SPED FISCAL (LIBERAR PORTA) !!

felipel
(usa Debian)

Enviado em 26/06/2013 - 11:54h

Ai Galera Bom dia,

ESotu com um problema em minha empresa, não entendo muito de firewall foi um pessoal que montou pra gente, e nisso, estou instalando o Software Sped Fiscal, porem ele me apresenta um erro que não foi possível ceder o Site http://200.198.232.62/spedfisc, ja achei muitas coisas no Viva o Linux, porem ja tentei e não sei oque eu faço, vou postar minhas rotas.Estão pedindo pra liberar a porta 3443 , porem não sei fazer isso..

#!/bin/bash
#
#
# ----- Firewall BASICO
#
#
#

# Firewall padrã#
### BEGIN INIT INFO
# Provides: firewall
# Required-Start: $network
# Required-Stop: $network
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: Serviç de Firewall - compartilhamento internet, redir. portas, etc.
### END INIT INFO

# First reset status of this service
. /etc/rc.status
rc_reset

# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
# Firewall padrã#
### BEGIN INIT INFO
# Provides: firewall
# Required-Start: $network
# Required-Stop: $network
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: Serviç de Firewall - compartilhamento internet, redir. portas, etc.
### END INIT INFO

# First reset status of this service
. /etc/rc.status
rc_reset

# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running


LAN="10.5.0.0"

case "$1" in
start)
echo -n "Starting Firewall Rules"

iptables -F
iptables -F -t nat
iptables -X

/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_pptp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_pptp


# ------------- permite navegaç para rede interna - MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
#iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s $LAN -j MASQUERADE

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu

iptables -t nat -A POSTROUTING -d 10.5.2.0/16 -j MASQUERADE
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE


#------ Modelo Redirecionamento
iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 3389 -j DNAT --to-destination 10.5.2.2:3389
iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 21 -j DNAT --to-destination 10.5.2.2
#iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j DNAT --to-destination 10.5.2.2
#iptables -A PREROUTING -t nat -i eth1 -p udp --dport 500 -j DNAT --to-destination 10.5.2.2
#iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 1723 -j DNAT --to-destination 10.5.2.2
#iptables -A PREROUTING -t nat -i eth1 -p udp --dport 1701 -j DNAT --to-destination 10.5.2.2
#iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 47 -j DNAT --to-destination 10.5.2.2
#iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 5900 -j DNAT --to-destination 10.5.2.2


iptables -A FORWARD -s 10.5.2.0/16 -p tcp --dport 80 -j REJECT
iptables -A FORWARD -s $LAN -p tcp --dport 80 -j REJECT
# ---------- Transparent Proxy ------------
echo -n "transproxy, "
iptables -A PREROUTING -t nat -s $LAN -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A PREROUTING -t nat -s $LAN -p tcp --dport 443 -j REDIRECT --to-port 3128
iptables -A PREROUTING -t nat -s 10.5.2.0/16 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A PREROUTING -t nat -s 10.5.2.0/16 -p tcp --dport 443 -j REDIRECT --to-port 3128
#iptables -A FORWARD -s $LAN -p tcp --dport 443 -j ACCEPT


SERVER=10.5.2.2
IF_WAN=eth1
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p 47 -j ACCEPT
iptables -A FORWARD -p TCP --dport 1723 -j ACCEPT
iptables -A FORWARD -p 47 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 1723 -j DNAT --to 10.5.2.2
iptables -t nat -A PREROUTING -i eth1 -p 47 -j DNAT --to 10.5.2.2

#iptables -t nat -A PREROUTING -i $INTF -p udp --dport 1158 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to 10.5.2.2

iptables -A PREROUTING -t nat -i ppp0 -p tcp --dport 63070 -j DNAT --to-destination 10.5.2.2
iptables -A PREROUTING -t nat -i ppp0 -p udp --dport 63070 -j DNAT --to-destination 10.5.2.2

#iptables -A PREROUTING -t nat -i ppp0 -p tcp --multiport 2704-8650 -j DNAT --to-destination 10.5.2.2


rc_status -v
;;
stop)
echo -n "Shutting down Firewall Rules"

iptables -F
iptables -t nat -F
iptables -X

rc_status -v
;;
restart)
$0 stop && $0 start

rc_status
;;
reload)

;;
status)
echo "Checking for Firewall Rules: "
echo "============================ "
iptables -nL
iptables -nL -t nat
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac
rc_exit

rockmusic26
(usa Outra)

Enviado em 02/07/2013 - 08:40h

Resolvi assim amigo:

#LIBERANDO SPED FISCAL

iptables -A FORWARD -i eth1 -p tcp -d 200.198.232.0/24 --dport 80 -j ACCEPT

iptables -A FORWARD -i eth1 -p tcp -d 200.198.0.0/24 --dport 80 -j ACCEPT

iptables -A FORWARD -i eth1 -p tcp -d sped.fazenda.gov.br --dport 80 -j ACCEPT

 

saitam
(usa Slackware)

Enviado em 02/07/2013 - 10:00h

Adicionando a regra também para Sped Fiscal

#Sistema Speed Fiscal

iptables -t nat -A PREROUTING -i $INTERNA -p tcp -d 200.198.239.21 --dport 3443 -j ACCEPT

iptables -t nat -A PREROUTING -i $EXTERNA -p tcp -d 200.198.239.21 --dport 3443 -j ACCEPT

iptables -t nat -A PREROUTING -i $INTERNA -p tcp -d sped.fazenda.gov.br --dport 3443 -j ACCEPT

iptables -t nat -A PREROUTING -i $EXTERNA -p tcp -d sped.fazenda.gov.br --dport 3443 -j ACCEPT

iptables -t nat -A PREROUTING -i $INTERNA -p tcp --dport 3443 -j ACCEPT

iptables -t nat -A PREROUTING -i $INTERNA -p udp --dport 3443 -j ACCEPT

 

PS: atento a ordem das interfaces rede externa e interna.