Meu Firewall e Squid estão Bloqueando algumas Radios

anet3
(usa Slackware)

Enviado em 17/11/2010 - 10:04h

Meu Firewall e Squid estão Bloqueando algumas Radios como http://www.vidafm.fm/

mesmo meu ip 192.168.1.3 sendo iptables -t nat -A POSTROUTING -s 192.168.1.3 -j MASQUERADE

nao sei o que fiz de errado, alguém poderia me ajudar.

######################
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl rede_iop src 192.168.1.0/24
visible_hostname IOP
error_directory /usr/share/squid3/errors/Portuguese/
acl liberados_total src 192.168.1.2 192.168.1.3 192.168.1.4 192.168.1.5 192.168.1.6 192.168.1.7 192.168.1.8 192.168.1.9 192.168.1.10 192.168.1.11 192.168.1.12 192.168.1.13 192.$
acl sites_liberados url_regex -i 200.247.161.221 unimed google iop webmail gmail mail googlemail 173.194.33.83 cremer gruporede orizon brasilcard geap listel guiamais bradesco $
acl sites_bloqueados url_regex -i meebo
acl msn url_regex -i /gateway/gateway.dll
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 465 995

acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow CONNECT !SSL_ports
http_access allow localhost
http_access allow liberados_total
http_access deny sites_bloqueados
http_access allow rede_iop sites_liberados
http_access deny msn
http_access deny all
icp_access deny all
htcp_access deny all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid3/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
icp_port 3130
coredump_dir /var/spool/squid3
dns_nameservers 8.8.8.8
###############################

Meu Firewall

#!/bin/sh


iptables -t nat -F
iptables -F

echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -s 192.168.1.3 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.90 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.91 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.41 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.12 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.80 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.211 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.213 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.130 -j MASQUERADE

iptables -t nat -A POSTROUTING -p udp -s 192.168.1.0/24 --dport 53 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/24 --dport 8080 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/24 --dport 443 -j MASQUERADE

###Bloqueio MSN
iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 1863 -j REJECT
iptables -A FORWARD -s 192.168.1.0/24 -d meebo.com -j REJECT
iptables -A FORWARD -s 192.168.1.0/24 -d imo.im -j REJECT
iptables -A FORWARD -s 192.168.1.0/24 -d loginnet.passport.com -j REJECT
iptables -A FORWARD -s 192.168.1.0/24 -d messenger.hotmail.com -j REJECT
iptables -A FORWARD -s 192.168.1.0/24 -d webmessenger.msn.com -j REJECT
iptables -A FORWARD -p tcp --dport 1080 -j DROP
iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 1080 -j REJECT


iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128
##iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 443 -j REDIRECT --to-port 3128

################

renato_pacheco
(usa Debian)

Enviado em 17/11/2010 - 10:30h

Bloqueando como? O site ou a comunicação da rádio?

anet3
(usa Slackware)

Enviado em 17/11/2010 - 10:38h

A comunicação com a radio fica so Conectando e nao conecta...Antes conectava alguma coisa ta bloqueando... mesmo me ip estando MASQUERADE

renato_pacheco
(usa Debian)

Enviado em 17/11/2010 - 10:57h

Tá bloqueando a porta d comunicação da rádio... vc tem q saber qual é a porta. Pra saber, vc deve executar o tcpdump no momento do acesso pra descobrir. Depois, liberar no seu firewall. Quando vc descobrir, coloque aki as regras aplicadas no momento:

# iptables -nL
# iptables -t nat -nL

anet3
(usa Slackware)

Enviado em 17/11/2010 - 11:32h

aparece isso
11:32:09.051595 IP 192.168.1.3.51377 > internet.ssh: . ack 14665 win 16120
11:32:09.251514 IP 192.168.1.3.51377 > internet.ssh: . ack 14781 win 16091
11:32:09.277596 IP 192.168.1.3.51808 > 42.99.1243.static.theplanet.com.8162: . ack 187135375 win 16425
11:32:09.277901 IP 192.168.1.3.51808 > 42.99.1243.static.theplanet.com.8162: P 0:234(234) ack 1 win 16425
11:32:09.278553 IP 192.168.1.3.51377 > internet.ssh: . ack 15193 win 16425
11:32:09.471500 IP 192.168.1.3.51377 > internet.ssh: . ack 15309 win 16396
11:32:09.521670 IP 192.168.1.3.51808 > 42.99.1243.static.theplanet.com.8162: R 234:234(0) ack 174 win 0
11:32:09.522516 IP 192.168.1.3.51377 > internet.ssh: . ack 15573 win 16330
11:32:09.621277 IP 192.168.1.3.51809 > 42.99.1243.static.theplanet.com.8162: S 1097554536:1097554536(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
11:32:09.622542 IP 192.168.1.3.51377 > internet.ssh: . ack 15885 win 16252
11:32:09.627648 IP 192.168.1.3.51692 > bs-in-f83.1e100.net.www: . 3242066522:3242067982(1460) ack 1148367692 win 16197
11:32:09.627709 IP 192.168.1.3.51692 > bs-in-f83.1e100.net.www: P 1460:1931(471) ack 1 win 16197
11:32:09.821497 IP 192.168.1.3.51377 > internet.ssh: . ack 16001 win 16223
11:32:09.856281 IP 192.168.1.3.51809 > 42.99.1243.static.theplanet.com.8162: . ack 175781512 win 16425
11:32:09.856490 IP 192.168.1.3.51809 > 42.99.1243.static.theplanet.com.8162: P 0:234(234) ack 1 win 16425
11:32:10.107176 IP 192.168.1.3.51809 > 42.99.1243.static.theplanet.com.8162: R 234:234(0) ack 174 win 0
11:32:10.107571 IP 192.168.1.3.49157 > app57.logmein.com.https: P 3231824373:3231824410(37) ack 3818312689 win 63759
11:32:10.129002 IP 192.168.1.3.51377 > internet.ssh: P 52:104(52) ack 16661 win 16425
11:32:10.131283 IP 192.168.1.3.51810 > 42.99.1243.static.theplanet.com.8162: S 4266275395:4266275395(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
11:32:10.364999 IP 192.168.1.3.51810 > 42.99.1243.static.theplanet.com.8162: . ack 181931221 win 16425
11:32:10.365224 IP 192.168.1.3.51810 > 42.99.1243.static.theplanet.com.8162: P 0:179(179) ack 1 win 16425
11:32:10.571496 IP 192.168.1.3.49157 > app57.logmein.com.https: . ack 38 win 63722
11:32:10.617859 IP 192.168.1.3.51810 > 42.99.1243.static.theplanet.com.8162: . ack 175 win 16381
11:32:10.618397 IP 192.168.1.3.63168 > dns04.brasiltelecom.net.br.domain: 22949+ A? relay.data.edge.messenger.live.com. (52)
11:32:10.621149 IP 192.168.1.3.51810 > 42.99.1243.static.theplanet.com.8162: F 179:179(0) ack 175 win 16381
11:32:10.630423 IP 192.168.1.3.51811 > 42.99.1243.static.theplanet.com.8162: S 3990420542:3990420542(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
11:32:10.716926 IP 192.168.1.3.51812 > 65.54.52.243.https: S 188338932:188338932(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
11:32:10.832519 IP 192.168.1.3.51377 > internet.ssh: . ack 17465 win 16224
11:32:10.888115 IP 192.168.1.3.51811 > 42.99.1243.static.theplanet.com.8162: . ack 184173536 win 16425
11:32:10.888266 IP 192.168.1.3.51811 > 42.99.1243.static.theplanet.com.8162: P 0:179(179) ack 1 win 16425
11:32:11.005407 IP 192.168.1.3.51812 > 65.54.52.243.https: . ack 3317973159 win 16425
11:32:11.005846 IP 192.168.1.3.51812 > 65.54.52.243.https: P 0:140(140) ack 1 win 16425
11:32:11.051512 IP 192.168.1.3.51731 > sn1msg2020122.phx.gbl.msnp: . ack 2126 win 16531
11:32:11.082484 IP 192.168.1.3.51692 > bs-in-f83.1e100.net.www: . ack 456 win 16083
11:32:11.171688 IP 192.168.1.3.51811 > 42.99.1243.static.theplanet.com.8162: . ack 175 win 16381
11:32:11.173587 IP 192.168.1.3.51811 > 42.99.1243.static.theplanet.com.8162: F 179:179(0) ack 175 win 16381
11:32:11.236695 IP 192.168.1.3.51813 > 42.99.1243.static.theplanet.com.8162: S 681933776:681933776(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
11:32:11.320482 IP 192.168.1.3.51812 > 65.54.52.243.https: . ack 2905 win 16425
11:32:11.361489 IP 192.168.1.3.51377 > internet.ssh: . ack 17901 win 16115
11:32:11.477518 IP 192.168.1.3.51813 > 42.99.1243.static.theplanet.com.8162: . ack 184293318 win 16425
11:32:11.477707 IP 192.168.1.3.51813 > 42.99.1243.static.theplanet.com.8162: P 0:234(234) ack 1 win 16425
11:32:11.658535 IP 192.168.1.3.51377 > internet.ssh: . ack 19441 win 16425
11:32:11.719477 IP 192.168.1.3.51813 > 42.99.1243.static.theplanet.com.8162: . ack 175 win 16381
11:32:11.719546 IP 192.168.1.3.51813 > 42.99.1243.static.theplanet.com.8162: R 234:234(0) ack 175 win 0
11:32:11.720449 IP 192.168.1.3.51377 > internet.ssh: . ack 19801 win 16335
11:32:11.794941 IP 192.168.1.3.51814 > 42.99.1243.static.theplanet.com.8162: S 3018165007:3018165007(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
11:32:11.795471 IP 192.168.1.3.51377 > internet.ssh: . ack 20113 win 16257
11:32:11.843335 IP 192.168.1.3.51585 > bs-in-f83.1e100.net.www: . ack 1670802455 win 16425
11:32:11.843691 IP 192.168.1.3.51377 > internet.ssh: . ack 20361 win 16195
11:32:12.041446 IP 192.168.1.3.51377 > internet.ssh: . ack 20477 win 16166
11:32:12.050076 IP 192.168.1.3.51814 > 42.99.1243.static.theplanet.com.8162: . ack 183978319 win 16425
11:32:12.050325 IP 192.168.1.3.51814 > 42.99.1243.static.theplanet.com.8162: P 0:234(234) ack 1 win 16425
11:32:12.050447 IP 192.168.1.3.51377 > internet.ssh: . ack 20741 win 16100
11:32:12.050833 IP 192.168.1.3.51377 > internet.ssh: . ack 21005 win 16425
11:32:12.241442 IP 192.168.1.3.51377 > internet.ssh: . ack 21121 win 16396
11:32:12.320642 IP 192.168.1.3.51814 > 42.99.1243.static.theplanet.com.8162: R 234:234(0) ack 174 win 0
11:32:12.321218 IP 192.168.1.3.51377 > internet.ssh: . ack 21385 win 16330
11:32:12.343470 IP 192.168.1.3.51815 > 42.99.1243.static.theplanet.com.8162: S 3619861263:3619861263(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
11:32:12.343868 IP 192.168.1.3.51377 > internet.ssh: . ack 21697 win 16252
11:32:12.541434 IP 192.168.1.3.51377 > internet.ssh: . ack 21813 win 16223
11:32:12.580049 IP 192.168.1.3.51815 > 42.99.1243.static.theplanet.com.8162: . ack 179929374 win 16425
11:32:12.580284 IP 192.168.1.3.51815 > 42.99.1243.static.theplanet.com.8162: P 0:179(179) ack 1 win 16425
11:32:12.580416 IP 192.168.1.3.51377 > internet.ssh: . ack 22077 win 16157
11:32:12.580809 IP 192.168.1.3.51377 > internet.ssh: . ack 22341 win 16091
11:32:12.771447 IP 192.168.1.3.51377 > internet.ssh: . ack 22457 win 16062
11:32:12.816777 IP 192.168.1.3.51815 > 42.99.1243.static.theplanet.com.8162: . ack 175 win 16381
11:32:12.817134 IP 192.168.1.3.51377 > internet.ssh: . ack 22721 win 16425
11:32:12.824737 IP 192.168.1.3.51815 > 42.99.1243.static.theplanet.com.8162: F 179:179(0) ack 175 win 16381
