Denuncie   Favoritos   Indicar  

Passar por fora do proxy squid

1. Passar por fora do proxy squid

Jocelim Rodrigues Jr.
jocelimjsrj
(usa CentOS)

Enviado em 08/03/2018 - 17:11h

Boa Tarde !

Preciso desviar do proxy squid alguns dispositivos internos por ip para acesso externo.
Já tentei várias dicas mas nada funciona.
Vou passar meu iptables.
No caso, estou tentando desviar o ip 192.168.1.60
Estou tentando esse desvio para testar o funcionamento do Whatsapp sem problemas.

*mangle
:PREROUTING ACCEPT [409:157554]
:INPUT ACCEPT [147:14022]
:FORWARD ACCEPT [259:142791]
:OUTPUT ACCEPT [109:17358]
:POSTROUTING ACCEPT [368:160149]
COMMIT
*nat
:PREROUTING ACCEPT [9:1680]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [1:70]
### regras para lista de IPs para desviar do proxy
-N PROXY
-A PREROUTING -i eth0 -p tcp --dport 80 -j PROXY
# lista de externos
-A PROXY -d 200.201.174.0 -j RETURN
-A PROXY -d 200.252.60.42 -j RETURN
-A PROXY -d 200.252.60.83 -j RETURN
-A PROXY -d 104.236.14.6 -j RETURN
-A PROXY -d viacep.com.br -j RETURN
-A PROXY -d sii.inovadorasistemas.com.br -j RETURN
-A PROXY -d sii.inovadora.com.br -j RETURN
# lista de internos
-A PROXY -s 192.168.1.60 -j RETURN
#
-A PROXY -p tcp --dport 80 -j REDIRECT --to 3128
### fim das regras para lista de IPs para desviar do proxy
-A PREROUTING -p tcp --dport 5432 -i eth1 -j DNAT --to 192.168.1.2:5432
-A PREROUTING -p udp --dport 5432 -i eth1 -j DNAT --to 192.168.1.2:5432
-A PREROUTING -p tcp --dport 3000 -i eth1 -j DNAT --to 192.168.0.254:3000
-A PREROUTING -p tcp --dport 3001 -i eth1 -j DNAT --to 192.168.0.254:3001
-A PREROUTING -p tcp --dport 3002 -i eth1 -j DNAT --to 192.168.0.254:3002
-A PREROUTING -p tcp --dport 3003 -i eth1 -j DNAT --to 192.168.0.254:3003
-A PREROUTING -p tcp --dport 3004 -i eth1 -j DNAT --to 192.168.0.254:3004
-A PREROUTING -p tcp --dport 3005 -i eth1 -j DNAT --to 192.168.0.254:3005
-A PREROUTING -p tcp --dport 3006 -i eth1 -j DNAT --to 192.168.0.254:3006
-A PREROUTING -p tcp --dport 3007 -i eth1 -j DNAT --to 192.168.0.254:3007
-A PREROUTING -p tcp --dport 3008 -i eth1 -j DNAT --to 192.168.0.254:3008
-A PREROUTING -p tcp --dport 3009 -i eth1 -j DNAT --to 192.168.0.254:3009
-A PREROUTING -p tcp --dport 3010 -i eth1 -j DNAT --to 192.168.0.254:3010
-A PREROUTING -p tcp --dport 5902 -j DNAT --to 192.168.1.2:5902
-A PREROUTING -p tcp --dport 5903 -j DNAT --to 192.168.1.2:5903
-A PREROUTING -p tcp --dport 5904 -j DNAT --to 192.168.1.2:5904
-A PREROUTING -p tcp --dport 5905 -j DNAT --to 192.168.0.1:5800
-A PREROUTING -p udp --dport 5901 -j DNAT --to 192.168.0.1:5900
-A PREROUTING -p tcp --dport 9090 -j DNAT --to 192.168.1.3:80
-A PREROUTING -p tcp --dport 4550 -j DNAT --to 192.168.1.3:4550
-A POSTROUTING -p tcp -s 192.168.1.3 --dport 4550 -j MASQUERADE
-A PREROUTING -p tcp --dport 5550 -j DNAT --to 192.168.1.3:5550
-A POSTROUTING -p tcp -s 192.168.1.3 --dport 5550 -j MASQUERADE
-A PREROUTING -p tcp --dport 6550 -j DNAT --to 192.168.1.3:6550
-A POSTROUTING -p tcp -s 192.168.1.3 --dport 6550 -j MASQUERADE
-A PREROUTING -p tcp --dport 8866 -j DNAT --to 192.168.1.3:8866
-A POSTROUTING -p tcp -s 192.168.1.3 --dport 8866 -j MASQUERADE
-A PREROUTING -p tcp --dport 9091 -j DNAT --to 192.168.1.4:80
-A PREROUTING -p tcp --dport 4551 -j DNAT --to 192.168.1.4:4550
-A POSTROUTING -p tcp -s 192.168.1.4 --dport 4551 -j MASQUERADE
-A PREROUTING -p tcp --dport 5551 -j DNAT --to 192.168.1.4:5550
-A POSTROUTING -p tcp -s 192.168.1.4 --dport 5551 -j MASQUERADE
-A PREROUTING -p tcp --dport 6551 -j DNAT --to 192.168.1.4:6550
-A POSTROUTING -p tcp -s 192.168.1.4 --dport 6551 -j MASQUERADE
-A PREROUTING -p tcp --dport 5552 -j DNAT --to 192.168.1.4:5552
-A POSTROUTING -p tcp -s 192.168.1.4 --dport 5552 -j MASQUERADE
-A PREROUTING -p tcp --dport 8867 -j DNAT --to 192.168.1.4:8867
-A POSTROUTING -p tcp -s 192.168.1.4 --dport 8867 -j MASQUERADE
-A PREROUTING -p tcp --dport 15500 -j DNAT --to 192.168.1.99:15500
-A POSTROUTING -p tcp -s 192.168.1.99 --dport 15500 -j MASQUERADE
-A PREROUTING -p udp --dport 4186 -j DNAT --to 192.168.1.99:4186
-A POSTROUTING -p udp -s 192.168.1.99 --dport 4186 -j MASQUERADE
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:allowed - [0:0]
:bad_tcp_packets - [0:0]
:icmp_packets - [0:0]
:tcp_packets - [0:0]
:udp_packets - [0:0]
-A FORWARD -i eth0 -s 192.168.1.60 -j ACCEPT
-A FORWARD -d 192.168.1.3 -p tcp --dport 80 -j ACCEPT
-A FORWARD -s 192.168.1.3 -p tcp --sport 80 -j ACCEPT
-A FORWARD -d 192.168.1.3 -p tcp --dport 4550 -j ACCEPT
-A FORWARD -s 192.168.1.3 -p tcp --sport 4550 -j ACCEPT
-A FORWARD -d 192.168.1.3 -p tcp --dport 5550 -j ACCEPT
-A FORWARD -s 192.168.1.3 -p tcp --sport 5550 -j ACCEPT
-A FORWARD -d 192.168.1.3 -p tcp --dport 6550 -j ACCEPT
-A FORWARD -s 192.168.1.3 -p tcp --sport 6550 -j ACCEPT
-A FORWARD -d 192.168.1.3 -p tcp --dport 8866 -j ACCEPT
-A FORWARD -s 192.168.1.3 -p tcp --sport 8866 -j ACCEPT
-A FORWARD -d 192.168.1.4 -p tcp --dport 80 -j ACCEPT
-A FORWARD -s 192.168.1.4 -p tcp --sport 80 -j ACCEPT
-A FORWARD -d 192.168.1.4 -p tcp --dport 4550 -j ACCEPT
-A FORWARD -s 192.168.1.4 -p tcp --sport 4550 -j ACCEPT
-A FORWARD -d 192.168.1.4 -p tcp --dport 5550 -j ACCEPT
-A FORWARD -s 192.168.1.4 -p tcp --sport 5550 -j ACCEPT
-A FORWARD -d 192.168.1.4 -p tcp --dport 6550 -j ACCEPT
-A FORWARD -s 192.168.1.4 -p tcp --sport 6550 -j ACCEPT
-A FORWARD -d 192.168.1.4 -p tcp --dport 8867 -j ACCEPT
-A FORWARD -s 192.168.1.4 -p tcp --sport 8867 -j ACCEPT
-A FORWARD -d 192.168.1.99 -p tcp --dport 15500 -j ACCEPT
-A FORWARD -s 192.168.1.99 -p tcp --sport 15500 -j ACCEPT
-A FORWARD -d 192.168.1.99 -p udp --dport 4186 -j ACCEPT
-A FORWARD -s 192.168.1.99 -p udp --sport 4186 -j ACCEPT
-A FORWARD -p tcp --dport 5902 -j ACCEPT
-A FORWARD -p tcp --dport 5903 -j ACCEPT
-A FORWARD -p tcp --dport 5904 -j ACCEPT
-A FORWARD -p tcp --dport 5905 -j ACCEPT
-A INPUT -p tcp --dport 5432 -j ACCEPT
-A INPUT -p udp --dport 5432 -j ACCEPT
-A INPUT -p tcp --sport 5432 -j ACCEPT
-A INPUT -p udp --sport 5432 -j ACCEPT
-A FORWARD -p tcp --dport 5432 -j ACCEPT
-A FORWARD -p tcp --sport 5432 -j ACCEPT
-A FORWARD -p udp --dport 5432 -j ACCEPT
-A FORWARD -p udp --sport 5432 -j ACCEPT
-A OUTPUT -p tcp --dport 5432 -j ACCEPT
-A OUTPUT -p udp --dport 5432 -j ACCEPT
-A OUTPUT -p tcp --sport 5432 -j ACCEPT
-A OUTPUT -p udp --sport 5432 -j ACCEPT
-A FORWARD -p tcp --dport 3000 -j ACCEPT
-A FORWARD -p tcp --sport 3000 -j ACCEPT
-A FORWARD -p tcp --dport 3001 -j ACCEPT
-A FORWARD -p tcp --sport 3001 -j ACCEPT
-A FORWARD -p tcp --dport 3002 -j ACCEPT
-A FORWARD -p tcp --sport 3002 -j ACCEPT
-A FORWARD -p tcp --dport 3003 -j ACCEPT
-A FORWARD -p tcp --sport 3003 -j ACCEPT
-A FORWARD -p tcp --dport 3004 -j ACCEPT
-A FORWARD -p tcp --sport 3004 -j ACCEPT
-A FORWARD -p tcp --dport 3005 -j ACCEPT
-A FORWARD -p tcp --sport 3005 -j ACCEPT
-A FORWARD -p tcp --dport 3006 -j ACCEPT
-A FORWARD -p tcp --sport 3006 -j ACCEPT
-A FORWARD -p tcp --dport 3007 -j ACCEPT
-A FORWARD -p tcp --sport 3007 -j ACCEPT
-A FORWARD -p tcp --dport 3008 -j ACCEPT
-A FORWARD -p tcp --sport 3008 -j ACCEPT
-A FORWARD -p tcp --dport 3009 -j ACCEPT
-A FORWARD -p tcp --sport 3009 -j ACCEPT
-A FORWARD -p tcp --dport 3010 -j ACCEPT
-A FORWARD -p tcp --sport 3010 -j ACCEPT
-A INPUT -p tcp --dport 3000 -j ACCEPT
-A INPUT -p tcp --sport 3000 -j ACCEPT
-A INPUT -p tcp --dport 3001 -j ACCEPT
-A INPUT -p tcp --sport 3001 -j ACCEPT
-A INPUT -p tcp --dport 3002 -j ACCEPT
-A INPUT -p tcp --sport 3002 -j ACCEPT
-A INPUT -p tcp --dport 3003 -j ACCEPT
-A INPUT -p tcp --sport 3003 -j ACCEPT
-A INPUT -p tcp --dport 3004 -j ACCEPT
-A INPUT -p tcp --sport 3004 -j ACCEPT
-A INPUT -p tcp --dport 3005 -j ACCEPT
-A INPUT -p tcp --sport 3005 -j ACCEPT
-A INPUT -p tcp --dport 3006 -j ACCEPT
-A INPUT -p tcp --sport 3006 -j ACCEPT
-A INPUT -p tcp --dport 3007 -j ACCEPT
-A INPUT -p tcp --sport 3007 -j ACCEPT
-A INPUT -p tcp --dport 3008 -j ACCEPT
-A INPUT -p tcp --sport 3008 -j ACCEPT
-A INPUT -p tcp --dport 3009 -j ACCEPT
-A INPUT -p tcp --sport 3009 -j ACCEPT
-A INPUT -p tcp --dport 3010 -j ACCEPT
-A INPUT -p tcp --sport 3010 -j ACCEPT
-A INPUT -p tcp -j bad_tcp_packets
-A INPUT -s 192.168.1.0/255.255.255.0 -i eth0 -j ACCEPT
# linha squid
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 68 --dport 67 -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -p tcp -j tcp_packets
-A INPUT -i eth1 -p udp -j udp_packets
-A INPUT -i eth1 -p icmp -j icmp_packets
-A INPUT -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "IPT INPUT packet died: " --log-level 7
-A FORWARD -p tcp -j bad_tcp_packets
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "IPT FORWARD packet died: " --log-level 7
-A OUTPUT -p tcp -j bad_tcp_packets
-A OUTPUT -s 127.0.0.1 -j ACCEPT
-A OUTPUT -s 192.168.1.1 -j ACCEPT
# linha squid
-A OUTPUT -s 192.168.0.1 -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
-A OUTPUT -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "IPT OUTPUT packet died: " --log-level 7
-A allowed -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A allowed -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A allowed -p tcp -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j LOG --log-prefix "New not syn:"
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A icmp_packets -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A tcp_packets -p tcp -m tcp --dport 21 -j allowed
-A tcp_packets -p tcp -m tcp --dport 22 -j allowed
-A tcp_packets -p tcp -m tcp --dport 80 -j allowed
-A udp_packets -p udp -m udp --sport 53 -j ACCEPT
-A udp_packets -p udp -m udp --sport 67 -j ACCEPT
-A udp_packets -p udp -m udp --sport 2074 -j ACCEPT
-A udp_packets -p udp -m udp --sport 4000 -j ACCEPT
COMMIT



