Explicação

1. Explicação

nalcon
(usa Ubuntu)

Enviado em 06/04/2011 - 11:32h

Bom dia,

Alguém pode por favor me explicar que mesmo o meu iptables estando bloqueando muita coisa ainda o torrent, emule, kazza, conseguem passar? só tá liberado a porta 80 e outras comuns como podem ver no sccript abaixo. Alguém pode me explicar como esses softwares conseguem passar pelo firewall?

#/bin/bash
IPT="/sbin/iptables"
#eth0 local
#eth1 publica
INET_IFACE="eth1"
INET_ADDRESS="85.72.70.45"
LOCAL_IFACE="eth0"
LOCAL_IP="192.168.1.1"
LOCAL_NET="192.168.1.0/24"
LOCAL_BCAST="192.168.1.255"
LO_IFACE="lo"
LO_IP="127.0.0.1"
############################################################################
echo 0 > /proc/sys/net/ipv4/ip_forward
##########################Limpar regras#############################
echo 'Limpa regras'
$IPT -F INPUT
$IPT -F FORWARD
$IPT -F OUTPUT
$IPT -F -t nat
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
##############################Carrega modulos############################
modprobe ip_tables
modprobe iptable_nat
modprobe ipt_MASQUERADE
modprobe ipt_LOG
echo 'Modulos iptables'
######################Proxy Transparente##################################
iptables -t nat -A PREROUTING -i $LOCAL_IFACE -p tcp --dport 80 -j REDIRECT --to-port 3128
echo 'Proxy transparente ativado'
###################INPUT Rule###############################################
echo 'Regras INPUT'
$IPT -A INPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
$IPT -A INPUT -i $LO_IFACE -s 0/0 -d 0/0 -j ACCEPT
$IPT -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 25 -j ACCEPT
$IPT -A INPUT -p udp -s 0/0 -d 0/0 --destination-port 53 -j ACCEPT
$IPT -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 53 -j ACCEPT
$IPT -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 80 -j ACCEPT
$IPT -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 110 -j ACCEPT
$IPT -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 443 -j ACCEPT
$IPT -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 3128 -j ACCEPT
##########################Forward rule######################################
echo 'Regras Forward'
$IPT -A FORWARD -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
$IPT -A FORWARD -i $LOCAL_IFACE -p tcp --destination-port 25 -o $INET_IFACE -j ACCEPT
$IPT -A FORWARD -i $LOCAL_IFACE -p udp --destination-port 53 -o $INET_IFACE -j ACCEPT
$IPT -A FORWARD -i $LOCAL_IFACE -p tcp --destination-port 53 -o $INET_IFACE -j ACCEPT
$IPT -A FORWARD -i $LOCAL_IFACE -p tcp --destination-port 80 -o $INET_IFACE -j ACCEPT
$IPT -A FORWARD -i $LOCAL_IFACE -p tcp --destination-port 110 -o $INET_IFACE -j ACCEPT
$IPT -A FORWARD -i $LOCAL_IFACE -p tcp --destination-port 443 -o $INET_IFACE -j ACCEPT
$IPT -A FORWARD -i $LOCAL_IFACE -p tcp --destination-port 3128 -o $INET_IFACE -j ACCEPT
##############################NAT table ####################################
echo 'Regras NAT'
$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
echo 'FIREWALL OK'
########################Protecoes#####################################
for spoofing in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo '1' > $spoofing
done
echo 'Anti-spoofing ............[ OK ]'

# Bloqueio de alteracao de rotas
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 'Anti-redirects ...........[ OK ]'

echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 'Anti-source_route ........[ OK ]'

# Protecao contra responses bogus
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 'Anti-bugus_response ......[ OK ]'

# Protecao contra ataques de syn flood (inicio da conexao TCP). Tenta conter ataques de DoS.
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 'Anti-synflood protection .[ OK ]'
##########################################################################
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 'Compartilhamento ativado'

Ou seja este firewall só aceita as portas 25 53 80 110 443 3128, portas de acesso comum mesmo, como os programas p2p, emule torrent passam por isso?

Obrigado.

0 0

Quote

2. Re: Explicação

renato_pacheco
(usa Debian)

Enviado em 06/04/2011 - 11:36h

O lance é o seguinte: tem torrent por ae q faz a conexão através d um tunelamento (porta 443) q fura o bloqueio do seu firewall. No caso do emule, pode estar usando a porta 80 pra isso.

0 0

Quote