Enviado em 10/09/2012 - 19:25h
Boa noite, estou com problema para acessar o msn em minha rede... estou com um servidor proxy e com um firewall, porem algo esta me bloqueando de acessar o msn... Meu squid é com autenticação e eu gostaria que alguns usuarios acessasem o msn e outro não.
meu SQUID esta assim:
#########################################
# Porta,Nome e Cache #
#########################################
http_port 3128
visible_hostname RSD
cache_mem 150 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 256 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
#########################################
# Paginas de bloqueio #
#########################################
error_directory /usr/share/squid3/errors/pt-br
#########################################
# Log #
#########################################
cache_access_log /var/log/squid3/access.log
cache_store_log /var/log/squid3/store.log
cache_log /var/log/squid3/cache.log
cache_dir ufs /var/spool/squid3 20000 16 256
#########################################
# Range de ip darede #
#########################################
acl redelocal src 192.168.10.254/24
#########################################
# ACLs #
#########################################
acl manager proto cache_object
acl localhost src 127.0.0.1/32
#acl SSL_ports port port 443 563
acl Safe_ports port 407 #msn
acl Safe_ports port 1863 #msn2
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # swat
acl Safe_ports port 1025-65535 # portas altas
acl purge method PURGE
acl CONNECT method CONNECT
#########################################
# Direitos de Acesso #
#########################################
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
########################################
# acesso java #
########################################
acl sitesespeciais url_regex -i www.tjms.jus.br
no_cache deny sitesespeciais
always_direct allow sitesespeciais
#acl java browser Java/1.4 Java/1.5 Java/1.6
#http_access allow java
#acl mp3 req_mime_type -i ^audio/mpeg$
#acl msn req_mime_type -i ^application/x-msn-messenger$
#acl zip req_mime_type -i ^application/x-zip-compressed$
#acl exe req_mime_type -i ^application/octet-stream$
#acl jpeg req_mime_type -i ^image/jpeg$
#acl bmp req_mime_type -i ^image/bmp$
#acl javascript req_mime_type -i ^application/x-javascript$
#########################################
# USANDO NCSA_AUTH #
#########################################
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd
auth_param basic realm Entre com o Usuario e Senha.
auth_param basic children 5
auth_param basic casesensitive off
acl autenticados proxy_auth REQUIRED
#########################################
# usuarios com tudo liberado #
#########################################
acl accesso_full proxy_auth "/etc/squid3/acessos/acesso_full"
http_access allow accesso_full
########################################
# controle de banda #
########################################
acl banda_boss proxy_auth "/etc/squid3/banda/boss"
acl banda_normal proxy_auth "/etc/squid3/banda/normal"
delay_pools 2
delay_class 1 2
delay_class 2 2
delay_access 1 allow banda_boss
delay_access 2 allow banda_normal
delay_parameters 1 -1/-1 -1/-1
delay_parameters 2 25000/25000 25000/25000
#########################################
# Bloqueios #
#########################################
acl bloquear_palavras url_regex -i "/etc/squid3/bloqueio/bloqueio_palavras"
#acl login_live url_regex -i login.live.com
#http_access allow login_live
#acl msn url_regex -i "/etc/squid3/bloqueio/bloqueio_msn"
#acl acesso_total proxy_auth -i "/etc/squid3/acessos/acesso_msn" #lista de usuários com acesso full e ao MSN
#http_access deny !acesso_total msn
acl msnmessenger url_regex -i gateway/gateway.dll? live.com msn.com msads.net atdmt.com serving-sys.com hotmail.com
acl MSN rep_mime_type -i ^application/x-msn-messenger$
#Usuarios com acesso ao MSN
acl commsn src "/etc/squid3/acessos/acesso_msn"
#Libera o acesso ao msn para os usuários do grupo "commsn"
http_access allow commsn MSN
http_access allow commsn msnmessenger
#sites de acesso ao msn
acl webmsn url_regex "/etc/squid3/bloqueio/bloqueio_msn"
#Libera o acesso aos sites de acesso ao msn para os usuários do grupo "commsn"
http_access allow commsn webmsn
#Fecha o acesso ao MSN e WEBMSN para os outros usuários
http_access deny MSN
http_access deny msnmessenger
http_access deny webmsn
#########################################
# BLOQUEIA ORKUT #
#########################################
acl bloquear_orkut url_regex -i "/etc/squid3/bloqueio/bloqueio_orkut"
acl acesso_orkut proxy_auth "/etc/squid3/acessos/acesso_orkut"
http_access deny bloquear_orkut !acesso_orkut
#########################################
# BLOQUEIA FACEBOOK #
#########################################
acl bloquear_facebook url_regex -i "/etc/squid3/bloqueio/bloqueio_facebook"
acl acesso_facebook proxy_auth "/etc/squid3/acessos/acesso_facebook"
http_access deny bloquear_facebook !acesso_facebook
#########################################
# BLOQUEIA TWITTER #
#########################################
acl bloquear_twitter url_regex -i "/etc/squid3/bloqueio/bloqueio_twitter"
acl acesso_twitter proxy_auth "/etc/squid3/acessos/acesso_twitter"
http_access deny bloquear_twitter !acesso_twitter
#########################################
##### BLOQUEIA GOOGLE TALK ##############
#########################################
acl bloquear_googletalk url_regex -i "/etc/squid3/bloqueio/bloqueio_googletalk"
acl acesso_googletalk proxy_auth "/etc/squid3/acessos/acesso_googletalk"
http_access deny bloquear_googletalk !acesso_googletalk
#########################################
# BLOQUEIA YOUTUBE #
#########################################
acl bloquear_youtube url_regex -i "/etc/squid3/bloqueio/bloqueio_youtube"
acl acesso_youtube proxy_auth "/etc/squid3/acessos/acesso_youtube"
http_access deny bloquear_youtube !acesso_youtube
acl sitesespeciais url_regex -i www.tjms.jus.br
no_cache deny sitesespeciais
always_direct allow sitesespeciais
http_access deny bloquear_palavras
http_access allow autenticados
http_access allow localhost
http_access allow redelocal
http_access deny allE meu firewall está assim
#!/bin/bash
#######################################################
# SCRIPT DE FIREWALL PARA FINS DE APRENDIZADO, MODIFIQUE-O A SEU GOSTO #
# Criado por phrich #
#######################################################
###################
# DECLARANDO VARIÁVEIS #
###################
# Interface de rede que recebe a internet
IFACE_WEB="eth0"
# Interface de rede ligada a rede interna
IFACE_LAN="eth1"
# Rede interna
REDE_INTERNA="192.168.10.254/24"
#####################################################################
# FUNÇÃO STOP #
# Esta função limpa todas as regras e libera todos os acessos, caso necessite de redirecionamentos (NAT) #
# Favor incluir as linhas referentes a nat, que não está incluso neste exemplo #
#####################################################################
# Cria a função
function stop() {
# Limpa todas as regras
iptables -F
iptables -t nat -F
iptables -t mangle -F
# Coloca as políticas padrões como ACCEPT, liberando todo e qualquer acesso
iptables -A INPUT -P ACCEPT
iptables -A OUTPUT -P ACCEPT
iptables -A FORWARD -P ACCEPT
# Habilita o roteamento no kernel #
echo 1 > /proc/sys/net/ipv4/ip_forward
# Compartilha a internet
iptables -t nat -A POSTROUTING -o $IFACE_WEB -j MASQUERADE
# Fecha a função
}
# FIM DA FUNÇÃO STOP #
####################################################################
# FUNÇÃO START #
# Esta função tem por finalidade setar as regras a fim de realizar as liberações, pois trabalharemos com #
# as políticas do iptables como DROP #
####################################################################
# Cria a função
function start () {
# Limpa as regras criadas anteriormente #
# Limpa a tabela filter
iptables -F
# Limpa a tabela nat
iptables -t nat -F
# Limpa a tabela mangle
iptables -t mangle -F
# Coloca as políticas padrões como DROP, ou seja nenhum acesso foi liberado #
#iptables -P INPUT DROP
#iptables -P OUTPUT DROP
#iptables -P FORWARD DROP
# Carrega módulos #
# Em alguns casos esses módulos serão úteis, realize uma pesquisa sobre cada um #
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe nf_conntrack_ipv4