11:32:12.825120 IP 192.168.1.3.51377 > internet.ssh: . ack 22985 win 16359
11:32:12.833474 IP 192.168.1.3.51816 > 42.99.1243.static.theplanet.com.8162: S 2751615202:2751615202(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
11:32:12.833864 IP 192.168.1.3.51377 > internet.ssh: . ack 23297 win 16281
11:32:13.012469 IP 192.168.1.3.51812 > 65.54.52.243.https: . ack 4357 win 16062
11:32:13.012837 IP 192.168.1.3.51377 > internet.ssh: . ack 23545 win 16219
11:32:13.083411 IP 192.168.1.3.51816 > 42.99.1243.static.theplanet.com.8162: . ack 183982860 win 16425
11:32:13.083657 IP 192.168.1.3.51816 > 42.99.1243.static.theplanet.com.8162: P 0:179(179) ack 1 win 16425
11:32:13.083780 IP 192.168.1.3.51377 > internet.ssh: . ack 23809 win 16153
11:32:13.084163 IP 192.168.1.3.51377 > internet.ssh: . ack 24073 win 16087
11:32:13.282428 IP 192.168.1.3.51377 > internet.ssh: . ack 24189 win 16425
11:32:13.364796 IP 192.168.1.3.51812 > 65.54.52.243.https: P 140:322(182) ack 4452 win 16425
11:32:13.365140 IP 192.168.1.3.51377 > internet.ssh: . ack 24437 win 16363
11:32:13.421878 IP 192.168.1.3.51816 > 42.99.1243.static.theplanet.com.8162: . ack 175 win 16381
11:32:13.422242 IP 192.168.1.3.51377 > internet.ssh: . ack 24701 win 16297
11:32:13.425387 IP 192.168.1.3.51816 > 42.99.1243.static.theplanet.com.8162: F 179:179(0) ack 175 win 16381
11:32:13.425773 IP 192.168.1.3.51377 > internet.ssh: . ack 24965 win 16231
11:32:13.550806 IP 192.168.1.3.51817 > 42.99.1243.static.theplanet.com.8162: S 747920195:747920195(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
11:32:13.551441 IP 192.168.1.3.51377 > internet.ssh: . ack 25277 win 16153
11:32:13.697179 IP 192.168.1.3.51812 > 65.54.52.243.https: P 322:363(41) ack 4495 win 16414
11:32:13.698400 IP 192.168.1.3.51377 > internet.ssh: . ack 25525 win 16091
11:32:13.801474 IP 192.168.1.3.51817 > 42.99.1243.static.theplanet.com.8162: . ack 184439521 win 16425
11:32:13.801664 IP 192.168.1.3.51817 > 42.99.1243.static.theplanet.com.8162: P 0:234(234) ack 1 win 16425
11:32:13.802437 IP 192.168.1.3.51377 > internet.ssh: . ack 25937 win 16425
11:32:14.003398 IP 192.168.1.3.51377 > internet.ssh: . ack 26053 win 16396
11:32:14.007436 IP 192.168.1.3.51694 > 187-45-235-49.upx.net.br.www: . ack 1215624739 win 16248
11:32:14.043906 IP 192.168.1.3.51812 > 65.54.52.243.https: P 363:1181(818) ack 4656 win 16374
11:32:14.093509 IP 192.168.1.3.51817 > 42.99.1243.static.theplanet.com.8162: R 234:234(0) ack 174 win 0
11:32:14.202411 IP 192.168.1.3.51377 > internet.ssh: . ack 26169 win 16367
11:32:14.245034 IP 192.168.1.3.51818 > 42.99.1243.static.theplanet.com.8162: S 2843184382:2843184382(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
11:32:14.378641 IP 192.168.1.3.51812 > 65.54.52.243.https: P 1181:1204(23) ack 4837 win 16328
11:32:14.378705 IP 192.168.1.3.51812 > 65.54.52.243.https: F 1204:1204(0) ack 4837 win 16328
11:32:14.380357 IP 192.168.1.3.51819 > sn1msg2020137.phx.gbl.https: S 3570611343:3570611343(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>


será que é porque o HTTPS está bloqueado?
mais para mim nao era para está

renato_pacheco
(usa Debian)

Enviado em 17/11/2010 - 13:07h

Q bagunça... parece q vc tava acessando seu e-mail junto com o link. O link é o static.theplanet.com?