Enviado em 26/08/2013 - 15:31h
Boa tarde pessoal. Sou iniciante em servidores proxy e tenho uma duvida! Apanhei muito para fazer o novo skype/outlook/messenger funcionar através do proxy. Estou implementando um servidor firewall onde as politicas são as seguintes:Enviado em 02/09/2013 - 22:40h
Boa noite, o teu problema não está nesta acl, o que vc fez foi liberar todas as portas para conexão, vc reparou que definiu a POLICE FORWARD como DROP? isso significa que ta barrando tudo que vai atravessar o router, o que vc precisa fazer é liberar as portas que o skype precisa pra conectar na CHAIN FORWARD, da uma olhada aqui no VOL que tem bastante material pra isso.Enviado em 03/09/2013 - 08:08h
Enviado em 09/09/2013 - 11:04h
Galera estou quebrando a cabeça a algumas semanas e não consegui resolver o problema com o skype acessando através do proxy... vou postar aqui as confs e logs para ver se alguem pode me ajudar...Enviado em 09/09/2013 - 11:07h
Faça assim:Enviado em 09/09/2013 - 11:44h
Enviado em 09/09/2013 - 16:44h
i mano desiste nao kkkkkk# CONFIGURACAO INICIAL DO SQUID http_port 3128 visible_hostname automacaomga cache_mgr webmaster@localhost error_directory /usr/share/squid/errors/Portuguese # CONFIGURACOES DE CACHE hierarchy_stoplist cgi-bin ? cache_mem 32 MB maximum_object_size_in_memory 64 KB maximum_object_size 100 MB cache_dir ufs /var/spool/squid 2048 16 256 refresh_pattern ^ftp: 360 20% 10080 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 access_log /var/log/squid/access.log # ACLs PARA A REDE LOCAL acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/32 acl rede1 src 192.168.1.0/24 acl rede2 src 192.168.2.0/24 acl manager proto cache_object http_access allow manager localhost http_access deny manager acl purge method PURGE http_access allow purge localhost http_access deny purge # ACLs PARA LIBERACAO DE PORTAS acl Safe_ports port 20 # caixa acl Safe_ports port 21 # ftp acl Safe_ports port 70 # gopher acl Safe_ports port 80 # http acl Safe_ports port 210 # wais acl Safe_ports port 280 # http-mgmt acl Safe_ports port 443 # https acl Safe_ports port 465 # outlook smtp acl Safe_ports port 488 # gss-http acl Safe_ports port 563 # nntps-outlook acl Safe_ports port 591 # filemaker acl Safe_ports port 631 # cups acl Safe_ports port 777 # multiling http acl Safe_ports port 873 # rsync acl Safe_ports port 901 # swat acl Safe_ports port 995 # outlook pop acl Safe_ports port 4004 # caixa acl Safe_ports port 7878 # caixa acl Safe_ports port 8081 # localhost acl Safe_ports port 9099 # localhost acl Safe_ports port 1025-65535 # unregistered ports http_access deny !Safe_ports # ACLs PARA LIBERACAO DE PORTAS SSL acl connect method CONNECT acl SSL_ports port 443 # https acl SSL_ports port 563 # nntps acl SSL_ports port 873 # rsync acl SSL_ports port 4004 # caixa acl SSL_ports port 30000 # Bradesco http_access deny connect !SSL_ports # ACLs PARA LIBERACAO TOTAL POR MAC acl liberados_mac arp "/etc/squid/rules/liberados_mac" http_access allow liberados_mac # ACLs LIBERACAO TOTAL NA HORA DESEJADA acl LAUNCH_TIME time S M T W H F A 12:00-13:12 http_access allow LAUNCH_TIME # ACLs PARA LIBERACAO DO SKYPE POR IP acl skype_users src "/etc/squid/rules/liberado_skype" acl skype_url url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ http_access allow CONNECT skype_users skype_url http_access deny CONNECT skype_url # ACLs PARA SITES BLOQUEADOS acl sites_bloqueados url_regex -i "/etc/squid/rules/sites_bloqueados" http_access deny sites_bloqueados # ACLs PARA BLOQUEIO DE DOMINIOS acl dominios dstdomain "/etc/squid/rules/dominios" http_access deny dominios # ACLs PARA PALAVRAS acl palavras_bloqueadas url_regex -i "/etc/squid/rules/palavras_bloqueadas" http_access deny palavras_bloqueadas # LIBERACAO POR IP PARA BAIXAR EXTENCOES acl ip_liberado src 192.168.1.66 -i "/etc/squid/rules/extencoes" http_access allow ip_liberado # ACLs PARA EXTENCOES acl extencoes url_regex -i "/etc/squid/rules/extencoes" http_access deny extencoes # CONFIGURACOES GERAIS PARA A REDE LOCAL E DEMAIS http_access allow localhost http_access allow rede1 http_access allow rede2 http_access deny all
# Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. ################################################################################ *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] #REGRAS INPUT -A INPUT -j RH-Firewall-1-INPUT #REGRAS FORWARD -A FORWARD -j RH-Firewall-1-INPUT -A FORWARD -d 200.138.157.4 -p tcp -m tcp --dport 8080 -j ACCEPT -A FORWARD -d 200.155.86.35 -p tcp -m tcp --dport 443 -j ACCEPT -A FORWARD -d 200.201.0.0 -p tcp -m multiport --dports 80,443 -j ACCEPT -A FORWARD -d 200.143.5.68 -p tcp -m multiport --dports 20,7878,4004 -j ACCEPT -A FORWARD -d 200.143.5.69 -p tcp -m multiport --dports 20,7878,4004 -j ACCEPT #REGRAS OUTPUT -A OUTPUT -j RH-Firewall-1-INPUT #REGRAS RH-FIREWALL (LIBERACAO DE PORTAS) # CAIXA -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 20 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 4004 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 7878 -j ACCEPT # CAMERAS -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8080 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8888 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8081 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 37777 -j ACCEPT # OUTLOOK - SMTP - POP - IMAP -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 110 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 465 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 587 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 995 -j ACCEPT # TERMINAL SERVER -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 3387 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 3388 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 3389 -j ACCEPT # MONITORAMENTOS - XYMON - WEBMIN - USERMIN -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 1984 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 10000 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 20000 -j ACCEPT # SAMBA - SSH - TELNET - DNS - SSL -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 23 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 445 -j ACCEPT # PROXY - SQUID -A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 3128 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.2.0/24 --dport 3128 -j ACCEPT # BB PLUS BRADESCO -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 30000 -j ACCEPT # OUTRAS PORTAS -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 143 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5938 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 993 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 9099 -j ACCEPT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Tue May 21 13:09:34 2013 # Generated by iptables-save v1.3.5 on Tue May 21 13:09:34 2013 ###################################################################################### *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] # REGRAS PREROUTING # REDIRECIONAMENTOS DAS REDE 1 E REDE 2 PARA O SQUID -A PREROUTING -i eth0 -s 192.168.1.0/24 -p tcp -m multiport --dport 80,443 -j REDIRECT --to-port 3128 -A PREROUTING -i eth2 -s 192.168.2.0/24 -p tcp -m multiport --dport 80,443 -j REDIRECT --to-port 3128 # PACOTES VINDOS PELO LINK1 -A PREROUTING -p tcp -m tcp -d 192.168.25.254 --dport 3389 -j DNAT --to-destination 192.168.1.101:3389 -A PREROUTING -p tcp -m tcp -d 192.168.25.254 --dport 8080 -j DNAT --to-destination 192.168.1.103:8080 -A PREROUTING -p tcp -m tcp -d 192.168.25.254 --dport 8081 -j DNAT --to-destination 192.168.1.102:80 -A PREROUTING -p tcp -m tcp -d 192.168.25.254 --dport 8888 -j DNAT --to-destination 192.168.1.100:8888 -A PREROUTING -p tcp -m tcp -d 192.168.25.254 --dport 3388 -j DNAT --to-destination 192.168.1.190:3389 -A PREROUTING -p tcp -m tcp -d 192.168.25.254 --dport 3387 -j DNAT --to-destination 192.168.1.9:3389 # PACOTES VINDOS PELO LINK2 -A PREROUTING -p tcp -m tcp -d 192.168.24.254 --dport 3389 -j DNAT --to-destination 192.168.1.101:3389 -A PREROUTING -p tcp -m tcp -d 192.168.24.254 --dport 8080 -j DNAT --to-destination 192.168.1.103:8080 -A PREROUTING -p tcp -m tcp -d 192.168.24.254 --dport 8081 -j DNAT --to-destination 192.168.1.102:80 -A PREROUTING -p tcp -m tcp -d 192.168.24.254 --dport 8888 -j DNAT --to-destination 192.168.1.100:8888 -A PREROUTING -p tcp -m tcp -d 192.168.24.254 --dport 3388 -j DNAT --to-destination 192.168.1.190:3389 -A PREROUTING -p tcp -m tcp -d 192.168.24.254 --dport 3387 -j DNAT --to-destination 192.168.1.9:3389 # REGRAS POSTROUTING -A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -o eth1 -j MASQUERADE -A POSTROUTING -o eth2 -j MASQUERADE -A POSTROUTING -o eth3 -j MASQUERADE # REGRAS OUTPUP COMMIT # Completed on Tue May 21 13:09:34 2013 ###################################################################################### # Generated by webmin *mangle :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed
Enviado em 09/09/2013 - 16:45h
acl numeric_IPs dstdom_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443Enviado em 10/09/2013 - 16:35h
Obrigado pela ajuda, estou verificando isso!# CONFIGURACAO INICIAL DO SQUID http_port 3128 visible_hostname automacaomga cache_mgr webmaster@localhost error_directory /usr/share/squid/errors/Portuguese # CONFIGURACOES DE CACHE hierarchy_stoplist cgi-bin ? cache_mem 32 MB maximum_object_size_in_memory 64 KB maximum_object_size 100 MB cache_dir ufs /var/spool/squid 2048 16 256 refresh_pattern ^ftp: 360 20% 10080 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 access_log /var/log/squid/access.log # ACLs PARA A REDE LOCAL acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/32 acl rede1 src 192.168.1.0/24 acl rede2 src 192.168.2.0/24 acl manager proto cache_object http_access allow manager localhost http_access deny manager acl purge method PURGE http_access allow purge localhost http_access deny purge # ACLs PARA LIBERACAO DE PORTAS acl Safe_ports port 20 # caixa acl Safe_ports port 21 # ftp acl Safe_ports port 70 # gopher acl Safe_ports port 80 # http acl Safe_ports port 210 # wais acl Safe_ports port 280 # http-mgmt acl Safe_ports port 443 # https acl Safe_ports port 465 # outlook smtp acl Safe_ports port 488 # gss-http acl Safe_ports port 563 # nntps-outlook acl Safe_ports port 591 # filemaker acl Safe_ports port 631 # cups acl Safe_ports port 777 # multiling http acl Safe_ports port 873 # rsync acl Safe_ports port 901 # swat acl Safe_ports port 995 # outlook pop acl Safe_ports port 4004 # caixa acl Safe_ports port 7878 # caixa acl Safe_ports port 8081 # localhost acl Safe_ports port 9099 # localhost acl Safe_ports port 1025-65535 # unregistered ports http_access deny !Safe_ports # ACLs PARA LIBERACAO DE PORTAS SSL acl connect method CONNECT acl SSL_ports port 443 # https acl SSL_ports port 563 # nntps acl SSL_ports port 873 # rsync acl SSL_ports port 4004 # caixa acl SSL_ports port 30000 # Bradesco http_access deny connect !SSL_ports # ACLs PARA LIBERACAO TOTAL POR MAC acl liberados_mac arp "/etc/squid/rules/liberados_mac" http_access allow liberados_mac # ACLs LIBERACAO TOTAL NA HORA DESEJADA acl LAUNCH_TIME time S M T W H F A 12:00-13:12 http_access allow LAUNCH_TIME # ACLs PARA LIBERACAO DO SKYPE POR IP acl skype_users src "/etc/squid/rules/liberado_skype" acl skype_url url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ http_access allow CONNECT skype_users skype_url http_access deny CONNECT skype_url # ACLs PARA SITES BLOQUEADOS acl sites_bloqueados url_regex -i "/etc/squid/rules/sites_bloqueados" http_access deny sites_bloqueados # ACLs PARA BLOQUEIO DE DOMINIOS acl dominios dstdomain "/etc/squid/rules/dominios" http_access deny dominios # ACLs PARA PALAVRAS acl palavras_bloqueadas url_regex -i "/etc/squid/rules/palavras_bloqueadas" http_access deny palavras_bloqueadas # LIBERACAO POR IP PARA BAIXAR EXTENCOES acl ip_liberado src 192.168.1.66 -i "/etc/squid/rules/extencoes" http_access allow ip_liberado # ACLs PARA EXTENCOES acl extencoes url_regex -i "/etc/squid/rules/extencoes" http_access deny extencoes # CONFIGURACOES GERAIS PARA A REDE LOCAL E DEMAIS http_access allow localhost http_access allow rede1 http_access allow rede2 http_access deny all
# Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. ################################################################################ *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] #REGRAS INPUT -A INPUT -j RH-Firewall-1-INPUT #REGRAS FORWARD -A FORWARD -j RH-Firewall-1-INPUT -A FORWARD -d 200.138.157.4 -p tcp -m tcp --dport 8080 -j ACCEPT -A FORWARD -d 200.155.86.35 -p tcp -m tcp --dport 443 -j ACCEPT -A FORWARD -d 200.201.0.0 -p tcp -m multiport --dports 80,443 -j ACCEPT -A FORWARD -d 200.143.5.68 -p tcp -m multiport --dports 20,7878,4004 -j ACCEPT -A FORWARD -d 200.143.5.69 -p tcp -m multiport --dports 20,7878,4004 -j ACCEPT #REGRAS OUTPUT -A OUTPUT -j RH-Firewall-1-INPUT #REGRAS RH-FIREWALL (LIBERACAO DE PORTAS) # CAIXA -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 20 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 4004 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 7878 -j ACCEPT # CAMERAS -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8080 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8888 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8081 