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe nf_nat
/sbin/modprobe nf_conntrack
/sbin/modprobe x_tables
/sbin/modprobe nf_nat_pptp
# Habilita o roteamento no kernel #
echo 1 > /proc/sys/net/ipv4/ip_forward
# Compartilha a internet
iptables -t nat -A POSTROUTING -o $IFACE_WEB -j MASQUERADE
#############
# REGRAS DE NAT #
#############
# Acesso remoto via RDP para um host RWindows
iptables -t nat -A PREROUTING -i $IFACE_WEB -p tcp --dport 3389 -j REDIRECT --to 192.168.10.1:3389
###############
# REGRAS DE INPUT #
###############
# Libera o squid a partir da rede interna
iptables -A INPUT -p tcp --dport 5005 -s $LAN -j ACCEPT
# Libera SSH Apenas para a rede interna
iptables -A INPUT -p tcp --dport 22 -s $LAN -j ACCEPT
################
# FIREWALL #
################
iptables -A FORWARD -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 3128 -j ACCEPT
iptables -A FORWARD -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED --dport 3128 -j ACCEPT
#################
# CERTIFICADO #
#################
#iptables -A FORWARD -p tcp --dport 443 -j ACCEPT
#iptables -A FORWARD -p udp --dport 443 -j ACCEPT
#iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
#iptables -A OUTPUT -p udp --dport 443 -j ACCEPT
#iptables -A INPUT -p tcp --dport 443 -j ACCEPT
#iptables -A INPUT -p udp --dport 443 -j ACCEPT
################
# REGRAS DE OUTPUT #
################
# Libera as portas 80 e 443 apenas para localhost
iptables -A OUTPUT -p tcp -m multiport --dports 80,443,1863 -j ACCEPT
# Libera DNS apenas para localhost
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
# Libera FTP para localhost (muito útil para o apt-get, yum, etc)
iptables -A OUTPUT -p tcp -m multiport --dports 20,21 -j ACCEPT
iptables -A OUTPUT -p udp -m multiport --dports 20,21 -j ACCEPT
#################
# REGRAS DE FORWARD #
#################
# Libera o acesso a clientes de email, pop e smtp
iptables -A FORWARD -p tcp -m multiport --dports 25,110 -j ACCEPT
# Fecha a função
}
# FIM DA FUNÇÃO START #
############################
# CRIANDO OS PARÂMETROS DO SCRIPT #
############################
#Aqui serão definidos os parâmetros:
# start = Ativa todas as regras, realizando os bloqueios e liberações
# stop = Limpa todoas as regras, "libera geral" ;-)
#restart = Carrega novas regras inseridas posteriormente
case $1 in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo "Erro, utilize os seguintes parâmetros: start | stop | restart"
exit 0
;;
esac
# FIM DO SCRIPT DE FIREWALL #QUANDO TENTO LOGAR APARECE O SEGUINTE ERRO:
1347315638.695 1197 192.168.10.12 TCP_MISS/200 6643 POST http://gateway.messenger.hotmail.com/gateway/gateway.dll? renatodias DIRECT/65.55.64.254 application/x-msn-messenger
1347315639.294 554 192.168.10.12 TCP_MISS/200 382 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315641.309 552 192.168.10.12 TCP_MISS/200 381 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315643.323 551 192.168.10.12 TCP_MISS/200 383 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315645.336 554 192.168.10.12 TCP_MISS/200 382 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315647.353 558 192.168.10.12 TCP_MISS/200 382 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315649.357 550 192.168.10.12 TCP_MISS/200 383 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315651.394 575 192.168.10.12 TCP_MISS/200 383 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315653.391 559 192.168.10.12 TCP_MISS/200 383 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315655.393 550 192.168.10.12 TCP_MISS/200 382 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315657.411 554 192.168.10.12 TCP_MISS/200 383 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315659.430 561 192.168.10.12 TCP_MISS/200 383 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315659.841 0 192.168.10.12 TCP_DENIED/407 3597 POST http://ssw.live.com/uploaddata.aspx - NONE/- text/htmlMeu msn eh o WLM o proxy jah esta configurado nele e quando eu mando ele solucionar o problema ele aparece q o servidor proxy esta OK... Soh esta dando erro na portas principais...
