DMZ não funciona com PPPoe e na rede interna sim! [RESOLVIDO]

1. DMZ não funciona com PPPoe e na rede interna sim! [RESOLVIDO]

Andre Fortunato
fnxxr

(usa Ubuntu)

Enviado em 22/05/2014 - 15:36h

Boa Tarde galera estou esbarrando em um problema aqui que ta complicado..

Montei um roteador Ubuntu server que é proxy também,

Minha rede onde fiz os teste é Net, a do cliente onde ele vai ficar e Speedy

O problema que tenho que fazer um apontamento de porta para um ip (DMZ) porta 5900, 5800, 11965, 3389, apontado para o ip 192.168.0.100

na rede interna aqui que é NET funciona o DMZ, quando levo no cliente onde é Speedy não conecta.

segue minhas configs de iptables e interfaces.

eth0 Link encap:Ethernet Endereço de HW c8:3a:35:da:24:7b
inet end.: 192.168.1.1 Bcast:192.168.1.255 Masc:255.255.255.0
endereço inet6: fe80::ca3a:35ff:feda:247b/64 Escopo:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Métrica:1
pacotes RX:1570 erros:0 descartados:0 excesso:0 quadro:0
Pacotes TX:1389 erros:0 descartados:0 excesso:0 portadora:0
colisões:0 txqueuelen:1000
RX bytes:963608 (963.6 KB) TX bytes:214164 (214.1 KB)

eth1 Link encap:Ethernet Endereço de HW 74:d0:2b:34:8b:19
inet end.: 192.168.0.1 Bcast:192.168.0.255 Masc:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Métrica:1
pacotes RX:0 erros:0 descartados:0 excesso:0 quadro:0
Pacotes TX:0 erros:0 descartados:0 excesso:0 portadora:0
colisões:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

lo Link encap:Loopback Local
inet end.: 127.0.0.1 Masc:255.0.0.0
endereço inet6: ::1/128 Escopo:Máquina
UP LOOPBACK RUNNING MTU:65536 Métrica:1
pacotes RX:32 erros:0 descartados:0 excesso:0 quadro:0
Pacotes TX:32 erros:0 descartados:0 excesso:0 portadora:0
colisões:0 txqueuelen:0
RX bytes:2368 (2.3 KB) TX bytes:2368 (2.3 KB)

e tem a ppp0 que é na verdade a eth0

---------------------------------------------------------------------------------------

#This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.1
netmask 255.255.255.0

auto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf
provider dsl-provider

auto eth1
iface eth1 inet static

address 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0

----------------------------------------------------------------------------------------
iptables_start(){
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t filter -F
iptables -t filter -X
iptables -t mangle -F
iptables -t mangle -X

modprobe ip_tables
modprobe iptable_nat
modprobe ip_conntrack

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
################################################################
#ATIVA REGRA SQUID

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo "1" < /proc/sys/net/ipv4/tcp_syncookies
echo "0" > /proc/sys/net/ipv4/conf/eth0/accept_source_route
echo "0" > /proc/sys/net/ipv4/conf/eth1/accept_source_route
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

#################################################################
#LIBERA ACESSO PARA REDE
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --syn -s 192.168.0.0/255.255.255.0 -j ACCEPT
#################################################################
iptables -A FORWARD -p tcp -s 192.168.0.0 --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0 --dport 111 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0 --dport 113 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0 --dport 143 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0 --dport 465 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0 --dport 587 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0 --dport 993 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0 --dport 995 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0 --dport 25 -j ACCEPT

#DMZ - apontamento de portas para ip

iptables -A INPUT -p tcp --destination-port 3389 -j ACCEPT
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 3389 -j DNAT --to-destination 192.168.0.100:3389
iptables -A FORWARD -p tcp -i ppp0 --dport 3389 -d 192.168.0.100 -j ACCEPT

iptables -A INPUT -p tcp --destination-port 5900 -j ACCEPT
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.100:5900
iptables -A FORWARD -p tcp -i ppp0 --dport 5900 -d 192.168.0.100 -j ACCEPT

iptables -A INPUT -p tcp --destination-port 5800 -j ACCEPT
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 5800 -j DNAT --to-destination 192.168.0.100:5800
iptables -A FORWARD -p tcp -i ppp0 --dport 5800 -d 192.168.0.100 -j ACCEPT

iptables -A INPUT -p tcp --destination-port 11965 -j ACCEPT
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 11965 -j DNAT --to-destination 192.168.0.100:11965
iptables -A FORWARD -p tcp -i ppp0 --dport 11965 -d 192.168.0.100 -j ACCEPT
#DMZ

iptables -I FORWARD -m string --algo bm --string "facebook" -j DROP
iptables -I FORWARD -m string --algo bm --string "twitter" -j DROP
#################################################################
#FINALIZA ARQUIVO
#################################################################
#################################################################
#REGRAS DE EXCESSÃ(ACESSO LIVRE DO FIREWALL) Permite aceeso sem passar pelas regras
#################################################################
iptables -t nat -I PREROUTING 1 -p tcp -s 192.168.0.100 --dport 1:65334 -j ACCEPT
#################################################################

echo 1 > /proc/sys/net/ipv4/ip_forward

}

iptables_stop(){
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
}

case "$1" in
"start")
iptables_start
;;
"stop")
iptables_stop
echo "O iptables esta sendo desativado"
sleep 2
echo "ok"
;;
"restart")
echo "O iptables esta sendo desativado"\e sleep 1
echo "ok"
iptables_stop; iptables_start
;;
*)
iptables -L -n
esac





  


2. Re: DMZ não funciona com PPPoe e na rede interna sim! [RESOLVIDO]

Andre Fortunato
fnxxr

(usa Ubuntu)

Enviado em 27/05/2014 - 14:55h

consegui resolver o problema, usei o redir mais facil...






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts