neger
(usa Ubuntu)
Enviado em 20/11/2014 - 08:48h
Bom dia pessoal, sou novo aqui,
sou novo em Linux também,
acabei assumindo algumas coisas que um terceiro cuidava e sou bem novato na parte de squid, linux etc, comecei um curso porém o conhecimento estou pegando na pratica mesmo.
me bati bastante mas não encontrei a solução,
temos uma vpn CISCO que está tudo certo, acessa toda a rede, porém os ips dos DVR para acesso as câmeras não acontece nada, vi que poderia ser um problema no proxy ou portas dos dvrs,
lendo alguns tópicos aqui, rodei alguns comandos porém não consigo achar algo de errado,
[root@fw ~]# $sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@fw ~]# $sudo iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 1262K packets, 123M bytes)
pkts bytes target prot opt in out source destination
0 0 RETURN tcp -- br0 * 172.16.1.238 0.0.0.0/0
0 0 RETURN tcp -- br0 * 172.16.1.237 0.0.0.0/0
0 0 RETURN tcp -- br0 * 172.16.1.236 0.0.0.0/0
0 0 RETURN tcp -- br0 * 172.16.1.238 0.0.0.0/0 tcp dpt:80
0 0 RETURN tcp -- br0 * 172.16.1.237 0.0.0.0/0 tcp dpt:80
0 0 RETURN tcp -- br0 * 172.16.1.236 0.0.0.0/0 tcp dpt:80
128 6656 RETURN tcp -- br0 * 172.16.6.60 0.0.0.0/0 tcp dpt:80
0 0 RETURN all -- * * 172.16.0.0/16 10.16.0.0/16
610 33208 RETURN all -- * * 10.16.0.0/16 172.16.0.0/16
929K 48M REDIRECT tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
Chain POSTROUTING (policy ACCEPT 714K packets, 43M bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24
0 0 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24
0 0 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24
estes ips 172.16.1.236/237 e 238 são os ips dos DVRs, alguém consegue me dar uma luz?