navegação muito lenta [RESOLVIDO]

1. navegação muito lenta [RESOLVIDO]

emerson.cosmo
(usa Debian)

Enviado em 30/06/2009 - 14:03h

Pessoal, sabado implantei um firewall, funcionou tudo, mais hoje a navegação esta lenta travando quase parando, preciso de ajuda.
segue abaixo alguns script que utilizei

-------------compartilhando internet-----------------

#!/bin/bash
##compartilhando internet
echo "1" > /proc/sys/net/ipv4/ip_forward

##limpando tabelas
iptables -F
iptables -t nat -F
iptables -t mangle -F

##mascarando a rede
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

-------------------squid----------------------------------
#parametros de autenticacao
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic credentialsttl 2 hour
auth_param basic realm Entre em contato com o setor de Informatica para login/senha
auth_param basic casesensitive off

#regra do SQUID

http_port 3128
visible_hostname controle
cache_dir ufs /var/cache/squid 3000 16 256
cache_mem 64 MB
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl SSL_ports port 443 563
acl Safe_ports port 80 21 81 70 888
acl CONNECT method CONNECT

acl autentic proxy_auth REQUIRED
acl redesgof src 192.168.5.0/24
acl all src 192.168.5.0/24
acl bloqueio url_regex -i "/etc/squid/sites/sites_block"
acl listblock dstdom_regex "/etc/squid/sites/listblock"
acl ip_liberados src "/etc/squid/sites/ip_liberados"
acl msn_bloqueio url_regex -i "/etc/squid/sites/msn_bloqueio"
acl msn_block dstdom_regex "/etc/squid/sites/msn_bloqueio"

http_access allow ip_liberados
http_access deny redesgof bloqueio
http_access deny listblock
http_access deny msn_bloqueio
http_access deny msn_block
http_access allow redesgof autentic
http_access allow all

-----------------------iptables-------------------------------
#!/bin/sh
#############
##variaveis##
#############
IPT=$(which iptables)
iptables=/sbin/iptables
externo=eth0
interno=eth1
NET="0/0"
PA=1024:65535
LO=127.0.0.1

###################
##Ativando modulo##
###################
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE

##############################
##Modulo FTP PASSIVO e ATIVO##
##############################
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe ip_tables
modprobe iptable_nat
############################
##Protecao contra spoofing##
############################
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter

##################################
##Determinando a politica padrao##
##################################
$iptables -P INPUT DROP
$iptables -P OUTPUT DROP
$iptables -P FORWARD DROP

######################
##LIberando LOOPBACK##
######################
$iptables -A INPUT -i lo -d $LO -j ACCEPT
$iptables -A OUTPUT -o lo -d $LO -j ACCEPT

#####################
##Regras de filtros##
#####################
#Aceitar pacotes que realmente devem entrar
#------------------------------------------
$iptables -A INPUT -i ! $externo -j ACCEPT
$iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$iptables -A OUTPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
$iptables -A FORWARD -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT

#Protecao contra worms
#----------------------
$iptables -A FORWARD -p tcp --dport 135 -i $interno -j REJECT

#Protecao contra syn-flood
#-------------------------
$iptables -A FORWARD -p tcp --syn -m limit --limit 2/s -j ACCEPT

#Protecao contra port scanners
#------------------------------
$iptables -N SCANNER
$iptables -A SCANNER -j DROP
$iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -i $externo -j SCANNER
$iptables -A INPUT -p tcp --tcp-flags ALL NONE -i $externo -j SCANNER
$iptables -A INPUT -p tcp --tcp-flags ALL ALL -i $externo -j SCANNER
$iptables -A INPUT -p tcp --tcp-flags ALL FIN,SYN -i $externo -j SCANNER
$iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -i $externo -j SCANNER
$iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -i $externo -j SCANNER
$iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -i $externo -j SCANNER

################################################
##Liberando acesso externo a determinada porta##
################################################
$iptables -A INPUT -p tcp --dport 22 -i $externo -j ACCEPT
$iptables -A INPUT -p tcp --dport 22 -i $interno -j ACCEPT
$iptables -A INPUT -p tcp -m tcp --dport 4980 -j ACCEPT
$iptables -A OUTPUT -p tcp -m tcp --dport 4980 -j ACCEPT

#####################
## Regra POP e SMTP##
#####################
$iptables -t nat -A POSTROUTING -s 192.168.5.0/24 -o $externo -m multiport -p tcp --dport 25,110,995 -j MASQUERADE

#################
##liberando FTP##
#################
$iptables -A INPUT -p tcp --dport 20 -j ACCEPT
$iptables -A INPUT -p tcp --dport 21 -j ACCEPT
$iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT
$iptables -A OUTPUT -p tcp --sport 21 -j ACCEPT

#######################
##Liberando navegacao##
#######################
$iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
$iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

0 0

Quote

2. Re: navegação muito lenta [RESOLVIDO]

emerson.cosmo
(usa Debian)

Enviado em 02/07/2009 - 10:29h

meu problema era que anavegação estava muito lenta, mais como novato em GNU/Linux, aprendemos com o nossos erros, e o erro desta vez foi no resolv.conf, aonde o nameserver estava apontando para o ip interno, feito a correção voltou a trafegar normalmente.

0 0

Quote