Centos 5.11
Squid 2.6


0 0
  • Quote

    •   


    2. squid

    Alex Fernando
    showd07
    (usa Debian)

    Enviado em 09/03/2018 - 17:29h

    (41) 99865-7434

    me chama la no wpp que vamos ver o que pode ser feito.

    0 0
  • Quote

    • 3. Re: Passar por fora do proxy squid

    Leandro Silva
    LSSilva
    (usa Outra)

    Enviado em 11/03/2018 - 00:46h

    Adicionar:
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -s 192.168.1.60 -j ACCEPT
    Antes de:
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j PROXY
    Se eu não me engano é a linha número 14 do seu arquivo salvo do iptables.

    Isso pode, talvez, resolver seu problema de passar por fora do proxy.

    0 0
  • Quote

    • 4. Ainda não deu

    Jocelim Rodrigues Jr.
    jocelimjsrj
    (usa CentOS)

    Enviado em 12/03/2018 - 10:46h

    Bom Dia !

    LSSilva,

    Adicionei a linha que você sugeriu mas não adiantou ainda.
    Mais alguma dica ?
    O desvio pode ser total e não só no que se refere ao Whatsapp, para facilitar.
    Agradeço desde já a ajuda.


    0 0
  • Quote

    • 5. Re: Passar por fora do proxy squid

    Leandro Silva
    LSSilva
    (usa Outra)

    Enviado em 12/03/2018 - 14:14h

    Teria como postar seu script de firewall completo (e não este dump do iptables)?
    Pois dessa forma fica mais legível pra ajudarmos melhor.

    Poste também a saída dos comandos:

    iptables -t nat -nL
    iptables -nL

    Poste também seu squid.conf.



    0 0
  • Quote

    • 6. configurações

    Jocelim Rodrigues Jr.
    jocelimjsrj
    (usa CentOS)

    Enviado em 12/03/2018 - 16:40h

    Boa Tarde !

    No CentOS não sei onde fica o script do firewall.
    Trabalho direto com o arquivo iptables em /etc/sysconfig.

    Executei iptables-save e tive esse resultado:
    ------------------------------------------------------------------------------------------------
    # Generated by iptables-save v1.3.5 on Mon Mar 12 14:55:09 2018
    *filter
    :INPUT DROP [3934:230418]
    :FORWARD DROP [0:0]
    :OUTPUT DROP [21:1548]
    :allowed - [0:0]
    :bad_tcp_packets - [0:0]
    :icmp_packets - [0:0]
    :tcp_packets - [0:0]
    :udp_packets - [0:0]
    -A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT
    -A INPUT -p udp -m udp --dport 5432 -j ACCEPT
    -A INPUT -p tcp -m tcp --sport 5432 -j ACCEPT
    -A INPUT -p udp -m udp --sport 5432 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
    -A INPUT -p tcp -m tcp --sport 3000 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 3001 -j ACCEPT
    -A INPUT -p tcp -m tcp --sport 3001 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 3002 -j ACCEPT
    -A INPUT -p tcp -m tcp --sport 3002 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 3003 -j ACCEPT
    -A INPUT -p tcp -m tcp --sport 3003 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 3004 -j ACCEPT
    -A INPUT -p tcp -m tcp --sport 3004 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 3005 -j ACCEPT
    -A INPUT -p tcp -m tcp --sport 3005 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 3006 -j ACCEPT
    -A INPUT -p tcp -m tcp --sport 3006 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 3007 -j ACCEPT
    -A INPUT -p tcp -m tcp --sport 3007 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 3008 -j ACCEPT
    -A INPUT -p tcp -m tcp --sport 3008 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 3009 -j ACCEPT
    -A INPUT -p tcp -m tcp --sport 3009 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 3010 -j ACCEPT
    -A INPUT -p tcp -m tcp --sport 3010 -j ACCEPT
    -A INPUT -p tcp -j bad_tcp_packets
    -A INPUT -s 192.168.1.0/255.255.255.0 -i eth0 -j ACCEPT
    -A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -i eth0 -p udp -m udp --sport 68 --dport 67 -j ACCEPT
    -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -i eth1 -p tcp -j tcp_packets
    -A INPUT -i eth1 -p udp -j udp_packets
    -A INPUT -i eth1 -p icmp -j icmp_packets
    -A INPUT -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "IPT INPUT packet died: " --log-level 7
    -A FORWARD -d 192.168.1.3 -p tcp -m tcp --dport 80 -j ACCEPT
    -A FORWARD -s 192.168.1.3 -p tcp -m tcp --sport 80 -j ACCEPT
    -A FORWARD -d 192.168.1.3 -p tcp -m tcp --dport 4550 -j ACCEPT
    -A FORWARD -s 192.168.1.3 -p tcp -m tcp --sport 4550 -j ACCEPT
    -A FORWARD -d 192.168.1.3 -p tcp -m tcp --dport 5550 -j ACCEPT
    -A FORWARD -s 192.168.1.3 -p tcp -m tcp --sport 5550 -j ACCEPT
    -A FORWARD -d 192.168.1.3 -p tcp -m tcp --dport 6550 -j ACCEPT
    -A FORWARD -s 192.168.1.3 -p tcp -m tcp --sport 6550 -j ACCEPT
    -A FORWARD -d 192.168.1.3 -p tcp -m tcp --dport 8866 -j ACCEPT
    -A FORWARD -s 192.168.1.3 -p tcp -m tcp --sport 8866 -j ACCEPT
    -A FORWARD -d 192.168.1.4 -p tcp -m tcp --dport 80 -j ACCEPT
    -A FORWARD -s 192.168.1.4 -p tcp -m tcp --sport 80 -j ACCEPT
    -A FORWARD -d 192.168.1.4 -p tcp -m tcp --dport 4550 -j ACCEPT
    -A FORWARD -s 192.168.1.4 -p tcp -m tcp --sport 4550 -j ACCEPT
    -A FORWARD -d 192.168.1.4 -p tcp -m tcp --dport 5550 -j ACCEPT
    -A FORWARD -s 192.168.1.4 -p tcp -m tcp --sport 5550 -j ACCEPT
    -A FORWARD -d 192.168.1.4 -p tcp -m tcp --dport 6550 -j ACCEPT
    -A FORWARD -s 192.168.1.4 -p tcp -m tcp --sport 6550 -j ACCEPT
    -A FORWARD -d 192.168.1.4 -p tcp -m tcp --dport 8867 -j ACCEPT
    -A FORWARD -s 192.168.1.4 -p tcp -m tcp --sport 8867 -j ACCEPT
    -A FORWARD -d 192.168.1.99 -p tcp -m tcp --dport 15500 -j ACCEPT
    -A FORWARD -s 192.168.1.99 -p tcp -m tcp --sport 15500 -j ACCEPT
    -A FORWARD -d 192.168.1.99 -p udp -m udp --dport 4186 -j ACCEPT
    -A FORWARD -s 192.168.1.99 -p udp -m udp --sport 4186 -j ACCEPT
    -A FORWARD -p tcp -m tcp --dport 5902 -j ACCEPT
    -A FORWARD -p tcp -m tcp --dport 5903 -j ACCEPT
    -A FORWARD -p tcp -m tcp --dport 5904 -j ACCEPT
    -A FORWARD -p tcp -m tcp --dport 5905 -j ACCEPT
    -A FORWARD -p tcp -m tcp --dport 5432 -j ACCEPT
    -A FORWARD -p tcp -m tcp --sport 5432 -j ACCEPT
    -A FORWARD -p udp -m udp --dport 5432 -j ACCEPT
    -A FORWARD -p udp -m udp --sport 5432 -j ACCEPT
    -A FORWARD -p tcp -m tcp --dport 3000 -j ACCEPT
    -A FORWARD -p tcp -m tcp --sport 3000 -j ACCEPT
    -A FORWARD -p tcp -m tcp --dport 3001 -j ACCEPT
    -A FORWARD -p tcp -m tcp --sport 3001 -j ACCEPT
    -A FORWARD -p tcp -m tcp --dport 3002 -j ACCEPT
    -A FORWARD -p tcp -m tcp --sport 3002 -j ACCEPT
    -A FORWARD -p tcp -m tcp --dport 3003 -j ACCEPT
    -A FORWARD -p tcp -m tcp --sport 3003 -j ACCEPT
    -A FORWARD -p tcp -m tcp --dport 3004 -j ACCEPT
    -A FORWARD -p tcp -m tcp --sport 3004 -j ACCEPT
    -A FORWARD -p tcp -m tcp --dport 3005 -j ACCEPT
    -A FORWARD -p tcp -m tcp --sport 3005 -j ACCEPT
    -A FORWARD -p tcp -m tcp --dport 3006 -j ACCEPT
    -A FORWARD -p tcp -m tcp --sport 3006 -j ACCEPT
    -A FORWARD -p tcp -m tcp --dport 3007 -j ACCEPT
    -A FORWARD -p tcp -m tcp --sport 3007 -j ACCEPT
    -A FORWARD -p tcp -m tcp --dport 3008 -j ACCEPT
    -A FORWARD -p tcp -m tcp --sport 3008 -j ACCEPT
    -A FORWARD -p tcp -m tcp --dport 3009 -j ACCEPT
    -A FORWARD -p tcp -m tcp --sport 3009 -j ACCEPT
    -A FORWARD -p tcp -m tcp --dport 3010 -j ACCEPT
    -A FORWARD -p tcp -m tcp --sport 3010 -j ACCEPT
    -A FORWARD -p tcp -j bad_tcp_packets
    -A FORWARD -i eth0 -j ACCEPT
    -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A FORWARD -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "IPT FORWARD packet died: " --log-level 7
    -A OUTPUT -p tcp -m tcp --dport 5432 -j ACCEPT
    -A OUTPUT -p udp -m udp --dport 5432 -j ACCEPT
    -A OUTPUT -p tcp -m tcp --sport 5432 -j ACCEPT
    -A OUTPUT -p udp -m udp --sport 5432 -j ACCEPT
    -A OUTPUT -p tcp -j bad_tcp_packets
    -A OUTPUT -s 127.0.0.1 -j ACCEPT
    -A OUTPUT -s 192.168.1.1 -j ACCEPT
