firewall.sh não executa! [RESOLVIDO]

removido
(usa Nenhuma)

Enviado em 07/05/2009 - 12:38h

boa tarde galera do VivaoLinux!

to com esse script de firewall.sh aqui na empresa.
o problema é que não consigo executar ele com sh /etc/rc.local.
sou iniciante em linux e tudo que tenho feito é sobre pesquisas.
se alguém puder me ajudar, ficarei grato;
segue abaixo script.

#!/bin/bash

#INSIRA A CLASSE DE REDE ex: 192.168.0.0/24

REDE="192.168.0.0/24"

#INSIRA O IP DO MICRO QUE NAO VAI USAR PROXY
IPLIVRE="192.168.0.101"
#O IP ACIMA EH DO SERVIDOR DE DADOS (AD)

#INSIRA AS INTERFACES DE REDE

ETH_REDE="eth1"

ETH_INTERNET="eth0"

iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z


modprobe ip_conntrack
modprobe ip_tables
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe ipt_MASQUERADE
modprobe iptable_filter
modprobe iptable_nat
modprobe iptable_mangle
modprobe ipt_LOG
modprobe ipt_multiport
modprobe ip_queue
modprobe ipt_REDIRECT
modprobe ipt_state
modprobe ipt_ttl

iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT

#LIBERACAO PARA A REDE INTERNA

iptables -A INPUT -s "$REDE" -i "$ETH_REDE" -j ACCEPT

#iptables -A INPUT -s 200.171.58.201 -p tcp --dport 22 -j ACCEPT
#iptables -A INPUT -s 201.31.136.16 -p tcp --dport 22 -j ACCEPT

iptables -A INPUT -s 0/0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -S 0/0 -P udp --dport 53 -j ACCEPT
iptables -A INPUT -s 0/0 -p tcp --dport 53 -j ACCEPT

iptables -P FORWARD DROP

#PACOTES ESTABELECIDOS
iptables -A FORWARD -i "$ETH_INTERNET" -o "$ETH_REDE" -s 0/0 -d "$REDE" -m state --state RELATED,ESTABLISHED -j ACCEPT

#AUTENTICACAO DA TELEFONICA
iptables -A FORWARD -i "$ETH_REDE" -o "$ETH_INTERNET" -s $REDE -d 201.28.214.82/0 -j ACCEPT

#IP LIBERADO
iptables -A FORWARD -i "$ETH_REDE" -o "$ETH_INTERNET" -s "$IPLIVRE" -d 0/0 -j ACCEPT

#LIBERA A SAIDA DA REDE LOCAL PARA A INTERNET
iptables -A FORWARD -i "$ETH_REDE" -o "$ETH_INTERNET" -s $REDE -D 0/0 -j ACCEPT

#ACESSO VIA TERMINAL SERVICE (TS)
#iptables -I FORWARD -d 192.168.0.101 -p tcp --dport 3389 -j ACCEPT
#iptables -I FORWARD -s 192.168.0.101 -j ACCEPT
#iptables -I FORWARD -d 192.168.0.100 -p tcp --dport 3389 -j ACCEPT
#iptables -i FORWARD -s 192.168.0.100 -j ACCEPT

#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3392 -j DNAT --to-destination 192.168.0.100:3389
#iptables -t nat -A PREROUTING -s 0/0 -d 20.0.0.1 -p tcp --dport 3391 -j DNAT --to 192.168.0.101

iptables -I INPUT -d 201.27.86.35 -p tcp --dport 3389 -j ACCEPT
iptables -I FORWARD -d 192.168.0.101 -p tcp --dport 3389 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -d 201.27.86.35 -p tcp --dport 3389 -j DNAT --to-destination 192.168.0.101:3389


iptables -I INPUT -d 201.27.86.35 -p udp --dport 3389 -j ACCEPT
iptables -I FORWARD -d 192.168.0.101 -p udp --dport 3389 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -d 201.27.86.35 -p udp --dport 3389 -j DNAT --to-destination 192.168.0.101:3389

#LOG DA REDE

#iptables -I FORWARD -j LOG --log-prefix " ROUTE : "

#NAT REDE INTERNA

iptables -t nat -A POSTROUTING -s "$REDE" -o "$ETH_INTERNET" -j MASQUERADE
iptables -t nat -A POSTROUTING -s "$REDE" -o eth2 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 31

abaixo o erro:

[root@fw-tim ~]# sh /root/firewall.sh
/root/firewall.sh: line 17: iptables: command not found
/root/firewall.sh: line 18: iptables: command not found
/root/firewall.sh: line 19: iptables: command not found
/root/firewall.sh: line 20: iptables: command not found
/root/firewall.sh: line 21: iptables: command not found
/root/firewall.sh: line 22: iptables: command not found
/root/firewall.sh: line 25: modprobe: command not found
/root/firewall.sh: line 26: modprobe: command not found
/root/firewall.sh: line 27: modprobe: command not found
/root/firewall.sh: line 28: modprobe: command not found
/root/firewall.sh: line 29: modprobe: command not found
/root/firewall.sh: line 30: modprobe: command not found
/root/firewall.sh: line 31: modprobe: command not found
/root/firewall.sh: line 32: modprobe: command not found
/root/firewall.sh: line 33: modprobe: command not found
/root/firewall.sh: line 34: modprobe: command not found
/root/firewall.sh: line 35: modprobe: command not found
/root/firewall.sh: line 36: modprobe: command not found
/root/firewall.sh: line 37: modprobe: command not found
/root/firewall.sh: line 38: modprobe: command not found
/root/firewall.sh: line 40: iptables: command not found
/root/firewall.sh: line 44: iptables: command not found
/root/firewall.sh: line 45: iptables: command not found
/root/firewall.sh: line 46: iptables: command not found
/root/firewall.sh: line 50: iptables: command not found
/root/firewall.sh: line 55: iptables: command not found
/root/firewall.sh: line 56: iptables: command not found
/root/firewall.sh: line 57: iptables: command not found
/root/firewall.sh: line 59: iptables: command not found
/root/firewall.sh: line 62: iptables: command not found
/root/firewall.sh: line 65: iptables: command not found
/root/firewall.sh: line 68: iptables: command not found
/root/firewall.sh: line 73: iptables: command not found
/root/firewall.sh: line 86: iptables: command not found
/root/firewall.sh: line 87: iptables: command not found
/root/firewall.sh: line 88: iptables: command not found
/root/firewall.sh: line 91: iptables: command not found
/root/firewall.sh: line 92: iptables: command not found
/root/firewall.sh: line 93: iptables: command not found
/root/firewall.sh: line 101: iptables: command not found
/root/firewall.sh: line 102: iptables: command not found
/root/firewall.sh: line 103: iptables: command not found

_eXagon
(usa OpenSuSE)

Enviado em 07/05/2009 - 12:52h

Procure por iptables na sua distro , talvez vc tenha que instala-la pelo seu gerenciador de software ;)

Qualquer duvida dê uma checada : http://focalinux.cipsga.org.br/guia/avancado/ch-fw-iptables.htm

Abraço

removido
(usa Nenhuma)

Enviado em 07/05/2009 - 12:59h

Vlw eXagon...
vou dar uma olhada!

(Y)

mshonorato
(usa Debian)

Enviado em 07/05/2009 - 13:13h

Digite iptables -L para ver se o iptables está instalado e poste o resultado aqui...

Digite tb whereis iptables e coloque aqui...

removido
(usa Nenhuma)

Enviado em 07/05/2009 - 14:15h

[root@fw-tim thor]# iptables -L
bash: iptables: command not found

[root@fw-tim thor]# whereis iptables
iptables: /sbin/iptables /etc/iptables /lib/iptables /usr/share/man/man8/iptables.8.gz


fiz o que pediu...
=\

o que pode ser isso?

SMarcell
(usa Slackware)

Enviado em 07/05/2009 - 15:00h

Como root, digite:

echo $PATH

E verifique se o diretório '/sbin' está presente na variável PATH do root. Outra coisa, rode o script em modo debug:

bash -x script

removido
(usa Nenhuma)

Enviado em 07/05/2009 - 15:18h

[root@fw-tim sbin]# echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/thor/bin

ai cara... deu esse resultado!
como rodo em modo Debug?

removido
(usa Nenhuma)

Enviado em 07/05/2009 - 15:22h

EM MODO DEBUG VELHO:

[root@fw-tim ~]# bash -x firewall.sh
+ REDE=192.168.0.0/24
+ IPLIVRE=192.168.0.101
+ ETH_REDE=eth1
+ ETH_INTERNET=eth0
+ iptables -F
firewall.sh: line 17: iptables: command not found
+ iptables -X
firewall.sh: line 18: iptables: command not found
+ iptables -Z
firewall.sh: line 19: iptables: command not found
+ iptables -t nat -F
firewall.sh: line 20: iptables: command not found
+ iptables -t nat -X
firewall.sh: line 21: iptables: command not found
+ iptables -t nat -Z
firewall.sh: line 22: iptables: command not found
+ modprobe ip_conntrack
firewall.sh: line 25: modprobe: command not found
+ modprobe ip_tables
firewall.sh: line 26: modprobe: command not found
+ modprobe ip_conntrack_ftp
firewall.sh: line 27: modprobe: command not found
+ modprobe ip_nat_ftp
firewall.sh: line 28: modprobe: command not found
+ modprobe ipt_MASQUERADE
firewall.sh: line 29: modprobe: command not found
+ modprobe iptable_filter
firewall.sh: line 30: modprobe: command not found
+ modprobe iptable_nat
firewall.sh: line 31: modprobe: command not found
+ modprobe iptable_mangle
firewall.sh: line 32: modprobe: command not found
+ modprobe ipt_LOG
firewall.sh: line 33: modprobe: command not found
+ modprobe ipt_multiport
firewall.sh: line 34: modprobe: command not found
+ modprobe ip_queue
firewall.sh: line 35: modprobe: command not found
+ modprobe ipt_REDIRECT
firewall.sh: line 36: modprobe: command not found
+ modprobe ipt_state
firewall.sh: line 37: modprobe: command not found
+ modprobe ipt_ttl
firewall.sh: line 38: modprobe: command not found
+ iptables -P INPUT DROP
firewall.sh: line 40: iptables: command not found
+ iptables -A INPUT -m state --state INVALID -j DROP
firewall.sh: line 44: iptables: command not found
+ iptables -A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
firewall.sh: line 45: iptables: command not found
+ iptables -A INPUT -i lo -j ACCEPT
firewall.sh: line 46: iptables: command not found
+ iptables -A INPUT -s 192.168.0.0/24 -i eth1 -j ACCEPT
firewall.sh: line 50: iptables: command not found
+ iptables -A INPUT -s 0/0 -p tcp --dport 22 -j ACCEPT
firewall.sh: line 55: iptables: command not found
+ iptables -A INPUT -S 0/0 -P udp --dport 53 -j ACCEPT
firewall.sh: line 56: iptables: command not found
+ iptables -A INPUT -s 0/0 -p tcp --dport 53 -j ACCEPT
firewall.sh: line 57: iptables: command not found
+ iptables -P FORWARD DROP
firewall.sh: line 59: iptables: command not found
+ iptables -A FORWARD -i eth0 -o eth1 -s 0/0 -d 192.168.0.0/24 -m state --state RELATED,ESTABLISHED -j ACCEPT
firewall.sh: line 62: iptables: command not found
+ iptables -A FORWARD -i eth1 -o eth0 -s 192.168.0.0/24 -d 201.28.214.82/0 -j ACCEPT
firewall.sh: line 65: iptables: command not found
+ iptables -A FORWARD -i eth1 -o eth0 -s 192.168.0.101 -d 0/0 -j ACCEPT
firewall.sh: line 68: iptables: command not found
+ iptables -A FORWARD -i eth1 -o eth0 -s 192.168.0.0/24 -D 0/0 -j ACCEPT
firewall.sh: line 73: iptables: command not found
+ iptables -I INPUT -d 201.27.86.35 -p tcp --dport 3389 -j ACCEPT
firewall.sh: line 86: iptables: command not found
+ iptables -I FORWARD -d 192.168.0.101 -p tcp --dport 3389 -j ACCEPT
firewall.sh: line 87: iptables: command not found
+ iptables -t nat -A PREROUTING -i eth0 -d 201.27.86.35 -p tcp --dport 3389 -j DNAT --to-destination 192.168.0.101:3389
firewall.sh: line 88: iptables: command not found
+ iptables -I INPUT -d 201.27.86.35 -p udp --dport 3389 -j ACCEPT
firewall.sh: line 91: iptables: command not found
+ iptables -I FORWARD -d 192.168.0.101 -p udp --dport 3389 -j ACCEPT
firewall.sh: line 92: iptables: command not found
+ iptables -t nat -A PREROUTING -i eth0 -d 201.27.86.35 -p udp --dport 3389 -j DNAT --to-destination 192.168.0.101:3389
firewall.sh: line 93: iptables: command not found
+ iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
firewall.sh: line 101: iptables: command not found
+ iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth2 -j MASQUERADE
firewall.sh: line 102: iptables: command not found
+ iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 31
firewall.sh: line 103: iptables: command not found

volcom
(usa Debian)

Enviado em 07/05/2009 - 15:55h

Pode parecer besta...mas o iptables esta instalado?

removido
(usa Nenhuma)

Enviado em 07/05/2009 - 16:02h

Volcon...
me parece que o iptables não está instalado, pelos testes que fizemos.

ps: eu não conheço a ferramenta, estou começando agora... se vocês puderem ajudar... (Y)

mshonorato
(usa Debian)

Enviado em 08/05/2009 - 08:51h

Se vc deu o comando "iptables -L" e a resposta foi "command not found" é pq o iptables não está instalado...

Existe o "iptables" e o "script do iptables" que são as regras que vc tem aí acima...

Para que seu script de iptables funcione, é necessário que o iptables esteja instalado...

Instale o iptables e tente rodar seu script.

Se vc não souber como instalar o iptables aqui vai uma dica:

Instale o gerenciador de pacotes "yumex"...

como root, digite: yum install yumex

Com esse gerenciador de pacotes, é só vc digitar iptables e clicar em "install"...

Falow

SMarcell
(usa Slackware)

Enviado em 08/05/2009 - 08:58h

/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/thor/bin

Tente isso, como root:

PATH=$PATH:/sbin

E tente rodar o script novamente.