Acesso Remoto para fora. [RESOLVIDO]

1. Acesso Remoto para fora. [RESOLVIDO]

emerson.cosmo
(usa Debian)

Enviado em 17/09/2009 - 16:32h

Pessoal, estou com um problema, tenho um firewall aonde está funcionando bem, consigo acessar da minha casa as minhas maquinas e servidores (Windows e Linux) , o meu problema está sendo o seguinte, não consigo acessar de dentro do escritório as maquinas dos meus clientes (servidor windows), mais consigo acessar via SSH, teria que liberar alguma porta no firewall ou no squid, para conseguir isso?
fico no aguardo
ATT
Emerson Cosmo

0 0

Quote

2. MELHOR RESPOSTA

renato_pacheco
(usa Debian)

Enviado em 17/09/2009 - 17:17h

Nessa parte aki:

##Liberando navegacao http e https
$iptables -A OUTPUT -p tcp -s $eto --sport $PA -d $NET --dport 80 -j ACCEPT
$iptables -A INPUT -p tcp -s $NET --sport 80 -d $eto --dport $PA -j ACCEPT
$iptables -A OUTPUT -p tcp -s $eto --sport $PA -d $NET --dport 443 -j ACCEPT
$iptables -A INPUT -p tcp -s $NET --sport 443 -d $eto --dport $PA -j ACCEPT

Acrescente essas regras:

$iptables -A OUTPUT -p tcp -s $eto --sport $PA -d $NET --dport 139 -j ACCEPT
$iptables -A INPUT -p tcp -s $NET --sport 139 -d $eto --dport $PA -j ACCEPT
$iptables -A OUTPUT -p tcp -s $eto --sport $PA -d $NET --dport 445 -j ACCEPT
$iptables -A INPUT -p tcp -s $NET --sport 445 -d $eto --dport $PA -j ACCEPT

Essas portas ae são do protocolo SMB, q fazem a conexão do windows com o linux (deve t samba na sua máquina pra isso, ok?).

0 0

Quote

3. Re: Acesso Remoto para fora. [RESOLVIDO]

renato_pacheco
(usa Debian)

Enviado em 17/09/2009 - 16:44h

Kra, se vc postar as suas regras d firewall, dá pra t ajudar.

0 0

Quote

4. Re: Acesso Remoto para fora. [RESOLVIDO]

emerson.cosmo
(usa Debian)

Enviado em 17/09/2009 - 17:08h

kkk é verdade, segue ai maninho o meu script firewall.
Valeu a ajuda

#!/bin/sh
#############
##variaveis##
#############
IPT=$(which iptables)
iptables=/sbin/iptables
externo=eth0
interno=eth1
eto= "IPEXTERNO"
NET="0/0"
PA=1024:65535
LO=127.0.0.1
####################
##Limpando tabelas##
####################
$iptables -F
$iptables -t nat -F
$iptables -t mangle -F

###################
##Ativando modulo##
###################
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE

##############################
##Modulo FTP PASSIVO e ATIVO##
##############################
modprobe ip_conntrack_ftp
modprobe ip_conntrack
modprobe ip_nat_ftp
modprobe ip_tables
modprobe iptable_nat
############################
##Protecao contra spoofing##
############################
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter

##################################
##Determinando a politica padrao##
##################################
$iptables -P INPUT DROP
$iptables -P OUTPUT DROP
$iptables -P FORWARD DROP

######################
##LIberando LOOPBACK##
######################
$iptables -A INPUT -i lo -d $LO -j ACCEPT
$iptables -A OUTPUT -o lo -d $LO -j ACCEPT

#####################
##Regras de filtros##
#####################
#Aceitar pacotes que realmente devem entrar
#------------------------------------------
$iptables -A INPUT -i ! $externo -j ACCEPT
$iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$iptables -A OUTPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
$iptables -A FORWARD -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT

#Protecao contra worms
#----------------------
$iptables -A FORWARD -p tcp --dport 135 -i $interno -j REJECT

#Protecao contra syn-flood
#-------------------------
$iptables -A FORWARD -p tcp --syn -m limit --limit 2/s -j ACCEPT

#Protecao contra port scanners
#------------------------------
$iptables -N SCANNER
$iptables -A SCANNER -j DROP
$iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -i $externo -j SCANNER
$iptables -A INPUT -p tcp --tcp-flags ALL NONE -i $externo -j SCANNER
$iptables -A INPUT -p tcp --tcp-flags ALL ALL -i $externo -j SCANNER
$iptables -A INPUT -p tcp --tcp-flags ALL FIN,SYN -i $externo -j SCANNER
$iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -i $externo -j SCANNER
$iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -i $externo -j SCANNER
$iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -i $externo -j SCANNER

##Liberando resolucao de nome
$iptables -A OUTPUT -p udp -s $eto --sport $PA -d $NET --dport 53 -j ACCEPT
$iptables -A INPUT -p udp -s $NET --sport 53 -d $eto --dport $PA -j ACCEPT

##Liberando navegacao http e https
$iptables -A OUTPUT -p tcp -s $eto --sport $PA -d $NET --dport 80 -j ACCEPT
$iptables -A INPUT -p tcp -s $NET --sport 80 -d $eto --dport $PA -j ACCEPT
$iptables -A OUTPUT -p tcp -s $eto --sport $PA -d $NET --dport 443 -j ACCEPT
$iptables -A INPUT -p tcp -s $NET --sport 443 -d $eto --dport $PA -j ACCEPT

#################
##Liberando RDP##
#################
#RDP sgofsna02
$iptables -I FORWARD -d IPLOCAL -j ACCEPT
$iptables -t nat -I PREROUTING -d IPEXTERNO -p tcp --dport 1001 -j DNAT --to IPINTERNO:3389
$iptables -I FORWARD -d ipinterno -j ACCEPT

################################################
##Liberando acesso externo a determinada porta##
################################################
$iptables -A INPUT -p tcp --dport 22 -i $externo -j ACCEPT
$iptables -A INPUT -p tcp --dport 22 -i $interno -j ACCEPT

#############
##Regra MSN##
#############
##BLOQUEIO
$iptables -I FORWARD -s 192.168.0.0/24 -p tcp --dport 1863 -j REJECT
$iptables -I FORWARD -s 192.168.0.0/24 -p tcp --dport 5190 -j REJECT
$iptables -I FORWARD -s 192.168.0.0/24 -d loginnet.password.com -j REJECT
$iptables -I FORWARD -s 192.168.0.0/24 -d hotmail.com -j REJECT
$iptables -I FORWARD -s 192.168.0.0/24 -d hotmail.com.br -j REJECT

##Liberando
$iptables -I FORWARD -s 192.168.0.13 -p tcp --dport 1863 -j ACCEPT
$iptables -I FORWARD -s 192.168.0.13 -p tcp --dport 5190 -j ACCEPT
$iptables -I FORWARD -s 192.168.0.13 -d loginnet.password.com -j ACCEPT
$iptables -I FORWARD -s 192.168.0.13 -d hotmail.com -j ACCEPT
$iptables -I FORWARD -s 192.168.0.13 -d hotmail.com.br -j ACCEPT

#####################
## Regra POP e SMTP##
#####################
$iptables -t nat -A POSTROUTING -s 192.168.5.0/24 -o $externo -m multiport -p tcp --dport 25,110,995 -j MASQUERADE

#################
##liberando FTP##
#################
$iptables -A INPUT -p tcp --dport 20 -j ACCEPT
$iptables -A INPUT -p tcp --dport 21 -j ACCEPT
$iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT
$iptables -A OUTPUT -p tcp --sport 21 -j ACCEPT

###################
##Mascarando REDE##
###################
$iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
$iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

0 0

Quote

5. Re: Acesso Remoto para fora. [RESOLVIDO]

emerson.cosmo
(usa Debian)

Enviado em 17/09/2009 - 17:25h

então meu servidor é a penas um firewall com iptables e squid.
na rede interna consigo acessar meu servidores, de fora também acesso meu servidor, mais o que pega é tenho um cliente que tem windows 2003 mais não consigo acessar via rdp.

0 0

Quote