    -A OUTPUT -s 192.168.0.1 -j ACCEPT
    -A OUTPUT -o eth1 -j ACCEPT
    -A OUTPUT -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "IPT OUTPUT packet died: " --log-level 7
    -A allowed -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT
    -A allowed -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A allowed -p tcp -j DROP
    -A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
    -A bad_tcp_packets -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j LOG --log-prefix "New not syn:"
    -A bad_tcp_packets -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
    -A icmp_packets -p icmp -m icmp --icmp-type 8 -j ACCEPT
    -A icmp_packets -p icmp -m icmp --icmp-type 11 -j ACCEPT
    -A tcp_packets -p tcp -m tcp --dport 21 -j allowed
    -A tcp_packets -p tcp -m tcp --dport 22 -j allowed
    -A tcp_packets -p tcp -m tcp --dport 80 -j allowed
    -A udp_packets -p udp -m udp --sport 53 -j ACCEPT
    -A udp_packets -p udp -m udp --sport 67 -j ACCEPT
    -A udp_packets -p udp -m udp --sport 2074 -j ACCEPT
    -A udp_packets -p udp -m udp --sport 4000 -j ACCEPT
    COMMIT
    # Completed on Mon Mar 12 14:55:09 2018
    # Generated by iptables-save v1.3.5 on Mon Mar 12 14:55:09 2018
    *nat
    :PREROUTING ACCEPT [58142:4852981]
    :POSTROUTING ACCEPT [1108:947195]
    :OUTPUT ACCEPT [28997:1812797]
    :PROXY - [0:0]
    -A PREROUTING -s 192.168.1.60 -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
    -A PREROUTING -s 192.168.1.60 -i eth0 -p udp -m udp --dport 80 -j ACCEPT
    -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j PROXY
    -A PREROUTING -i eth1 -p tcp -m tcp --dport 5432 -j DNAT --to-destination 192.168.1.2:5432
    -A PREROUTING -i eth1 -p udp -m udp --dport 5432 -j DNAT --to-destination 192.168.1.2:5432
    -A PREROUTING -i eth1 -p tcp -m tcp --dport 3000 -j DNAT --to-destination 192.168.0.254:3000
    -A PREROUTING -i eth1 -p tcp -m tcp --dport 3001 -j DNAT --to-destination 192.168.0.254:3001
    -A PREROUTING -i eth1 -p tcp -m tcp --dport 3002 -j DNAT --to-destination 192.168.0.254:3002
    -A PREROUTING -i eth1 -p tcp -m tcp --dport 3003 -j DNAT --to-destination 192.168.0.254:3003
    -A PREROUTING -i eth1 -p tcp -m tcp --dport 3004 -j DNAT --to-destination 192.168.0.254:3004
    -A PREROUTING -i eth1 -p tcp -m tcp --dport 3005 -j DNAT --to-destination 192.168.0.254:3005
    -A PREROUTING -i eth1 -p tcp -m tcp --dport 3006 -j DNAT --to-destination 192.168.0.254:3006
    -A PREROUTING -i eth1 -p tcp -m tcp --dport 3007 -j DNAT --to-destination 192.168.0.254:3007
    -A PREROUTING -i eth1 -p tcp -m tcp --dport 3008 -j DNAT --to-destination 192.168.0.254:3008
    -A PREROUTING -i eth1 -p tcp -m tcp --dport 3009 -j DNAT --to-destination 192.168.0.254:3009
    -A PREROUTING -i eth1 -p tcp -m tcp --dport 3010 -j DNAT --to-destination 192.168.0.254:3010
    -A PREROUTING -p tcp -m tcp --dport 5902 -j DNAT --to-destination 192.168.1.2:5902
    -A PREROUTING -p tcp -m tcp --dport 5903 -j DNAT --to-destination 192.168.1.2:5903
    -A PREROUTING -p tcp -m tcp --dport 5904 -j DNAT --to-destination 192.168.1.2:5904
    -A PREROUTING -p tcp -m tcp --dport 5905 -j DNAT --to-destination 192.168.0.1:5800
    -A PREROUTING -p udp -m udp --dport 5901 -j DNAT --to-destination 192.168.0.1:5900
    -A PREROUTING -p tcp -m tcp --dport 9090 -j DNAT --to-destination 192.168.1.3:80
    -A PREROUTING -p tcp -m tcp --dport 4550 -j DNAT --to-destination 192.168.1.3:4550
    -A PREROUTING -p tcp -m tcp --dport 5550 -j DNAT --to-destination 192.168.1.3:5550
    -A PREROUTING -p tcp -m tcp --dport 6550 -j DNAT --to-destination 192.168.1.3:6550
    -A PREROUTING -p tcp -m tcp --dport 8866 -j DNAT --to-destination 192.168.1.3:8866
    -A PREROUTING -p tcp -m tcp --dport 9091 -j DNAT --to-destination 192.168.1.4:80
    -A PREROUTING -p tcp -m tcp --dport 4551 -j DNAT --to-destination 192.168.1.4:4550
    -A PREROUTING -p tcp -m tcp --dport 5551 -j DNAT --to-destination 192.168.1.4:5550
    -A PREROUTING -p tcp -m tcp --dport 6551 -j DNAT --to-destination 192.168.1.4:6550
    -A PREROUTING -p tcp -m tcp --dport 5552 -j DNAT --to-destination 192.168.1.4:5552
    -A PREROUTING -p tcp -m tcp --dport 8867 -j DNAT --to-destination 192.168.1.4:8867
    -A PREROUTING -p tcp -m tcp --dport 15500 -j DNAT --to-destination 192.168.1.99:15500
    -A PREROUTING -p udp -m udp --dport 4186 -j DNAT --to-destination 192.168.1.99:4186
    -A POSTROUTING -s 192.168.1.3 -p tcp -m tcp --dport
    4550 -j MASQUERADE
    -A POSTROUTING -s 192.168.1.3 -p tcp -m tcp --dport 5550 -j MASQUERADE
    -A POSTROUTING -s 192.168.1.3 -p tcp -m tcp --dport 6550 -j MASQUERADE
    -A POSTROUTING -s 192.168.1.3 -p tcp -m tcp --dport 8866 -j MASQUERADE
    -A POSTROUTING -s 192.168.1.4 -p tcp -m tcp --dport 4551 -j MASQUERADE
    -A POSTROUTING -s 192.168.1.4 -p tcp -m tcp --dport 5551 -j MASQUERADE
    -A POSTROUTING -s 192.168.1.4 -p tcp -m tcp --dport 6551 -j MASQUERADE
    -A POSTROUTING -s 192.168.1.4 -p tcp -m tcp --dport 5552 -j MASQUERADE
    -A POSTROUTING -s 192.168.1.4 -p tcp -m tcp --dport 8867 -j MASQUERADE
    -A POSTROUTING -s 192.168.1.99 -p tcp -m tcp --dport 15500 -j MASQUERADE
    -A POSTROUTING -s 192.168.1.99 -p udp -m udp --dport 4186 -j MASQUERADE
    -A POSTROUTING -o eth1 -j MASQUERADE
    -A PROXY -d 200.201.174.0 -j RETURN
    -A PROXY -d 200.252.60.42 -j RETURN
    -A PROXY -d 200.252.60.83 -j RETURN
    -A PROXY -d 104.236.14.6 -j RETURN
    -A PROXY -d 165.227.126.241 -j RETURN
    -A PROXY -d 52.67.237.186 -j RETURN
    -A PROXY -d 54.232.192.254 -j RETURN
    -A PROXY -d 54.233.160.99 -j RETURN
    -A PROXY -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
    COMMIT
    # Completed on Mon Mar 12 14:55:09 2018
    # Generated by iptables-save v1.3.5 on Mon Mar 12 14:55:09 2018
    *mangle
    :PREROUTING ACCEPT [2945075:2165081986]
    :INPUT ACCEPT [2859213:2143926526]
    :FORWARD ACCEPT [74185:20134693]
    :OUTPUT ACCEPT [3061265:2185800230]
    :POSTROUTING ACCEPT [3134527:2205524288]
    COMMIT
    # Completed on Mon Mar 12 14:55:09 2018



