problemas com o hotmail yahoo
1. problemas com o hotmail yahoo
rausth
(usa openSUSE)
Enviado em 19/08/2011 - 10:17h
bom dia desculpe se o topico for repetido mas não consegui achar oq eu estava procurandobom o caso é que tenho um firewall aki iptables/squid e desde semana passa ele resolveu bloquear o acesso ao hotmail a caixa de entrada e os anexos do yahoo,o hotmail quando acesso via https ele funciona mas o acesso normal não... se alguem puder ajudar agradeço
vou postar a configuração do squid
###########################################################################
http_port 3129 transparent
visible_hostname proxy
hierarchy_stoplist cgi-bin \?
cache_mem 48 MB
#Opçoes para otimizacao do sistema
maximum_object_size 2048 MB
minimum_object_size 0 KB
################ WSUS ##########################
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern www.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
################################################
cache_swap_low 50
cache_swap_high 90
cache_access_log /var/log/squid/access.log
###########################################################################
#Recommended minimum configuration:
acl all src 192.168.0.0/255.255.255.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
#########################################################################
#acl NOCACHE url_regex "/etc/squid/users/direto"
#########################################################################
#acl lento src "/etc/squid/users/lento" #acl limite de banda
#acl acesso_total src "/etc/squid/users/acesso_total"
acl acesso_moderado src "/etc/squid/users/acesso_moderado"
acl expediente time MTWHF 7:30-17:30
acl horarioalmoco time MTWHF 11:30-13:30
acl fimsemana time SA 6:00-23:59
acl horabloqueado url_regex -i "/etc/squid/users/horabloqueado"
acl orkut url_regex -i "/etc/squid/users/orkut"
acl flash url_regex "/etc/squid/users/flash"
acl bloqueio_sempre url_regex -i "/etc/squid/users/bloqueio_sempre"
acl acesso_total src "/etc/squid/users/acesso_total"
acl acesso_restrito src "/etc/squid/users/acesso_restrito"
acl acesso_negado src "/etc/squid/users/acesso_negado"
acl download_liberado url_regex -i "/etc/squid/users/download_liberado"
acl avg url_regex -i "/etc/squid/users/avg"
acl bloqueio_musicas url_regex "/etc/squid/users/bloqueio_musicas"
acl liberado url_regex -i "/etc/squid/users/liberado"
acl download url_regex -i "/etc/squid/users/download"
acl bloqueado url_regex -i "/etc/squid/users/bloqueado"
acl bloqueio_tor src "/etc/squid/users/tor261109.txt"
acl email url_regex -i "/etc/squid/users/email"
acl mult1 urlpath_regex .exe$ .src$
acl mult2 urlpath_regex .mpg$ .mov$ .avi$ .wmv$
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 82 # prefeitura de alagoinhas usa essa porta
acl Safe_ports port 21 # ftp
acl Safe_ports port 20 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 3001 # Diario Oficial
acl Safe_ports port 5017 # CAT
acl Safe_ports port 3456 # Receitanet
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#acl our_networks src 192.168.0.0/24
#no_cache deny NOCACHE
#acl nocache urlpath_regex -i "/etc/squid/users/nocache"
#cache deny nocache
#http_access allow our_networks
#http_access allow localhost
http_access deny acesso_negado
http_access deny bloqueio_tor
http_access allow download_liberado
http_access deny bloqueio_sempre
http_access allow acesso_total
################### TESTE DE BLOQEIO #########################
acl mimeblockq req_mime_type -i ^application/x-mplayer2$
acl mimeblockq req_mime_type -i application/x-mplayer2
acl mimeblockq req_mime_type -i ^application/x-.AIM.
acl mimeblockq req_mime_type -i ^application/stream$
acl mimeblockq req_mime_type -i application/stream
acl useragent browser -i ^.NSPlayer.
acl useragent browser -i ^.Windows-Media-Player.
acl useragent browser -i ^.player.
acl useragentq rep_mime_type ^.video.
acl useragentq rep_mime_type ^.audio.
acl useragentq rep_mime_type ^.stream.
####################### FIM TESTE ############################
################### TESTE BLOQUEIO DOWNLOAD EMAIL ############
#http_access deny mult1
#http_access deny mult2
#http_access deny bloqueiodown
########################### FIM TESTE ########################
http_access allow avg
#http_access deny horabloqueado
http_access allow liberado
http_access deny bloqueio_musicas
http_access allow email
http_access deny download
http_access allow orkut horarioalmoco
http_access allow flash horarioalmoco
http_access deny flash expediente
http_access deny horabloqueado expediente
http_access deny bloqueado
http_access allow acesso_restrito
http_access deny all
icp_access allow all
##############################################
# Delay = configuracao de qtd bits para limitar
# a velocidade dos ips na acl lento
################################################
delay_pools 3
delay_class 1 2
delay_parameters 1 90000/90000 90000/90000
delay_access 1 allow acesso_moderado
delay_class 2 2
delay_parameters 2 90000/90000 90000/90000
delay_access 2 allow acesso_restrito
delay_class 3 2
delay_parameters 3 30000/30000 30000/30000
delay_access 3 allow acesso_negado
#delay_class 4 2
#delay_parameters 4 -1/-1 0/0
#delay_access 4 allow diretor
###############################################
http_port 3129 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid
agora o firewall
echo limpa as tabelas
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Carrega os modulos
modprobe iptable_nat
modprobe ip_nat_ftp
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# Compartilha a conexao
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
#iptables -A INPUT -s 192.168.0.91 -j DROP #
iptables -A INPUT -s 192.168.0.92 -j DROP
#iptables -A INPUT -s 192.168.0.93 -j DROP #
#iptables -A INPUT -s 192.168.0.94 -j DROP #
iptables -A INPUT -s 192.168.0.95 -j DROP
#iptables -A INPUT -s 192.168.0.197 -j DROP
############ Bloqueio maquinas por MAC ########################
#iptables -A INPUT -m mac --mac-source 6C:F0:49:F8:FF:56 -j DROP
iptables -A INPUT -m mac --mac-source 00:1e:90:e4:db:b5 -j DROP
#iptables -A INPUT -m mac --mac-source 00:1e:90:e4:d6:39 -j DROP
iptables -A INPUT -m mac --mac-source 00:1e:90:e4:cb:58 -j DROP
#iptables -A INPUT -m mac --mac-source 00:0f:ea:29:0b:59 -j DROP
# Abre para a rede local
iptables -A INPUT -p tcp --syn -s 192.168.0.0/255.255.255.0 -j ACCEPT
iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
echo Liberando FTP
#iptables -A INPUT -p tcp --dport 20 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 20 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 21 -j ACCEPT
echo redirecionamento PABX
#iptables -t nat -A PREROUTING -d -p tcp --dport 5801 -j DNAT --to 192.168.0.53:5801
#iptables -t nat -A PREROUTING -d 7 -p udp --dport 5801 -j DNAT --to 192.168.0.53:5801
#iptables -t nat -A POSTROUTING -d 192.168.0.53 -p tcp --dport 5801 -j SNAT --to
#iptables -t nat -A PREROUTING -d -p tcp --dport 5900 -j DNAT --to 192.168.0.53:5801
#iptables -t nat -A PREROUTING -d -p udp --dport 5900 -j DNAT --to 192.168.0.53:5801
#iptables -t nat -A POSTROUTING -d 192.168.0.53 -p tcp --dport 5900 -j SNAT --to
echo Porta contabilidade
#DCTF
iptables -A FORWARD -p tcp --dport 8017 -j ACCEPT
iptables -A FORWARD -p tcp --dport 3456 -j ACCEPT
iptables -A FORWARD -p tcp --dport 3001 -j ACCEPT
#iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#iptables -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
echo FIM DO FTP
iptables -t nat -A POSTROUTING -o eth0 -m multiport -p tcp --dports 20,21,53,443,465,995,1863,2631,3001,3443,3007,3456,5017 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -m multiport -p udp --dports 20,21,53,443,3001,3443,5017 -j MASQUERADE
iptables -t nat -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp --dport 80 -d ! 200.201.173.0/24 -j REDIRECT --to-port 3129
iptables -t nat -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp --dport 80 -d ! 200.201.174.0/24 -j REDIRECT --to-port 3129
iptables -t nat -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp --dport 80 -d ! 200.201.166.0/24 -j REDIRECT --to-port 3129
iptables -t nat -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp --dport 80 -d ! 200.198.239.0/24 -j REDIRECT --to-port 3129
iptables -t nat -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp --dport 80 -d ! 200.252.141.0/24 -j REDIRECT --to-port 3129
###################### Bloquear Windows media player ################
iptables -A OUTPUT -d 207.46.196.123 -j DROP
###################### Bloquear TOR ######################
#iptables -N TOR_BLOCK
#iptables -A INPUT -j TOR_BLOCK
#tor
############### Bloquear envio de arquivos msn ################
#iptables -t filter -A FORWARD -p tcp --dport 6891:6900 -j DROP
#echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
#iptables -A FORWARD -m unclean -j DROP
############### Bloquear MSN ############################
iptables -A FORWARD -d imo.im -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 85.17.78.161 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d js.messengerfx.com -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d js.livego.com -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 85.17.78.179 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d js.sapo.pt -p tcp --dport 443 -j REJECT
iptables -A FORWARD -d 213.13.146.180 -p tcp --dport 443 -j REJECT
iptables -A FORWARD -s 192.168.0.3 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.156 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.11 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.203 -p tcp --dport 1863 -j ACCEPT
#iptables -A FORWARD -s 192.168.0.2 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.129 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.51 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.52 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.134 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.41 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.21 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.5 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.53 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.86 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.205 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.63 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.61 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 5000:5010 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 1863 -j REJECT
iptables -A FORWARD -s 192.168.0.0/24 -d loginnet.passport.com -j REJECT
iptables -A FORWARD -p tcp --dport 1080 -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 1080 -j REJECT
echo libera msn
################ fim bloqueio MSN #################
# Abertura para Copel
#iptables -A INPUT -p tcp --destination-port 3001 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3001 -j DNAT --to-dest 192.168.0.62
#iptables -A FORWARD -p tcp -i eth0 --dport 3001 -d 192.168.0.65 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth0 -p udp --dport 3001 -j DNAT --to-dest 192.168.0.62
#iptables -A FORWARD -p udp -i eth0 --dport 3001 -d 192.168.0.62 -j ACCEPT
echo ######################### SEGURANÇA ###############################
echo Ignorando pings
iptables -A FORWARD -p ICMP --icmp-type echo-request -j DROP
echo Protecao contra ping of death
iptables -A FORWARD -p ICMP --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
echo Protecao contra ataques syn-Flood
iptables -A FORWARD -p TCP -m limit --limit 1/s -j ACCEPT
echo Protecao contra port scanners avancados
iptables -A FORWARD -p TCP --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
#echo Protecao contra pacotes danificados
#iptables -A FORWARD -m unclean -j DROP
echo Nao responde a ping
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo Fecha o resto
iptables -A INPUT -p tcp --syn -j DROP
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Atenção a quem posta conteúdo de dicas, scripts e tal (2)
Artigos
Manutenção de sistemas Linux Debian e derivados com apt-get, apt, aptitude e dpkg
Melhorando o tempo de boot do Fedora e outras distribuições
Como instalar as extensões Dash To Dock e Hide Top Bar no Gnome 45/46
Dicas
Como Atualizar Fedora 39 para 40
Instalar Google Chrome no Debian e derivados
Consertando o erro do Sushi e Wayland no Opensuse Leap 15
Instalar a última versão do PostgreSQL no Lunix mantendo atualizado
Flathub na sua distribuição Linux e comandos básicos de gerenciamento
Tópicos
ASRock H310CM-HG4 vs Linux [RESOLVIDO] (18)
Microfone do meu headset não é recinhecido. Meu notebook é um Acer Asp... (12)
Top 10 do mês
-
Xerxes
1° lugar - 76.321 pts -
Fábio Berbert de Paula
2° lugar - 61.236 pts -
Clodoaldo Santos
3° lugar - 47.301 pts -
Buckminster
4° lugar - 26.842 pts -
Sidnei Serra
5° lugar - 26.998 pts -
Daniel Lara Souza
6° lugar - 18.631 pts -
Alberto Federman Neto.
7° lugar - 18.323 pts -
Mauricio Ferrari
8° lugar - 18.059 pts -
Diego Mendes Rodrigues
9° lugar - 16.206 pts -
edps
10° lugar - 15.681 pts
Scripts
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
