Problemas para acessar skype nas estações.

1. Problemas para acessar skype nas estações.

henrique
henriquebh87

(usa Outra)

Enviado em 05/07/2013 - 09:41h

Bom dia Pessoal.
Existe alguma maneira de liberar o skype no squid/iptables??
O squid está funcionando blz,so que na hora que tento acessar o skype com uma conta da microsoft,ele da aquela mensagem de que "algo deu errado".
Isso é algo no firewall ou seria alguma regra do squid??
Vou postar meu .conf do iptables(pois desconfio que seja problemas no iptables):

#!/bin/sh -e
FWVER=0.74

echo -e "\n\nLoading simple rc.firewall version $FWVER..\n"


IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe


EXTIF="eth0"
INTIF="eth1"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"




echo -en " loading modules: "

echo " - Verifying that all kernel modules are ok"
$DEPMOD -a



echo "----------------------------------------------------------------------"

echo -en "ip_tables, "
$MODPROBE ip_tables




echo -en "ip_conntrack, "
$MODPROBE ip_conntrack


echo -en "ip_conntrack_ftp, "
$MODPROBE ip_conntrack_ftp


echo -en "ip_conntrack_irc, "
$MODPROBE ip_conntrack_irc


echo -en "iptable_nat, "
$MODPROBE iptable_nat


echo -en "ip_nat_ftp, "
$MODPROBE ip_nat_ftp


echo -e "ip_nat_irc"
$MODPROBE ip_nat_irc

echo "----------------------------------------------------------------------"


echo -e " Done loading modules.\n"



echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward

echo " Clearing any existing rules and setting default policy.."
#$IPTABLES -P INPUT ACCEPT
#$IPTABLES -F INPUT
#$IPTABLES -P OUTPUT ACCEPT
#$IPTABLES -F OUTPUT
#$IPTABLES -P FORWARD DROP
#$IPTABLES -F FORWARD
#$IPTABLES -t nat -F


iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -F

iptables -X

iptables -t nat -F

iptables -t filter -F

iptables -t mangle -F

iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

iptables -P FORWARD ACCEPT


echo '##BLOQUEIO DO FACEBOOK'
iptables -A FORWARD -d 31.13.64.0/31.13.127.255 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 31.13.24.0/31.13.31.255 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 74.119.76.0/74.119.79.255 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 69.63.176.0/69.63.191.255 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 69.171.224.0/69.171.255.255 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 66.220.144.0/66.220.159.255 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 204.15.20.0/204.15.23.255 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 173.252.64.0/173.252.127.255 -p tcp --dport 443 -j REJECT


#iptables -t nat -I PREROUTING -p tcp -d 69.171.224.40/24 --dport 443 -j DROP
iptables -I FORWARD -p tcp -d 69.171.224.40/24 --dport 443 -j DROP
#iptables -t nat -I PREROUTING -p tcp -d 69.171.224.40/24 --dport 445 -j DROP
iptables -I FORWARD -p tcp -d 69.171.224.40/24 --dport 445 -j DROP

echo 'paulou'
echo '## FIM FACEBOOK DENY'

iptables -A FORWARD -p tcp --dport 39856 -j REJECT

echo " Redirecionamento pro Proxy ................................... ok"
#-s 192.168.2.0/24
iptables -t nat -A PREROUTING -s 192.168.2.0/24 -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -s 192.168.2.0/24 -i eth1 -p tcp --dport 8080 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -s 192.168.2.0/24 -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 3128




echo " habilitando o Mascaramento ....................................ok"
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE

echo " cancela o trafego dde forward da porta 80"
#iptables -t nat -I PREROUTING -s 192.168.2.0/24 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -j DROP
iptables -A FORWARD -p tcp --dport 80 -j REJECT


echo " habilitando o Mascaramento especifico para liberacao de msn......ok"
iptables -t nat -A POSTROUTING -o eth0 -m multiport -s 192.168.2.0/24 -p tcp --dports 443,1863,1172,7001 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -m multiport -s 192.168.2.0/24 -p udp --dports 443,1863,1172,7001 -j MASQUERADE
iptables -t nat -A PREROUTING -d 65.52.0.0 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -d 65.54.239.80 -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -d 65.54.239.80 -p tcp --dport 1863 -j ACCEPT
iptables -t nat -A PREROUTING -d 65.52.0.0/12 -p tcp --dport 443 -j ACCEPT
iptables -I FORWARD -p tcp -s 192.168.2.0/24 --dport 1863 -j ACCEPT

echo "Liberando acesso externo de portas especificas"
iptables -A INPUT -j ACCEPT -p TCP -s 0.0.0.0/0 --dport 22
iptables -A INPUT -j ACCEPT -p TCP -s 0.0.0.0/0 --dport 21
iptables -A INPUT -j ACCEPT -p TCP -s 0.0.0.0/0 --dport 9000
iptables -A INPUT -j ACCEPT -p TCP -s 0.0.0.0/0 --dport 9001
#iptables -A INPUT -p tcp -i eth0 --dport 9000 -j ACCEPT
#iptables -I INPUT -p tcp -m state ESTABLISHED,RELATED -j ACCEPT


iptables -A INPUT -j ACCEPT -p TCP -s 0.0.0.0/0 --dport 3306

echo "Libera saida de pacotes pelo firewall"
iptables -A FORWARD -p TCP --dport 22 -j ACCEPT
iptables -A FORWARD -p TCP --dport 21 -j ACCEPT
iptables -A FORWARD -p TCP --dport 9000 -j ACCEPT
iptables -A FORWARD -p TCP --dport 9001 -j ACCEPT
iptables -A FORWARD -p TCP --dport 3306 -j ACCEPT
iptables -A FORWARD -p TCP --dport 1863 -j ACCEPT
iptables -A FORWARD -p UDP --dport 1863 -j ACCEPT
iptables -A FORWARD -p TCP --dport 443 -j ACCEPT
#iptables -A INPUT -p tcp --destination-port 80 -j ACCEPT


echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
#



#iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#iptables -A INPUT -p tcp --dport 443 -j ACCEPT

#iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
#iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT

### bloqueia ultra surfe
for end in `cat /etc/squid3/regras/ultrasurf`
do
iptables -A OUTPUT -d $end -j REJECT
iptables -A FORWARD -d $end -j REJECT
iptables -A OUTPUT -d $end -p tcp --dport 443 -j DROP
iptables -A FORWARD -d $end -p tcp --dport 443 -j DROP
iptables -A INPUT -s $end -p tcp --dport 443 -j DROP
done

echo 'Fechando porta ultrasurf'
iptables -A INPUT -p tcp -m tcp --dport 9666 -j DROP
iptables -A INPUT FORWARD -p tcp -m tcp --dport 9666 -j DROP
iptables -A OUTPUT -p tcp -m tcp --dport 9666 -j DROP
iptables -t nat -A PREROUTING -p tcp -s $LAN --dport 9666 -j DROP


echo '##BLOQUEIO DO FACEBOOK'
iptables -A FORWARD -d 31.13.64.0/31.13.127.255 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 31.13.24.0/31.13.31.255 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 74.119.76.0/74.119.79.255 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 69.63.176.0/69.63.191.255 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 69.171.224.0/69.171.255.255 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 66.220.144.0/66.220.159.255 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 204.15.20.0/204.15.23.255 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 173.252.64.0/173.252.127.255 -p tcp --dport 443 -j REJECT



iptables -A OUTPUT -d 31.13.64.0/31.13.127.255 -j REJECT
iptables -A OUTPUT -d 31.13.24.0/31.13.31.255 -j REJECT
iptables -A OUTPUT -d 74.119.76.0/74.119.79.255 -j REJECT
iptables -A OUTPUT -d 69.63.176.0/69.63.191.255 -j REJECT
iptables -A OUTPUT -d 69.171.224.0/69.171.255.255 -j REJECT
iptables -A OUTPUT -d 66.220.144.0/66.220.159.255 -j REJECT
iptables -A OUTPUT -d 204.15.20.0/204.15.23.255 -j REJECT
iptables -A OUTPUT -d 173.252.64.0/173.252.127.255 -j REJECT

#iptables -t nat -I PREROUTING -p tcp -d 69.171.224.40/24 --dport 443 -j DROP
iptables -I FORWARD -p tcp -d 69.171.224.40/24 --dport 443 -j DROP
#iptables -t nat -I PREROUTING -p tcp -d 69.171.224.40/24 --dport 445 -j DROP
iptables -I FORWARD -p tcp -d 69.171.224.40/24 --dport 445 -j DROP


echo 'paulou'
echo '## FIM FACEBOOK DENY'


echo " Regras internas da empresa"
iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 192.168.2.77:3389
iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT
echo " redireciona terminal service .......................................ok"

iptables -t nat -A PREROUTING -p tcp --dport 491 -j DNAT --to 192.168.2.24:491
iptables -A FORWARD -p tcp --dport 491 -j ACCEPT
echo " redireciona goglobal tcp ............................................ok"

iptables -t nat -A PREROUTING -p udp --dport 491 -j DNAT --to 192.168.2.24:491
iptables -A FORWARD -p udp --dport 491 -j ACCEPT
echo " redireciona goglobal udp ............................................ok"








echo -e "\nDone.\n"

Desde já agradeço pela atenção.


  






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts