liberando acesso externo ao servidor
1. liberando acesso externo ao servidor
caio.thimons
(usa Ubuntu)
Enviado em 12/03/2013 - 14:18h
Boa tarde, configurei o no-ip.org com o ip atual do servidor (ip dhcp), esta configurado com o site cientistas.no-ip.org porém internamente esta funcionando este link, o problema é externamente, não esta funcionando, de uma olhada no meu firewall (iptable+squid):Vale lembrar que o servidor que estou tentando acessa é o de rede (ele proprio), sendo ip interno [10.0.0.1] e externo como [dhcp], porém acessando cientistas.no-ip.org internamente ele funciona.
#!/bin/bash
############# Script###########
################################################################################
#################### Iniciando Firewall ###########################################
################################################################################.
echo "Carregando modulos"
/sbin/modprobe ip_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_queue
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_nat
/sbin/modprobe iptable_mangle
/sbin/modprobe ipt_state
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_multiport
/sbin/modprobe ipt_mac
/sbin/modprobe ipt_string
echo "## Limpando as Regras existentes #######"
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -Z
echo "## Definindo politica padro (Nega entrada e permite saida)"
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
################################################################################
######################## Protege contra ataques diversos #######################
################################################################################
###### Protege contra synflood
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
###### Protecao contra ICMP Broadcasting
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
###### Prote.. Contra IP Spoofing
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
###### Protecao diversas contra portscanners, ping of death, ataques DoS, pacotes danificados e etc.
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -i eth0 -p icmp --icmp-type echo-reply -m limit --limit 1/s -j DROP
iptables -A FORWARD -p tcp -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD --protocol tcp --tcp-flags ALL SYN,ACK -j DROP
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -N VALID_CHECK
iptables -A VALID_CHECK -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL ALL -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL FIN -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
################################################################################
############################ Input Rede Interna #################################
################################################################################
echo "Redirecionando porta 80 para o proxy"
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.109 -j RETURN #
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.127 -j RETURN #estevan
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.5 -j RETURN #servidor
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.11 -j RETURN #servidor
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.160 -j RETURN #Douglas
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.67 -j RETURN #wi-fi
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.147 -j RETURN #
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.24 -j RETURN #eduardo
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.249 -j RETURN #
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.2 -j RETURN #
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.212 -j RETURN #cleberson
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.202 -j RETURN #servidor
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.200 -j RETURN #servidor OFF
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.29 -j RETURN #servidor OFF
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.199 -j RETURN
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.211 -j RETURN
#### NO-IP ####
iptables -A OUTPUT -d cientistas.no-ip.org -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -s cientistas.no-ip.org -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
###
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --syn -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -i eth1 -s 10.0.0.0/255.255.255.0 -j ACCEPT
iptables -A INPUT -i eth1 -m state --state NEW -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
############################ Liberando o INPUT #################################
################################################################################
echo "liberando o INPUT externo"
iptables -A INPUT -i eth0 -p tcp -m multiport --dport 1056,1030,25,631,1050,1055,1051,1057,8083,8088,8086,8090,8092,22,3128 -j ACCEPT
################################################################################
############################ Redirecionamentos #################################
################################################################################
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 1030 -j DNAT --to-destination 10.0.0.1:80
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 1050 -j DNAT --to-destination 10.0.0.50:1050
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8083 -j DNAT --to-destination 10.0.0.50:8083
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8088 -j DNAT --to-destination 10.0.0.50:8088
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8086 -j DNAT --to-destination 10.0.0.153:8086
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8092 -j DNAT --to-destination 10.0.0.147:8092
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8090 -j DNAT --to-destination 10.0.0.211:8090
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 22 -j DNAT --to-destination 10.0.0.50:22
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 222 -j DNAT --to-destination 10.0.0.1:22
iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 1057 -j DNAT --to-destination 200.98.171.134:1050 #ip servidor uol
iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 1055 -j DNAT --to-destination 200.98.171.134:1050 #ip servidor uol
iptables -t nat -I PREROUTING -i eth1 -p tcp -m tcp --dport 1051 -j DNAT --to-destination 200.98.171.134:1056
iptables -t nat -A PREROUTING -d 10.0.0.1 -p tcp --dport 1030 -j DNAT --to 10.0.0.69:80
################################################################################
############################ Drop Input #################################
################################################################################
echo " Fechando portas no abertas acima ##"
iptables -A INPUT -i eth0 -j REJECT
################################################################################
############################ Compartilhamento Internet #########################
################################################################################
echo "Compartilhando Internet"
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo "..........................Firewall Ativo[OK]"
################################################################################
######################################## Fim ############################################################################.
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Artigos
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Dicas
Vim - incrementando números em substituição
Efeito "livro" em arquivos PDF
Como resolver o erro no CUPS: Unable to get list of printer drivers
Flatpak: remover runtimes não usados e pacotes
Mudar o gerenciador de login (GDM para SDDM e vice-versa) - parte 2
Tópicos
Linux rodando do hd externo ou ssd? (0)
Tentando acessar o linux por conexão área remota (1)
Site para donwloads de ISO windows server, xp e outros. (2)
Acabei de formatar meu ssd e deu erro (0)
Não consigo copiar arquivos do Mint para meu smartphone com android 11... (5)
Top 10 do mês
-
Xerxes
1° lugar - 61.768 pts -
Fábio Berbert de Paula
2° lugar - 47.644 pts -
Buckminster
3° lugar - 17.673 pts -
Mauricio Ferrari
4° lugar - 14.742 pts -
Diego Mendes Rodrigues
5° lugar - 12.960 pts -
Daniel Lara Souza
6° lugar - 12.796 pts -
Alberto Federman Neto.
7° lugar - 12.590 pts -
Alessandro de Oliveira Faria (A.K.A. CABELO)
8° lugar - 10.882 pts -
edps
9° lugar - 10.096 pts -
Andre (pinduvoz)
10° lugar - 9.650 pts
Scripts
[Python] Automação de scan de vulnerabilidades
[Python] Script para analise de superficie de ataque
[Shell Script] Novo script para redimensionar, rotacionar, converter e espelhar arquivos de imagem
[Shell Script] Iniciador de DOOM (DSDA-DOOM, Doom Retro ou Woof!)
[Shell Script] Script para adicionar bordas às imagens de uma pasta
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
