eberga
(usa Ubuntu)
Enviado em 04/10/2011 - 19:10h
E ai rapazeada, é o seguinte. Configurei um servidor de firewall com proxy transparente em uma lan house, tudo esta funcionando corretamente, exceto um jogo que necessita conexão com servidor o Combat Arms.
A regra deve ser feita no FORWARD, quando o FORWARD é liberado (sudo iptables -P FORWARD ACCEPT) o jogo funciona normalmente, qdo executo meu script com as regras normais o jogo nao entra.
Segue as regras de FORWARD que estão no script:
##-----------------------------------
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#LIBERA PING
iptables -A FORWARD -p icmp -m icmp -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p icmp -m icmp -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --syn -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,FIN,RST RST -m limit --limit 1/s -j ACCEPT
#Libera somente as portas 80 e 443 direcionadaS
iptables -t nat -A PREROUTING -p tcp -s 10.1.1.0/255.255.255.0 -m multiport --dport 80,443 -j REDIRECT --to-port 3128
#LIBERA ACESSO WEB
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p tcp -m multiport --dport 80,443 -j ACCEPT
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p tcp --dport 3128 -j ACCEPT
iptables -A FORWARD -d 10.1.1.0/255.255.255.0 -p tcp --sport 80 -j ACCEPT
#LIBERA MSN
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p tcp --dport 1863 -j ACCEPT
# iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -d loginnet.passport.com -j ACCEPT
#LIBERA DNS
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -s 201.10.120.2 -d 10.1.1.0/255.255.255.0 -j ACCEPT
#LIBERA SMTP E POP3
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p tcp --dport 465 -j ACCEPT
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p tcp --dport 993 -j ACCEPT
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p tcp --dport 143 -j ACCEPT
#LIBERA SSH
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p tcp --dport 22 -j ACCEPT
iptables -A FORWARD -s 192.168.2.0/255.255.255.0 -p tcp --dport 22 -j ACCEPT
#LIBERA CHAT POR VOZ
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p tcp --dport 4106 -j ACCEPT
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p udp -m multiport --dport 4106,6100 -j ACCEPT
#LIBERA GTALK
iptables -A FORWARD -d talk.l.google.com -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -d chatenabled.mail.google.com -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -d talk.google.com -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -d talkx.l.google.com -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -d talk.l.google.com -p tcp --dport 5222 -j ACCEPT
iptables -A FORWARD -d chatenabled.mail.google.com -p tcp --dport 5222 -j ACCEPT
iptables -A FORWARD -d talk.google.com -p tcp --dport 5222 -j ACCEPT
iptables -A FORWARD -d talkx.l.google.com -p tcp --dport 5222 -j ACCEPT
#LIBERA SKYPE
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p tcp --dport 55017 -j ACCEPT
# Libera conexao servidores COMBAT ARMS
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p tcp --dport 10001 -j ACCEPT
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p tcp --dport 36567 -j ACCEPT
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p tcp --dport 47611 -j ACCEPT
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p udp --dport 27888 -j ACCEPT
iptables -A FORWARD -s 10.1.1.0/255.255.255.0 -p udp --dport 28888 -j ACCEPT
iptables -A FORWARD -s 200.229.60.91 -d 10.1.1.0/255.255.255.0 -j ACCEPT
iptables -A FORWARD -s 200.229.60.78 -d 10.1.1.0/255.255.255.0 -j ACCEPT
iptables -A FORWARD -s 200.229.60.77 -d 10.1.1.0/255.255.255.0 -j ACCEPT