mn.2192
(usa Slackware)
Enviado em 21/07/2010 - 09:46h
Olá!
Estou tentando liberar e desviar a porta 8000 mas não funciona.A seguir meu firewall.
### Variaveis de interface
INT=eth0
EXT=ppp0
echo "Activating Firewall rules."
#### Exclui todas as regras
iptables -t nat -F
iptables -t mangle -F
iptables -t filter -F
### Exclui cadeias customizadas
iptables -X
### Zera os contadores das cadeias
iptables -t nat -Z
iptables -t mangle -Z
iptables -t filter -Z
### Define politica padrao do firewall
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
### Regras PREROUTING
iptables -t nat -A PREROUTING -i $EXT -p tcp --dport 4899 -j DNAT --to 192.168.1.201
#iptables -t nat -A PREROUTING -i $EXT -s $NEXO -p tcp --dport 3389 -j DNAT --to 192.168.1.201
#iptables -t nat -A PREROUTING -i $EXT -p tcp --dport 4899 -j DNAT --to 192.168.1.201
iptables -t nat -A PREROUTING -i $EXT -p tcp --dport 21 -j DNAT --to 192.168.1.201
iptables -t nat -A PREROUTING -i $EXT -p tcp --dport 80 -j DNAT --to 192.168.1.201
iptables -t nat -A PREROUTING -i $EXT -p tcp --dport 3389 -j DNAT --to 192.168.1.201
#iptables -t nat -A PREROUTING -i $EXT -p tcp --dport 81 -j DNAT --to 192.168.1.54
iptables -t nat -A PREROUTING -i $EXT -p tcp --dport 13 -j DNAT --to 192.168.1.17
iptables -t nat -A PREROUTING -i $EXT -p tcp --dport 5900 -j DNAT --to 192.168.1.14
iptables -t nat -A PREROUTING -i $EXT -p tcp --dport 8081 -j DNAT --to 192.168.1.201
iptables -t nat -A PREROUTING -i $EXT -p tcp --dport 443 -j DNAT --to 192.168.1.201
iptables -t nat -A PREROUTING -i $EXT -s 200.255.122.123 -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.6:8080
iptables -t nat -A PREROUTING -i $EXT -p tcp --dport 8080 -j DNAT --to 192.168.1.201
iptables -t nat -A PREROUTING -i $EXT -p tcp --dport 666 -j DNAT --to 192.168.1.11
#Controle de desenvolvimento de softwares
iptables -t nat -A PREROUTING -i $EXT -p tcp --dport 8000 -j DNAT --to 192.168.1.50
##ACESSO REMOTO - PROSOFT
iptables -t nat -A PREROUTING -i $EXT -p tcp --dport 35103 -j DNAT --to 192.168.1.9
iptables -t nat -A PREROUTING -i $EXT -p tcp --dport 35104 -j DNAT --to 192.168.1.201
# Regras INPUT
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i $EXT -p icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -i $EXT -p icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -i $INT -p icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -i $INT -p icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -i $INT -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -i $INT -p tcp --dport 8110 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i $EXT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i $INT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i $INT -p udp --dport 1026 -j ACCEPT
iptables -A INPUT -i $EXT -p tcp --dport 81 -j ACCEPT
iptables -A INPUT -i $EXT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -i $EXT -p tcp --dport 8081 -j ACCEPT
iptables -A INPUT -i $EXT -p tcp --dport 8000 -j ACCEPT
iptables -A INPUT -i $INT -p tcp --dport 8000 -j ACCEPT
iptables -A INPUT -i $EXT -p udp --dport 8000 -j ACCEPT
iptables -A INPUT -i $INT -p udp --dport 8000 -j ACCEPT
## Regras FORWARD
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -p icmp -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -p tcp --dport 587 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -p tcp --dport 4899 -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -p tcp --dport 3960 -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -p tcp --dport 3389 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -p tcp --dport 81 -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -p tcp --dport 8080 -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -p tcp --dport 13 -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -p tcp --dport 5900 -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -p tcp --dport 8081 -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -p tcp --dport 35103 -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -p tcp --dport 35104 -j ACCEPT
iptables -A FORWARD -p tcp --dport 8080 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1935 -j ACCEPT
iptables -A FORWARD -p tcp --dport 22 -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -p tcp --dport 8000 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -p tcp --dport 8000 -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -p udp --dport 8000 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -p udp --dport 8000 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -p tcp --dport 666 -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -p tcp --dport 666 -j ACCEPT
## PORTAS ALTAS - SKYPE
iptables -A FORWARD -i $INT -o $EXT -p tcp --dport 1024: -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -p udp --dport 1024: -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -p tcp --dport 1024: -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -p udp --dport 1024: -j ACCEPT
#VIDEOS DA PROSOFT
iptables -A FORWARD -i $INT -o $EXT -p tcp --dport 554 -j ACCEPT
## FTP SITE PROSOFT
#iptables -A FORWARD -i $INT -o $EXT -d ftp.prosoft.com.br -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -d 200.234.196.24 -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -d 200.234.196.3 -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -d ftp.office2.com.br -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -d 200.215.177.157 -p tcp --dport 21 -j ACCEPT
## WEBMAIL
#iptables -A FORWARD -i $INT -o $EXT -d smtp.prosoftsudoeste.com.br -p tcp --dport 25 -j ACCEPT
#iptables -A FORWARD -i $INT -o $EXT -d pop.prosoftsudoeste.com.br -p tcp --dport 587 -j ACCEPT
## FTP OFFICE22
iptables -A FORWARD -i $INT -o $EXT -d 200.215.177.150 -p tcp --dport 21 -j ACCEPT
## FTP RPSCONTABIL
iptables -A FORWARD -i $INT -o $EXT -d 66.197.178.69 -p tcp --dport 21 -j ACCEPT
## WINDOWS MEDIA PLAYER (VIDEOS PROSOFT)
iptables -A FORWARD -i $INT -o $EXT -d 200.215.0.0/16 -j ACCEPT
iptables -A FORWARD -i $EXT -o $INT -d 200.215.0.0/16 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -d 201.0.0.0/8 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -d 221.5.251.243 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -d 200.215.177.150 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i $INT -o $EXT -d 200.215.177.154 -p tcp --dport 80 -j ACCEPT
## PROGRAMA DA EMBRATEL
iptables -A FORWARD -d 200.255.122.123 -p tcp --dport 8080 -j ACCEPT
## MIRC
iptables -A FORWARD -i $INT -o $EXT -s 192.168.1.36 -p tcp --dport 6665:7000 -j ACCEPT
### Regras OUTPUT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
### Regras POSTROUTING
iptables -t nat -A POSTROUTING -o $EXT -j MASQUERADE #FAZ NAT DOS PACOTES SAINDO...