    iptables -t nat -nL
    -----------------------------------------------------------
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination
    ACCEPT tcp -- 192.168.1.60 0.0.0.0/0 tcp dpt:80
    ACCEPT udp -- 192.168.1.60 0.0.0.0/0 udp dpt:80
    PROXY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 to:192.168.1.2:5432
    DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5432 to:192.168.1.2:5432
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3000 to:192.168.0.254:3000
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3001 to:192.168.0.254:3001
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3002 to:192.168.0.254:3002
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3003 to:192.168.0.254:3003
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3004 to:192.168.0.254:3004
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3005 to:192.168.0.254:3005
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3006 to:192.168.0.254:3006
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3007 to:192.168.0.254:3007
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3008 to:192.168.0.254:3008
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3009 to:192.168.0.254:3009
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3010 to:192.168.0.254:3010
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5902 to:192.168.1.2:5902
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5903 to:192.168.1.2:5903
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5904 to:192.168.1.2:5904
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5905 to:192.168.0.1:5800
    DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5901 to:192.168.0.1:5900
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 to:192.168.1.3:80
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4550 to:192.168.1.3:4550
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5550 to:192.168.1.3:5550
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6550 to:192.168.1.3:6550
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8866 to:192.168.1.3:8866
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9091 to:192.168.1.4:80
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4551 to:192.168.1.4:4550
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5551 to:192.168.1.4:5550
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6551 to:192.168.1.4:6550
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5552 to:192.168.1.4:5552
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8867 to:192.168.1.4:8867
    DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:15500 to:192.168.1.99:15500
    DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4186 to:192.168.1.99:4186

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination
    MASQUERADE tcp -- 192.168.1.3 0.0.0.0/0 tcp dpt:4550
    MASQUERADE tcp -- 192.168.1.3 0.0.0.0/0 tcp dpt:5550
    MASQUERADE tcp -- 192.168.1.3 0.0.0.0/0 tcp dpt:6550
    MASQUERADE tcp -- 192.168.1.3 0.0.0.0/0 tcp dpt:8866
    MASQUERADE tcp -- 192.168.1.4 0.0.0.0/0 tcp dpt:4551
    MASQUERADE tcp -- 192.168.1.4 0.0.0.0/0 tcp dpt:5551
    MASQUERADE tcp -- 192.168.1.4 0.0.0.0/0 tcp dpt:6551
    MASQUERADE tcp -- 192.168.1.4 0.0.0.0/0 tcp dpt:5552
    MASQUERADE tcp -- 192.168.1.4 0.0.0.0/0 tcp dpt:8867
    MASQUERADE tcp -- 192.168.1.99 0.0.0.0/0 tcp dpt:15500
    MASQUERADE udp -- 192.168.1.99 0.0.0.0/0 udp dpt:4186
    MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain PROXY (1 references)
    target prot opt source destination
    RETURN all -- 0.0.0.0/0 200.201.174.0
    RETURN all -- 0.0.0.0/0 200.252.60.42
    RETURN all -- 0.0.0.0/0 200.252.60.83
    RETURN all -- 0.0.0.0/0 104.236.14.6
    RETURN all -- 0.0.0.0/0 165.227.126.241
    RETURN all -- 0.0.0.0/0 52.67.237.186
    RETURN all -- 0.0.0.0/0 54.232.192.254
    RETURN all -- 0.0.0.0/0 54.233.160.99
    REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128



    iptables -nL
    -----------------------------------------
    Chain INPUT (policy DROP)
    target prot opt source destination
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5432
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:5432
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:5432
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3000
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3000
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3001
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3001
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3002
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3002
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3003
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3003
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3004
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3004
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3005
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3005
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3006
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3006
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3007
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3007
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3008
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3008
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3009
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3009
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3010
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3010
    bad_tcp_packets tcp -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT all -- 192.168.1.0/24 0.0.0.0/0
    ACCEPT all -- 192.168.0.0/24 0.0.0.0/0
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    tcp_packets tcp -- 0.0.0.0/0 0.0.0.0/0
    udp_packets udp -- 0.0.0.0/0 0.0.0.0/0
    icmp_packets icmp -- 0.0.0.0/0 0.0.0.0/0
    LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 3 LOG flags 0 level 7 prefix `IPT INPUT packet died: '

    Chain FORWARD (policy DROP)
    target prot opt source destination
    ACCEPT tcp -- 0.0.0.0/0 192.168.1.3 tcp dpt:80
    ACCEPT tcp -- 192.168.1.3 0.0.0.0/0 tcp spt:80
    ACCEPT tcp -- 0.0.0.0/0 192.168.1.3 tcp dpt:4550
    ACCEPT tcp -- 192.168.1.3 0.0.0.0/0 tcp spt:4550
    ACCEPT tcp -- 0.0.0.0/0 192.168.1.3 tcp dpt:5550
    ACCEPT tcp -- 192.168.1.3 0.0.0.0/0 tcp spt:5550
    ACCEPT tcp -- 0.0.0.0/0 192.168.1.3 tcp dpt:6550
    ACCEPT tcp -- 192.168.1.3 0.0.0.0/0 tcp spt:6550
    ACCEPT tcp -- 0.0.0.0/0 192.168.1.3 tcp dpt:8866
    ACCEPT tcp -- 192.168.1.3 0.0.0.0/0 tcp spt:8866
    ACCEPT tcp -- 0.0.0.0/0 192.168.1.4 tcp dpt:80
    ACCEPT tcp -- 192.168.1.4 0.0.0.0/0 tcp spt:80
    ACCEPT tcp -- 0.0.0.0/0 192.168.1.4 tcp dpt:4550
    ACCEPT tcp -- 192.168.1.4 0.0.0.0/0 tcp spt:4550
    ACCEPT tcp -- 0.0.0.0/0 192.168.1.4 tcp dpt:5550
    ACCEPT tcp -- 192.168.1.4 0.0.0.0/0 tcp spt:5550
    ACCEPT tcp -- 0.0.0.0/0 192.168.1.4 tcp dpt:6550
    ACCEPT tcp -- 192.168.1.4 0.0.0.0/0 tcp spt:6550
    ACCEPT tcp -- 0.0.0.0/0 192.168.1.4 tcp dpt:8867
    ACCEPT tcp -- 192.168.1.4 0.0.0.0/0 tcp spt:8867
    ACCEPT tcp -- 0.0.0.0/0 192.168.1.99 tcp dpt:15500
    ACCEPT tcp -- 192.168.1.99 0.0.0.0/0 tcp spt:15500
    ACCEPT udp -- 0.0.0.0/0 192.168.1.99 udp dpt:4186
    ACCEPT udp -- 192.168.1.99 0.0.0.0/0 udp spt:4186
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5902
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5903
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5904
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5905
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:5432
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5432
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:5432
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3000
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3000
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3001
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3001
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3002
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3002
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3003
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3003
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3004
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3004
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3005
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3005
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3006
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3006
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3007
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3007
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3008
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3008
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3009
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3009
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3010
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:3010
    bad_tcp_packets tcp -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 3 LOG flags 0 level 7 prefix `IPT FORWARD packet died: '

    Chain OUTPUT (policy DROP)
    target prot opt source destination
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5432
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:5432
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:5432
    bad_tcp_packets tcp -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT all -- 127.0.0.1 0.0.0.0/0
    ACCEPT all -- 192.168.1.1 0.0.0.0/0
    ACCEPT all -- 192.168.0.1 0.0.0.0/0
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
    LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 3 LOG flags 0 level 7 prefix `IPT OUTPUT packet died: '

    Chain allowed (3 references)
    target prot opt source destination
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    DROP tcp -- 0.0.0.0/0 0.0.0.0/0

    Chain bad_tcp_packets (3 references)
    target prot opt source destination
    REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
    LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW LOG flags 0 level 4 prefix `New not syn:'
    DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW

    Chain icmp_packets (1 references)
    target prot opt source destination
    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11

    Chain tcp_packets (1 references)
    target prot opt source destination
    allowed tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
    allowed tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
    allowed tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80

    Chain udp_packets (1 references)
    target prot opt source destination
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:2074
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:4000



    squid.conf.
    --------------------------------------
    http_port 3128
    hierarchy_stoplist cgi-bin ?
    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY
    cache_mem 256 MB
    cache_dir ufs /var/spool/squid 5120 16 256
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log none
    pid_filename /var/run/squid.pid
    auth_param basic children 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    acl localhost src 192.168.1.0/255.255.255.0
    http_access allow manager localhost
    acl liberado src "/etc/squid/liberado.txt"
    http_access allow liberado
    acl ip-bloqueado src "/etc/squid/ip-bloqueado.txt"
    http_access deny ip-bloqueado
    acl sites url_regex -i "/etc/squid/sites.txt"
    http_access deny sites
    acl palavras url_regex "/etc/squid/palavras.txt"
    http_access deny palavras
    http_access allow all
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost
    http_access deny all
    http_reply_access allow all
    icp_access allow all
    error_directory /usr/share/squid/errors/Portuguese
    coredump_dir /var/spool/squid


    0 0
  • Quote

    • 7. Re: Passar por fora do proxy squid

    Leandro Silva
    LSSilva
    (usa Outra)

    Enviado em 12/03/2018 - 17:56h

    Adicione também:

    Eth1 é a interface de internet, né?!
    Se sim:

    iptables -A FORWARD -p tcp -m multiport --dports 80,443 -s 192.168.1.60 -o eth1 -j ACCEPT

    Testa e posta pra gente.


    0 0
  • Quote

    • 8. Ainda passa pelo proxy

    Jocelim Rodrigues Jr.
    jocelimjsrj
    (usa CentOS)

    Enviado em 13/03/2018 - 11:53h

    Bom Dia !

    Ainda passando pelo proxy.
    Vejo pelo log.
    Melhorou o envio de mensagens do Whatsapp.
    Não sei se está 100%.
    Estou testando.
    Achei que para resolver só se desviasse tudo do proxy.


    0 0
  • Quote

    • 9. Não resolveu

    Jocelim Rodrigues Jr.
    jocelimjsrj
    (usa CentOS)

    Enviado em 16/03/2018 - 16:37h

    Não resolveu Whatsapp.
    Preciso desviar tudo do proxy mesmo.
    Alguma dica mais ?


    0 0
  • Quote





    • Patrocínio

    Site hospedado pelo provedor RedeHost.
    Linux banner

    Destaques

    Artigos

    Melhorando o tempo de boot do Fedora e outras distribuições

    Como instalar as extensões Dash To Dock e Hide Top Bar no Gnome 45/46

    E a guerra contra bots continua

    Tradução do artigo do filósofo Gottfried Wilhelm Leibniz sobre o sistema binário

    Conheça o firewall OpenGFW, uma implementação do (Great Firewall of China).

    Dicas

    Instalando o FreeOffice no LMDE 6

    Anki: Remover Tags de Estilo HTML de Todas as Cartas

    Colocando uma opção de redimensionamento de imagem no menu de contexto do KDE

    Instalar IRPF 2024 no Linux

    Instalando Google Chrome no LMDE 6

    Tópicos

    Criar uma base de reconhecimento de HW no VOL (9)

    Não consigo acessar os modos de desempenho no mint 2.3 (8)

    Pirataria ou não? (10)

    Gentoo bane contribuições de código feitas com IA (6)

    Criar um script para testar pen drive (1)

    Top 10 do mês

    Scripts

    [Shell Script] Script para desinstalar pacotes desnecessários no OpenSuse

    [Shell Script] Script para criar certificados de forma automatizada no OpenVpn

    [Shell Script] Conversor de vídeo com opção de legenda

    [C/C++] BRT - Bulk Renaming Tool

    [Shell Script] Criação de Usuarios , Grupo e instalação do servidor de arquivos samba

    A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.

    Site hospedado por: