDP_FOR_LAN02_INET01 -- DENY ' queue_threshold 1

Chain udp_forward_LAN_02_LAN_01 (1 references)
target prot opt source destination
ULOG udp -- 172.16.0.0/24 192.168.0.0/24 udp ULOG copy_range 0 nlgroup 1 prefix `UDP_FOR_LAN02_LAN01 -- DENY ' queue_threshold 1

Chain udp_inbound_INET_01 (1 references)
target prot opt source destination
ULOG udp -- 0.0.0.0/0 189.2.141.2 udp ULOG copy_range 0 nlgroup 1 prefix `UDP_IN_INET01 -- DENY ' queue_threshold 1

Chain udp_inbound_LAN_01 (2 references)
target prot opt source destination
ACCEPT udp -- 192.168.0.0/24 192.168.0.1 udp dpt:53
ULOG udp -- 192.168.0.0/24 192.168.0.1 udp ULOG copy_range 0 nlgroup 1 prefix `UDP_IN_LAN01 -- DENY ' queue_threshold 1

Chain udp_inbound_LAN_02 (1 references)
target prot opt source destination
ACCEPT udp -- 172.16.0.0/24 172.16.0.1 udp dpt:53
ACCEPT udp -- 172.16.0.0/24 172.16.0.1 udp multiport dports 68,67
ULOG udp -- 172.16.0.0/24 172.16.0.1 udp ULOG copy_range 0 nlgroup 1 prefix `UDP_IN_LAN02 -- DENY ' queue_threshold 1


Chain udp_outbound_INET_01 (1 references)
target prot opt source destination
ACCEPT udp -- 189.2.141.2 0.0.0.0/0 udp dpt:53
ACCEPT udp -- 189.2.141.2 0.0.0.0/0 udp dpt:123
ULOG udp -- 189.2.141.2 0.0.0.0/0 udp ULOG copy_range 0 nlgroup 1 prefix `UDP_OUT_INET01 -- DENY ' queue_threshold 1

Chain udp_outbound_LAN_01 (1 references)
target prot opt source destination
ACCEPT udp -- 192.168.0.1 192.168.0.0/24 udp

Chain udp_outbound_LAN_02 (1 references)
target prot opt source destination
ACCEPT udp -- 172.16.0.1 172.16.0.0/24 udp




eh muito grande esse firewall!!


6. Re: Servidores não se comunicam

mateus schott
mschott

(usa Debian)

Enviado em 26/08/2011 - 16:06h

bkpserver:/etc/sysconfig # iptables -Ln
iptables: No chain/target/match by that name

nenhuma das duas tem SELinux

e quando eu pingo demora um monte e não acontece nada
bkpserver:/etc/sysconfig # ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.



7. Re: Servidores não se comunicam

Renato Carneiro Pacheco
renato_pacheco

(usa Debian)

Enviado em 26/08/2011 - 16:26h

Segundo as regras do seu iptables, acredito q ele esteja bloqueando os pings, sim. Só faça um pequeno teste: limpe as regras (se for possível, claro):

# iptables -F

E veja se o ping volta a funcionar. Se sim, vc terá d modificar as regras do seu script d firewall pra liberar.






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts