Denuncie   Favoritos   Indicar  

Firewall / Squid Autenticado (msnt_auth)

1. Firewall / Squid Autenticado (msnt_auth)

Henrique de Almeida Ribeiro
hrq22
(usa Ubuntu)

Enviado em 31/03/2009 - 10:16h

E ai galera, preciso de uma ajuda.

Eu uso iptables pra configurar o firewall e tambem o squid com autenticaçao no AD usando o msnt_auth. Pois bem, quando rodo o firewall a autenticaçao para de funcionar mas, quando limpo as regras do firewall a autenticaçao funciona normalmente.

Alguem pode me dar uma dica de uma regra que eu possa colocar no firewall para que ele libere a autenticaçao no squid?

0 0
  • Quote

    •   


    2. Re: Firewall / Squid Autenticado (msnt_auth)

    Julian Castaman
    maninhx
    (usa Slackware)

    Enviado em 02/04/2009 - 13:44h

    coloca teu firwall para darmos uma olhada.

    0 0
  • Quote

    • 3. Firewall

    Henrique de Almeida Ribeiro
    hrq22
    (usa Ubuntu)

    Enviado em 02/04/2009 - 14:30h

    #!/bin/bash

    #LIMPANDO TODAS AS CHAIN
    echo "***Limpando todas as REGRAS***"
    iptables -F
    sleep 2

    #ATRIBUINDO UMA REGRA PADRAO PARA BLOQUEAR TODO O TRAFEGO DE E/S DA PLACA DE REDE
    echo "***Bloqueando a chain FORWARD***"
    iptables -P FORWARD DROP
    sleep 2

    #ATRIBUINDO UMA REGRA PADRAO PARA BLOQUEAR TODO O TRAFEGO QUE ENTRA NA PLACA DE REDE
    echo "***Bloqueando a chain INPUT***"
    iptables -P INPUT DROP
    sleep 2

    #ATRIBUINDO UMA REGRA PADRAO PARA BLOQUEAR TODO O TRAFEGO QUE SAI NA PLACA DE REDE
    echo "***Bloqueando a chain OUTPUT***"
    iptables -P OUTPUT DROP
    sleep 2

    #ATIVANDO O ENCAMINHAMENTO DE PACOTES
    echo "***Ativando o ENCAMINHAMENTO de pacotes***"
    echo "1" > /proc/sys/net/ipv4/ip_forward
    sleep 2

    #REDIRECIONANDO O RDP DO WINDOWS 2003
    echo "***Redirecionando o Remote Desktop***"
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT --to 172.23.0.1:3389

    #MASCARANDO A REDE
    echo "***Mascarando a REDE***"
    iptables -t nat -A POSTROUTING -o eth0 -s 172.23.0.0/16 -j MASQUERADE
    iptables -t nat -A POSTROUTING -o eth0 -s 201.63.91.116 -j MASQUERADE
    iptables -t nat -A POSTROUTING -o eth0 -d 201.63.91.116 -j MASQUERADE

    sleep 2

    #ABRINDO SSH
    echo "***Habilitando conexao SSH***"
    iptables -t filter -A INPUT -p tcp -m tcp -i eth0 --dport 22 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -m tcp -i eth0 --sport 22 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -m tcp -i eth1 --dport 22 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -m tcp -i eth1 --sport 22 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -m tcp -o eth0 --dport 22 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -m tcp -o eth0 --sport 22 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -m tcp -o eth1 --dport 22 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -m tcp -o eth1 --sport 22 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -m tcp --dport 22 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -m tcp --sport 22 -j ACCEPT
    sleep 2

    #LIBERAR ICMP
    echo "***Liberando PING***"
    iptables -t filter -A INPUT -p icmp -m icmp -i eth0 --icmp-type 8 -j ACCEPT
    iptables -t filter -A INPUT -p icmp -m icmp -i eth0 --icmp-type 0 -j ACCEPT
    iptables -t filter -A INPUT -p icmp -m icmp -i eth1 --icmp-type 8 -j ACCEPT
    iptables -t filter -A INPUT -p icmp -m icmp -i eth1 --icmp-type 0 -j ACCEPT

    iptables -t filter -A OUTPUT -p icmp -m icmp -o eth0 --icmp-type 8 -j ACCEPT
    iptables -t filter -A OUTPUT -p icmp -m icmp -o eth0 --icmp-type 0 -j ACCEPT
    iptables -t filter -A OUTPUT -p icmp -m icmp -o eth1 --icmp-type 8 -j ACCEPT
    iptables -t filter -A OUTPUT -p icmp -m icmp -o eth1 --icmp-type 0 -j ACCEPT

    iptables -t filter -A FORWARD -p icmp -m icmp --icmp-type 8 -j ACCEPT
    iptables -t filter -A FORWARD -p icmp -m icmp --icmp-type 0 -j ACCEPT
    echo "***PING OK ***"

    #ABRINDO HTTP (80), DNS (53), PROXY (3128), HTTPS (443), SMTP (501), POP3 (502)
    echo "***Habilitando HTTP, DNS, PROXY, HTTPS, SMTP, POP3, FTP,***"

    #TCP
    echo "***TCP OK***"

    iptables -t filter -A INPUT -p tcp -i eth0 --dport 3128 -j DROP
    iptables -t filter -A INPUT -p tcp -i eth0 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth0 -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth0 -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth0 -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -i eth0 --dport 501 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -i eth0 --dport 502 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -i eth0 --dport 501 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -i eth0 --dport 502 -j ACCEPT


    iptables -t filter -A INPUT -p tcp -i eth1 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth1 -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth1 -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth1 -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -i eth1 --dport 501 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -i eth1 --dport 502 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -i eth1 --dport 501 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -i eth1 --dport 502 -j ACCEPT


    iptables -t filter -A INPUT -p tcp -i eth0 -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth0 -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth0 -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth0 -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -i eth0 --sport 501 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -i eth0 --sport 502 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -i eth0 --sport 501 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -i eth0 --sport 502 -j ACCEPT

    iptables -t filter -A INPUT -p tcp -i eth1 -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth1 -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth1 -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -i eth1 -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -i eth1 --sport 501 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -i eth1 --sport 502 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -i eth1 --sport 501 -j ACCEPT
    iptables -t filter -A INPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -i eth1 --sport 502 -j ACCEPT

    #UDP
    echo "***UDP OK***"
    iptables -t filter -A INPUT -p udp -i eth0 --dport 3128 -j DROP
    iptables -t filter -A INPUT -p udp -i eth0 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth0 -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth0 -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth0 -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -i eth0 --dport 501 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -i eth0 --dport 502 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -i eth0 --dport 501 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -i eth0 --dport 502 -j ACCEPT

    iptables -t filter -A INPUT -p udp -i eth1 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth1 -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth1 -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth1 -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -i eth1 --dport 501 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -i eth1 --dport 502 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -i eth1 --dport 501 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -i eth1 --dport 502 -j ACCEPT

    iptables -t filter -A INPUT -p udp -i eth0 -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth0 -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth0 -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth0 -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -i eth0 --sport 501 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -i eth0 --sport 502 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -i eth0 --sport 501 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -i eth0 --sport 502 -j ACCEPT

    iptables -t filter -A INPUT -p udp -i eth1 -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth1 -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth1 -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A INPUT -p udp -i eth1 -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -i eth1 --sport 501 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -i eth1 --sport 502 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -i eth1 --sport 501 -j ACCEPT
    iptables -t filter -A INPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -i eth1 --sport 502 -j ACCEPT

    echo "***INPUT OK***"
    sleep 2

    #TCP
    echo "***TCP OK***"

    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -o eth0 --dport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -o eth0 --dport 502 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --dport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --dport 502 -j ACCEPT

    iptables -t filter -A OUTPUT -p tcp -o eth1 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth1 -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth1 -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth1 -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -o eth1 --dport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -o eth1 --dport 502 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -o eth1 --dport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -o eth1 --dport 502 -j ACCEPT

    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth0 -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -o eth0 --sport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -o eth0 --sport 502 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --sport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --sport 502 -j ACCEPT

    iptables -t filter -A OUTPUT -p tcp -o eth1 -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth1 -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth1 -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -o eth1 -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -o eth1 --sport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 172.23.0.10 -d 201.63.91.116 -o eth1 --sport 502 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -o eth1 --sport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -s 201.63.91.116 -d 172.23.0.10 -o eth1 --sport 502 -j ACCEPT

    #UDP
    echo "***UDP OK***"
    iptables -t filter -A OUTPUT -p udp -o eth0 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth0 -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth0 -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth0 -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -o eth0 --dport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -o eth0 --dport 502 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --dport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --dport 502 -j ACCEPT

    iptables -t filter -A OUTPUT -p udp -o eth1 -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth1 -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth1 -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth1 -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -o eth1 --dport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -o eth1 --dport 502 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -o eth1 --dport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --dport 502 -j ACCEPT


    iptables -t filter -A OUTPUT -p udp -o eth0 -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth0 -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth0 -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth0 -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -o eth0 --sport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -o eth0 --sport 502 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --sport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -o eth0 --sport 502 -j ACCEPT

    iptables -t filter -A OUTPUT -p udp -o eth1 -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth1 -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth1 -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -o eth1 -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -o eth1 --sport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 172.23.0.10 -d 201.63.91.116 -o eth1 --sport 502 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -o eth1 --sport 501 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp -s 201.63.91.116 -d 172.23.0.10 -o eth1 --sport 502 -j ACCEPT

    echo "***OUTPUT OK***"
    sleep 2

    #TCP
    echo "***TCP OK***"

    iptables -t filter -A FORWARD -p tcp -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -s 172.23.0.10 -d 201.63.91.116 --dport 501 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -s 172.23.0.10 -d 201.63.91.116 --dport 502 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -s 201.63.91.116 -d 172.23.0.10 --dport 501 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -s 201.63.91.116 -d 172.23.0.10 --dport 502 -j ACCEPT

    iptables -t filter -A FORWARD -p tcp -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -s 172.23.0.10 -d 201.63.91.116 --sport 501 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -s 172.23.0.10 -d 201.63.91.116 --sport 502 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -s 201.63.91.116 -d 172.23.0.10 --sport 501 -j ACCEPT
    iptables -t filter -A FORWARD -p tcp -s 201.63.91.116 -d 172.23.0.10 --sport 502 -j ACCEPT

    echo "***UDP OK***"
    iptables -t filter -A FORWARD -p udp -m multiport --dport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -m multiport --dport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -m multiport --dport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -m multiport --dport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -s 172.23.0.10 -d 201.63.91.116 --dport 501 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -s 172.23.0.10 -d 201.63.91.116 --dport 502 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -s 201.63.91.116 -d 172.23.0.10 --dport 501 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -s 201.63.91.116 -d 172.23.0.10 --dport 502 -j ACCEPT

    iptables -t filter -A FORWARD -p udp -m multiport --sport 25,66,113,501,502,110,80,8080 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -m multiport --sport 53,3128,443,5222,7070,8180 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -m multiport --sport 20,21,563,70,210,280,777 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -m multiport --sport 3389,901,554,118,591 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -s 172.23.0.10 -d 201.63.91.116 --sport 501 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -s 172.23.0.10 -d 201.63.91.116 --sport 502 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -s 201.63.91.116 -d 172.23.0.10 --sport 501 -j ACCEPT
    iptables -t filter -A FORWARD -p udp -s 201.63.91.116 -d 172.23.0.10 --sport 502 -j ACCEPT

    echo "***FORWARD OK***"
    sleep 2


    0 0
  • Quote

    • 4. Force...

    Davi Ribeiro
    dastyler
    (usa Fedora)

    Enviado em 02/04/2009 - 14:56h

    os clientes do AD a usarem o proxy nas confiugurações de grupo de usuarios no mesmo clicando com o botão direito e adcio e adicionar controle.
    Eu usei a regra de proxy transparente em conjunto com o AD e deu certo (com Squid 3.0):

    /sbin/iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-p\
    ort 3128

    E apos ver sua confe teu iptables ta blockando a porta do squid:

    iptables -t filter -A INPUT -p tcp -i eth0 --dport 3128 -j DROP

    A regra abaixo é desnecessria, pois o squid filtra pela tcp:

    iptables -t filter -A INPUT -p udp -i eth0 --dport 3128 -j DROP

    []´s

    0 0
  • Quote





    • Patrocínio

    Site hospedado pelo provedor RedeHost.
    Linux banner

    Destaques

    Artigos

    Instalar certificado digital Safesign, fornecido pela Certisign e utilizado pela OAB-SP, em qualquer distribuição Linux usando distrobox

    Manutenção de sistemas Linux Debian e derivados com apt-get, apt, aptitude e dpkg

    Criatividade para TI parte 1

    Melhorando o tempo de boot do Fedora e outras distribuições

    Como instalar as extensões Dash To Dock e Hide Top Bar no Gnome 45/46

    Dicas

    Como Atualizar Fedora 39 para 40

    Instalar Google Chrome no Debian e derivados

    Consertando o erro do Sushi e Wayland no Opensuse Leap 15

    Instalar a última versão do PostgreSQL no Lunix mantendo atualizado

    Flathub na sua distribuição Linux e comandos básicos de gerenciamento

    Tópicos

    Agora temos uma assistente virtual no fórum!!! (247)

    iso de sistema 32 bit em atividade (12)

    Como adicionar módulo de saúde da bateria dos notebooks Acer ao kernel... (27)

    Lançado Ubuntu 24.04 Final (4)

    ASRock H310CM-HG4 vs Linux (15)

    Top 10 do mês

    Scripts

    [Python] Adicione a opção Redimensionar e rotacionar imagens ao Nautilus

    [Shell Script] Script para desinstalar pacotes desnecessários no OpenSuse

    [Shell Script] Script para criar certificados de forma automatizada no OpenVpn

    [Shell Script] Conversor de vídeo com opção de legenda

    [C/C++] BRT - Bulk Renaming Tool

    A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.

    Site hospedado por: