Iptables esta barrando acesso ao http e https

removido
(usa Nenhuma)

Enviado em 12/10/2009 - 02:39h

ae galera fmz?

estou com problemas com meu script de firewall, o problema que esta dando e esta me deixando louco, é que mesmo aplicando a regra para aceitar a entrada e saida de dados http e https, eu permaneço conectado, porem acontece sempre um erro na conexao quando tento entrar em um site, me deem uma luz!!

abaixo o firewall

######################################

#limpando regras e politica padrao
iptables -F
iptables -X

echo "carregando modulos"
# Ativar modulos iptables
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe ipt_LOG
modprobe ipt_REJECT
modprobe ipt_MASQUERADE

echo ".........[ OK ]"
####################################################
echo "aplicando politica padrao"
iptables -P INPUT DROP
iptables -P OUTPUT DROP
echo "....OK"
###########################################

echo "liberando acesso http"
iptables -A INPUT -i eth0 -p tcp -m multiport --destination-port 8080,80,443 -j ACCEPT
iptables -A INPUT -i eth0 -p udp -m multiport --destination-port 8080,443 -j ACCEPT
iptables -A OUTPUT -p tcp -m multiport --destination-port 8080,80,443 -j ACCEPT
iptables -A OUTPUT -p udp -m multiport --destination-port 8080,443 -j ACCEPT

echo "https ................................................[ OK ]"

########################################################
#liberar msn
iptables -A INPUT -p tcp -m multiport --dport 6891,1863,6901,6891 -j ACCEPT
iptables -A INPUT -p udp -m multiport --dport 6891,1863,6901,6891 -j ACCEPT

iptables -A OUTPUT -p tcp -m multiport --dport 6891,1863,6901,6891 -j ACCEPT
iptables -A OUTPUT -p udp -m multiport --dport 6891,1863,6901,6891 -j ACCEPT

####################################################

echo "proteger contra scans, ping of death e etc"

######################Protege contra pacotes danificados
#Portscanners, Ping of Death, ataques DoS, Syb-flood e Etc
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT --protocol tcp --tcp-flags ALL SYN,ACK -j DROP
echo 1 > /proc/sys/neiptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPTt/ipv4/tcp_syncookies
iptables -A INPUT -p tcp -m limit --limit 1/s -j ACCEPT
#
echo ".........OK"

#######################################

echo "ignorar ping"
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo ".....OK"
######################

# Proteção contra IP spoofing
# -------------------------------------------------------
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
################

gesousa
(usa Ubuntu)

Enviado em 12/10/2009 - 04:27h

a porta dns 53 está liberada ? qual a resposta do ping ?

removido
(usa Nenhuma)

Enviado em 12/10/2009 - 14:05h

ae valew cara, eu eskeci de configurar a porta 53 xD, alias ela ate tava mas so a entrada a saida estava blokeada

valew