Alguem poderia me dar uma luz?
meu SQUID esta assim:
#########################################
# Porta,Nome e Cache #
#########################################
http_port 3128
visible_hostname RSD
cache_mem 150 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 256 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
#########################################
# Paginas de bloqueio #
#########################################
error_directory /usr/share/squid3/errors/pt-br
#########################################
# Log #
#########################################
cache_access_log /var/log/squid3/access.log
cache_store_log /var/log/squid3/store.log
cache_log /var/log/squid3/cache.log
cache_dir ufs /var/spool/squid3 20000 16 256
#########################################
# Range de ip darede #
#########################################
acl redelocal src 192.168.10.254/24
#########################################
# ACLs #
#########################################
acl manager proto cache_object
acl localhost src 127.0.0.1/32
#acl SSL_ports port port 443 563
acl Safe_ports port 407 #msn
acl Safe_ports port 1863 #msn2
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # swat
acl Safe_ports port 1025-65535 # portas altas
acl purge method PURGE
acl CONNECT method CONNECT
#########################################
# Direitos de Acesso #
#########################################
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
########################################
# acesso java #
########################################
acl sitesespeciais url_regex -i www.tjms.jus.br
no_cache deny sitesespeciais
always_direct allow sitesespeciais
#acl java browser Java/1.4 Java/1.5 Java/1.6
#http_access allow java
#acl mp3 req_mime_type -i ^audio/mpeg$
#acl msn req_mime_type -i ^application/x-msn-messenger$
#acl zip req_mime_type -i ^application/x-zip-compressed$
#acl exe req_mime_type -i ^application/octet-stream$
#acl jpeg req_mime_type -i ^image/jpeg$
#acl bmp req_mime_type -i ^image/bmp$
#acl javascript req_mime_type -i ^application/x-javascript$
#########################################
# USANDO NCSA_AUTH #
#########################################
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd
auth_param basic realm Entre com o Usuario e Senha.
auth_param basic children 5
auth_param basic casesensitive off
acl autenticados proxy_auth REQUIRED
#########################################
# usuarios com tudo liberado #
#########################################
acl accesso_full proxy_auth "/etc/squid3/acessos/acesso_full"
http_access allow accesso_full
########################################
# controle de banda #
########################################
acl banda_boss proxy_auth "/etc/squid3/banda/boss"
acl banda_normal proxy_auth "/etc/squid3/banda/normal"
delay_pools 2
delay_class 1 2
delay_class 2 2
delay_access 1 allow banda_boss
delay_access 2 allow banda_normal
delay_parameters 1 -1/-1 -1/-1
delay_parameters 2 25000/25000 25000/25000
#########################################
# Bloqueios #
#########################################
acl bloquear_palavras url_regex -i "/etc/squid3/bloqueio/bloqueio_palavras"
#acl login_live url_regex -i login.live.com
#http_access allow login_live
#acl msn url_regex -i "/etc/squid3/bloqueio/bloqueio_msn"
#acl acesso_total proxy_auth -i "/etc/squid3/acessos/acesso_msn" #lista de usuários com acesso full e ao MSN
#http_access deny !acesso_total msn
acl msnmessenger url_regex -i gateway/gateway.dll? live.com msn.com msads.net atdmt.com serving-sys.com hotmail.com
acl MSN rep_mime_type -i ^application/x-msn-messenger$
#Usuarios com acesso ao MSN
acl commsn src "/etc/squid3/acessos/acesso_msn"
#Libera o acesso ao msn para os usuários do grupo "commsn"
http_access allow commsn MSN
http_access allow commsn msnmessenger
#sites de acesso ao msn
acl webmsn url_regex "/etc/squid3/bloqueio/bloqueio_msn"
#Libera o acesso aos sites de acesso ao msn para os usuários do grupo "commsn"
http_access allow commsn webmsn
#Fecha o acesso ao MSN e WEBMSN para os outros usuários
http_access deny MSN
http_access deny msnmessenger
http_access deny webmsn
#########################################
# BLOQUEIA ORKUT #
#########################################
acl bloquear_orkut url_regex -i "/etc/squid3/bloqueio/bloqueio_orkut"
acl acesso_orkut proxy_auth "/etc/squid3/acessos/acesso_orkut"
http_access deny bloquear_orkut !acesso_orkut
#########################################
# BLOQUEIA FACEBOOK #
#########################################
acl bloquear_facebook url_regex -i "/etc/squid3/bloqueio/bloqueio_facebook"
acl acesso_facebook proxy_auth "/etc/squid3/acessos/acesso_facebook"
http_access deny bloquear_facebook !acesso_facebook
#########################################
# BLOQUEIA TWITTER #
#########################################
acl bloquear_twitter url_regex -i "/etc/squid3/bloqueio/bloqueio_twitter"
acl acesso_twitter proxy_auth "/etc/squid3/acessos/acesso_twitter"
http_access deny bloquear_twitter !acesso_twitter
#########################################
##### BLOQUEIA GOOGLE TALK ##############
#########################################
acl bloquear_googletalk url_regex -i "/etc/squid3/bloqueio/bloqueio_googletalk"
acl acesso_googletalk proxy_auth "/etc/squid3/acessos/acesso_googletalk"
http_access deny bloquear_googletalk !acesso_googletalk
#########################################
# BLOQUEIA YOUTUBE #
#########################################
acl bloquear_youtube url_regex -i "/etc/squid3/bloqueio/bloqueio_youtube"
acl acesso_youtube proxy_auth "/etc/squid3/acessos/acesso_youtube"
http_access deny bloquear_youtube !acesso_youtube
acl sitesespeciais url_regex -i www.tjms.jus.br
no_cache deny sitesespeciais
always_direct allow sitesespeciais
http_access deny bloquear_palavras
http_access allow autenticados
http_access allow localhost
http_access allow redelocal
http_access deny all
#!/bin/bash
#######################################################
# SCRIPT DE FIREWALL PARA FINS DE APRENDIZADO, MODIFIQUE-O A SEU GOSTO #
# Criado por phrich #
#######################################################
###################
# DECLARANDO VARIÁVEIS #
###################
# Interface de rede que recebe a internet
IFACE_WEB="eth0"
# Interface de rede ligada a rede interna
IFACE_LAN="eth1"
# Rede interna
REDE_INTERNA="192.168.10.254/24"
#####################################################################
# FUNÇÃO STOP #
# Esta função limpa todas as regras e libera todos os acessos, caso necessite de redirecionamentos (NAT) #
# Favor incluir as linhas referentes a nat, que não está incluso neste exemplo #
#####################################################################
# Cria a função
function stop() {
# Limpa todas as regras
iptables -F
iptables -t nat -F
iptables -t mangle -F
# Coloca as políticas padrões como ACCEPT, liberando todo e qualquer acesso
iptables -A INPUT -P ACCEPT
iptables -A OUTPUT -P ACCEPT
iptables -A FORWARD -P ACCEPT
# Habilita o roteamento no kernel #
echo 1 > /proc/sys/net/ipv4/ip_forward
# Compartilha a internet
iptables -t nat -A POSTROUTING -o $IFACE_WEB -j MASQUERADE
# Fecha a função
}
# FIM DA FUNÇÃO STOP #
####################################################################
# FUNÇÃO START #
# Esta função tem por finalidade setar as regras a fim de realizar as liberações, pois trabalharemos com #
# as políticas do iptables como DROP #
####################################################################
# Cria a função
function start () {
# Limpa as regras criadas anteriormente #
# Limpa a tabela filter
iptables -F
# Limpa a tabela nat
iptables -t nat -F
# Limpa a tabela mangle
iptables -t mangle -F
# Coloca as políticas padrões como DROP, ou seja nenhum acesso foi liberado #
#iptables -P INPUT DROP
#iptables -P OUTPUT DROP
#iptables -P FORWARD DROP
# Carrega módulos #
# Em alguns casos esses módulos serão úteis, realize uma pesquisa sobre cada um #
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe nf_conntrack_ipv4
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe nf_nat
/sbin/modprobe nf_conntrack
/sbin/modprobe x_tables
/sbin/modprobe nf_nat_pptp
# Habilita o roteamento no kernel #
echo 1 > /proc/sys/net/ipv4/ip_forward
# Compartilha a internet
iptables -t nat -A POSTROUTING -o $IFACE_WEB -j MASQUERADE
#############
# REGRAS DE NAT #
#############
# Acesso remoto via RDP para um host RWindows
iptables -t nat -A PREROUTING -i $IFACE_WEB -p tcp --dport 3389 -j REDIRECT --to 192.168.10.1:3389
###############
# REGRAS DE INPUT #
###############
# Libera o squid a partir da rede interna
iptables -A INPUT -p tcp --dport 5005 -s $LAN -j ACCEPT
# Libera SSH Apenas para a rede interna
iptables -A INPUT -p tcp --dport 22 -s $LAN -j ACCEPT
################
# FIREWALL #
################
iptables -A FORWARD -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 3128 -j ACCEPT
iptables -A FORWARD -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED --dport 3128 -j ACCEPT
#################
# CERTIFICADO #
#################
#iptables -A FORWARD -p tcp --dport 443 -j ACCEPT
#iptables -A FORWARD -p udp --dport 443 -j ACCEPT
#iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
#iptables -A OUTPUT -p udp --dport 443 -j ACCEPT
#iptables -A INPUT -p tcp --dport 443 -j ACCEPT
#iptables -A INPUT -p udp --dport 443 -j ACCEPT
################
# REGRAS DE OUTPUT #
################
# Libera as portas 80 e 443 apenas para localhost
iptables -A OUTPUT -p tcp -m multiport --dports 80,443,1863 -j ACCEPT
# Libera DNS apenas para localhost
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
# Libera FTP para localhost (muito útil para o apt-get, yum, etc)
iptables -A OUTPUT -p tcp -m multiport --dports 20,21 -j ACCEPT
iptables -A OUTPUT -p udp -m multiport --dports 20,21 -j ACCEPT
#################
# REGRAS DE FORWARD #
#################
# Libera o acesso a clientes de email, pop e smtp
iptables -A FORWARD -p tcp -m multiport --dports 25,110 -j ACCEPT
# Fecha a função
}
# FIM DA FUNÇÃO START #
############################
# CRIANDO OS PARÂMETROS DO SCRIPT #
############################
#Aqui serão definidos os parâmetros:
# start = Ativa todas as regras, realizando os bloqueios e liberações
# stop = Limpa todoas as regras, "libera geral" ;-)
#restart = Carrega novas regras inseridas posteriormente
case $1 in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo "Erro, utilize os seguintes parâmetros: start | stop | restart"
exit 0
;;
esac
# FIM DO SCRIPT DE FIREWALL #
1347315638.695 1197 192.168.10.12 TCP_MISS/200 6643 POST http://gateway.messenger.hotmail.com/gateway/gateway.dll? renatodias DIRECT/65.55.64.254 application/x-msn-messenger
1347315639.294 554 192.168.10.12 TCP_MISS/200 382 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315641.309 552 192.168.10.12 TCP_MISS/200 381 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315643.323 551 192.168.10.12 TCP_MISS/200 383 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315645.336 554 192.168.10.12 TCP_MISS/200 382 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315647.353 558 192.168.10.12 TCP_MISS/200 382 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315649.357 550 192.168.10.12 TCP_MISS/200 383 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315651.394 575 192.168.10.12 TCP_MISS/200 383 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315653.391 559 192.168.10.12 TCP_MISS/200 383 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315655.393 550 192.168.10.12 TCP_MISS/200 382 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315657.411 554 192.168.10.12 TCP_MISS/200 383 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315659.430 561 192.168.10.12 TCP_MISS/200 383 POST http://65.55.71.160/gateway/gateway.dll? renatodias DIRECT/65.55.71.160 application/x-msn-messenger
1347315659.841 0 192.168.10.12 TCP_DENIED/407 3597 POST http://ssw.live.com/uploaddata.aspx - NONE/- text/html
Alguem poderia me dar uma luz?