finolinux
(usa Ubuntu)
Enviado em 11/11/2011 - 16:42h
Galera, consegui a conexão porém não estou cosenguindo acesso a rede deixa eu explicar:
Tenho Servidor Linux no escritório com um Software de Controle rodando, na rede local tranquilo funciona, então surgiu a idéia de se fazer uma VPN neste servidor para que possa acessar este sistema de onde eu estiver com meu Notebook,a idéia é cliente Servidor.
Agora preciso de uma ajuda para fazer com que eu consiga acessar esta rede local.
Segue abaixo meu firewall do Servidor:
echo "OK"
$DEF
# NFS MOUNTD
echo -n "LTSP-NFS ............."
$IPTABLES -A INT_IN -p tcp -m multiport -s $INTLAN --dport 4000,4001,4002,2001,2
002,2003,2004,2005 -j ACCEPT
$IPTABLES -A INT_IN -p udp -m multiport -s $INTLAN --dport 4000,4001,4002,2001,2
002,2003,2004,2005 -j ACCEPT
$IPTABLES -A INT_OUT -p tcp -m multiport -d $INTLAN --dport 4000,4001,4002,2001,
2002,2003,2004,2005 -j ACCEPT
$IPTABLES -A INT_OUT -p udp -m multiport -d $INTLAN --dport 4000,4001,4002,2001,
2002,2003,2004,2005 -j ACCEPT
$GREEN
echo "OK"
$DEF
# VPN
echo -n "VPN..................."
$IPTABLES -A EXT_IN -p udp --dport 1194 -j ACCEPT
$IPTABLES -A EXT_OUT -p udp --dport 1194 -j ACCEPT
$IPTABLES -A INT_OUT -p tcp --dport 1194 -j ACCEPT
$IPTABLES -A INT_IN -p udp --dport 1194 -j ACCEPT
$IPTABLES -A FORWARD -p udp -d 192.168.0.0/24 --dport 1194 -j ACCEPT
$IPTABLES -A FORWARD -p udp -d 192.168.0.0/24 --sport 1194 -j ACCEPT
$GREEN
echo "OK"
$DEF
# SSH
echo -n "SSH..................."
$IPTABLES -A EXT_IN -p tcp --dport 22 -j ACCEPT
$IPTABLES -A EXT_OUT -m multiport -p tcp --dport 22,1122 -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p tcp -s $INTLAN --dport 22,1122 -j ACCEPT
$GREEN
echo "OK"
$DEF
# SMTP
echo -n "SMTP.................."
$IPTABLES -A EXT_OUT -p tcp --dport 25 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $INTLAN --dport 25 -j ACCEPT
$GREEN
echo "OK"
$DEF
# DNS
echo -n "DNS..................."
$IPTABLES -A EXT_OUT -p tcp --dport 53 -j ACCEPT
$IPTABLES -A EXT_OUT -p udp --dport 53 -j ACCEPT
$GREEN
echo "OK"
$DEF
# HTTP
echo -n "HTTP.................."
$IPTABLES -A EXT_OUT -p tcp --dport 80 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -d 10.1.1.1 --dport 80 -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p tcp --dport 6060,6061,10081 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -d 200.203.251.203 --dport 80 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -d 200.203.251.240 --dport 80 -j ACCEPT
$GREEN
echo "OK"
$DEF
# POP3
echo -n "POP3.................."
$IPTABLES -A EXT_OUT -p tcp --dport 110 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $INTLAN --dport 110 -j ACCEPT
$GREEN
echo "OK"
$DEF
# AUTH
echo -n "AUTH.................."
$IPTABLES -A INPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset
$IPTABLES -A INT_OUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset
$IPTABLES -A EXT_OUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset
$IPTABLES -A FORWARD -p tcp --dport 113 -j REJECT --reject-with tcp-reset
$GREEN
echo "OK"
$DEF
# NTP
echo -n "NTP..................."
$IPTABLES -A EXT_OUT -p udp --dport 123 -j ACCEPT
$GREEN
echo "OK"
$DEF
# HTTPS
echo -n "HTTPS................."
$IPTABLES -A EXT_OUT -p tcp --dport 443 -j ACCEPT
$IPTABLES -A FORWARD -p tcp --dport 443 -j ACCEPT
$GREEN
echo "OK"
$DEF
# VMWARE CONSOLE
echo -n "VMware Console........"
$IPTABLES -A EXT_IN -p tcp --dport 902 -j ACCEPT
$GREEN
echo "OK"
$DEF
# PPTP
echo -n "PPTP.................."
$IPTABLES -A FORWARD -p tcp --dport 1723 -j ACCEPT
$IPTABLES -A FORWARD -p gre -j ACCEPT
$GREEN
echo "OK"
$DEF
# MESSENGER
echo -n "Messenger............."
$IPTABLES -A FORWARD -p tcp -s $INTLAN --dport 1863 -j ACCEPT
$GREEN
echo "OK"
$DEF
## Terminal Services ##
echo -n "Terminal Services....."
$IPTABLES -A FORWARD -p tcp -s $INTLAN --dport 3389 -j ACCEPT
$GREEN
echo "OK"
$DEF
## Vnc ##
echo -n "VNC..................."
$IPTABLES -A EXT_IN -p tcp --dport 5900 -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p tcp -s $INTLAN --dport 5500,5501,5900 -j AC
CEPT
$GREEN
echo "OK"
$DEF
## WebCam
echo -n "WebCam................"
$IPTABLES -A FORWARD -m multiport -p tcp -s $INTLAN --dport 4550,5550,8080 -j AC
CEPT
$GREEN
echo "OK"
$DEF
## Squid ##
echo -n "Squid................."
$IPTABLES -A EXT_OUT -p tcp -m multiport --dport 6060,6061,8080,9090 -j ACCEPT
$IPTABLES -A EXT_OUT -p tcp -m multiport --dport 8442,8443 -j ACCEPT
$GREEN
echo "OK"
$DEF
## Terminal Java ##
echo -n "Terminal Java........."
$IPTABLES -A FORWARD -p tcp --dport 22000 -j ACCEPT
$GREEN
echo "OK"
$DEF
################## Redirecionamentos ###################
echo ""
echo "${BOLD}Definindo Redirecionamentos......:${OFFBOLD}"
echo -n "Terminal Services....."
$IPTABLES -A PREROUTING -p tcp -t nat -d $EXTIP --dport 3389 \
-j DNAT --to 192.168.0.107
$IPTABLES -A FORWARD -p tcp -d 192.168.0.107 --dport 3389 -j ACCEPT
#echo -n "VMware................"
#$IPTABLES -A PREROUTING -p tcp -t nat -d $EXTIP --dport 902 \
# -j DNAT --to 192.168.0.250
#$IPTABLES -A FORWARD -p tcp -d 192.168.0.250 --dport 902 -j ACCEPT
$GREEN
echo "OK"
$DEF
#echo -n "WebCam................"
#$IPTABLES -A PREROUTING -m multiport -p tcp -t nat -d $EXTIP \
# --dport 3550,3650,4550,5550,6550,8080 -j DNAT --to 192.168.3.3
#$IPTABLES -A FORWARD -m multiport -p tcp -d 192.168.3.3 \
# --dport 3550,3650,4550,5550,6550,8080 -j ACCEPT
#$GREEN
#echo "OK"
#$DEF
echo -n "Proxy Transparente...."
$IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT --to-port
3128
$GREEN
echo "OK"
$DEF
######################## LOG ###########################
echo ""
echo "${BOLD}Ativando Log das Atividades......:${OFFBOLD}"
## Log ##
echo -n "Log..................."
$IPTABLES -A INT_IN -j LOG --log-prefix "INT_IN:"
$IPTABLES -A INT_OUT -j LOG --log-prefix "INT_OUT:"
$IPTABLES -A EXT_IN -j LOG --log-prefix "EXT_IN:"
$IPTABLES -A EXT_OUT -j LOG --log-prefix "EXT_OUT:"
$IPTABLES -A FORWARD -j LOG --log-prefix "FORWARD:"
$GREEN
echo "OK"
$DEF
exec /etc/init.d/nmbd restart
$RED
echo ""
echo "Firewall Implementado !"
echo ""
$DEF
---------------------------------------------------------------------------------------------
Configuração Server VPN - server.conf
##Protocolo de conexã#proto tcp / proto udp
proto udp
# Porta do servico
port 1194
# Drive da interface
dev tun
# Atribui enderecos dinamicos a varios clientes, ips para o túVPN
server 10.0.0.0 255.255.255.0
# Acrescenta rotas aos clientes, informaçs da rede local
push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 10.0.0.2"
push "dhcp-option WINS 10.0.0.2"
# Configuracoes adicionais no cliente
push "ping 10"
push "ping-restart 60"
# Rotas do servidor
route 10.0.0.0 255.255.255.0
# Compactacao lib LZO
comp-lzo
keepalive 10 120
float
#ifconfig-pool-persist ipp.txt
max-clients 10
persist-key
persist-tun
log-append /var/log/openvpn.log
verb 6
# Servidor TLS
tls-server
# Chaves necessarias
dh /etc/openvpn/keys/dh1024.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/inforede.crt
key /etc/openvpn/keys/inforede.key
# Chave secreta do servidor
tls-auth /etc/openvpn/keys/chave.key
status /var/log/openvpn.stats