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 37777 -j ACCEPT # OUTLOOK - SMTP - POP - IMAP -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 110 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 465 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 587 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 995 -j ACCEPT # TERMINAL SERVER -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 3387 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 3388 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 3389 -j ACCEPT # MONITORAMENTOS - XYMON - WEBMIN - USERMIN -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 1984 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 10000 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 20000 -j ACCEPT # SAMBA - SSH - TELNET - DNS - SSL -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 23 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 445 -j ACCEPT # PROXY - SQUID -A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 3128 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.2.0/24 --dport 3128 -j ACCEPT # BB PLUS BRADESCO -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 30000 -j ACCEPT # OUTRAS PORTAS -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 143 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5938 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 993 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 9099 -j ACCEPT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Tue May 21 13:09:34 2013 # Generated by iptables-save v1.3.5 on Tue May 21 13:09:34 2013 ###################################################################################### *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] # REGRAS PREROUTING # REDIRECIONAMENTOS DAS REDE 1 E REDE 2 PARA O SQUID -A PREROUTING -i eth0 -s 192.168.1.0/24 -p tcp -m multiport --dport 80,443 -j REDIRECT --to-port 3128 -A PREROUTING -i eth2 -s 192.168.2.0/24 -p tcp -m multiport --dport 80,443 -j REDIRECT --to-port 3128 # PACOTES VINDOS PELO LINK1 -A PREROUTING -p tcp -m tcp -d 192.168.25.254 --dport 3389 -j DNAT --to-destination 192.168.1.101:3389 -A PREROUTING -p tcp -m tcp -d 192.168.25.254 --dport 8080 -j DNAT --to-destination 192.168.1.103:8080 -A PREROUTING -p tcp -m tcp -d 192.168.25.254 --dport 8081 -j DNAT --to-destination 192.168.1.102:80 -A PREROUTING -p tcp -m tcp -d 192.168.25.254 --dport 8888 -j DNAT --to-destination 192.168.1.100:8888 -A PREROUTING -p tcp -m tcp -d 192.168.25.254 --dport 3388 -j DNAT --to-destination 192.168.1.190:3389 -A PREROUTING -p tcp -m tcp -d 192.168.25.254 --dport 3387 -j DNAT --to-destination 192.168.1.9:3389 # PACOTES VINDOS PELO LINK2 -A PREROUTING -p tcp -m tcp -d 192.168.24.254 --dport 3389 -j DNAT --to-destination 192.168.1.101:3389 -A PREROUTING -p tcp -m tcp -d 192.168.24.254 --dport 8080 -j DNAT --to-destination 192.168.1.103:8080 -A PREROUTING -p tcp -m tcp -d 192.168.24.254 --dport 8081 -j DNAT --to-destination 192.168.1.102:80 -A PREROUTING -p tcp -m tcp -d 192.168.24.254 --dport 8888 -j DNAT --to-destination 192.168.1.100:8888 -A PREROUTING -p tcp -m tcp -d 192.168.24.254 --dport 3388 -j DNAT --to-destination 192.168.1.190:3389 -A PREROUTING -p tcp -m tcp -d 192.168.24.254 --dport 3387 -j DNAT --to-destination 192.168.1.9:3389 # REGRAS POSTROUTING -A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -o eth1 -j MASQUERADE -A POSTROUTING -o eth2 -j MASQUERADE -A POSTROUTING -o eth3 -j MASQUERADE # REGRAS OUTPUP COMMIT # Completed on Tue May 21 13:09:34 2013 ###################################################################################### # Generated by webmin *mangle :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed
Como gerar qualquer emoji ou símbolo unicode a partir do seu teclado
Instalar e Configurar o Slackware Linux em 2025
Como configurar os repositórios do apt no Debian 12 em 2025
Passkeys: A Evolução da Autenticação Digital
Instalação de distro Linux em computadores, netbooks, etc, em rede com o Clonezilla
Configurando o Conky para iniciar corretamente no sistema
3 configurações básicas que podem melhorar muito a sua edição pelo editor nano
Como colorir os logs do terminal com ccze
Instalação Microsoft Edge no Linux Mint 22
Como configurar posicionamento e movimento de janelas no Lubuntu (Openbox) com atalhos de teclado
Linux Mint não conecta Wi-Fi sem fio (25)
Site da gontijo simplesmente não abre, ERR_HTTP2_PRO... [RESOLVIDO] (4)