liberando acesso externo ao servidor
1. liberando acesso externo ao servidor
caio.thimons
(usa Ubuntu)
Enviado em 12/03/2013 - 14:18h
Boa tarde, configurei o no-ip.org com o ip atual do servidor (ip dhcp), esta configurado com o site cientistas.no-ip.org porém internamente esta funcionando este link, o problema é externamente, não esta funcionando, de uma olhada no meu firewall (iptable+squid):Vale lembrar que o servidor que estou tentando acessa é o de rede (ele proprio), sendo ip interno [10.0.0.1] e externo como [dhcp], porém acessando cientistas.no-ip.org internamente ele funciona.
#!/bin/bash
############# Script###########
################################################################################
#################### Iniciando Firewall ###########################################
################################################################################.
echo "Carregando modulos"
/sbin/modprobe ip_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_queue
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_nat
/sbin/modprobe iptable_mangle
/sbin/modprobe ipt_state
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_multiport
/sbin/modprobe ipt_mac
/sbin/modprobe ipt_string
echo "## Limpando as Regras existentes #######"
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -Z
echo "## Definindo politica padro (Nega entrada e permite saida)"
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
################################################################################
######################## Protege contra ataques diversos #######################
################################################################################
###### Protege contra synflood
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
###### Protecao contra ICMP Broadcasting
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
###### Prote.. Contra IP Spoofing
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
###### Protecao diversas contra portscanners, ping of death, ataques DoS, pacotes danificados e etc.
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -i eth0 -p icmp --icmp-type echo-reply -m limit --limit 1/s -j DROP
iptables -A FORWARD -p tcp -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD --protocol tcp --tcp-flags ALL SYN,ACK -j DROP
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -N VALID_CHECK
iptables -A VALID_CHECK -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL ALL -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL FIN -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
################################################################################
############################ Input Rede Interna #################################
################################################################################
echo "Redirecionando porta 80 para o proxy"
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.109 -j RETURN #
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.127 -j RETURN #estevan
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.5 -j RETURN #servidor
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.11 -j RETURN #servidor
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.160 -j RETURN #Douglas
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.67 -j RETURN #wi-fi
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.147 -j RETURN #
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.24 -j RETURN #eduardo
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.249 -j RETURN #
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.2 -j RETURN #
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.212 -j RETURN #cleberson
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.202 -j RETURN #servidor
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.200 -j RETURN #servidor OFF
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.29 -j RETURN #servidor OFF
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.199 -j RETURN
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 10.0.0.211 -j RETURN
#### NO-IP ####
iptables -A OUTPUT -d cientistas.no-ip.org -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -s cientistas.no-ip.org -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
###
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --syn -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -i eth1 -s 10.0.0.0/255.255.255.0 -j ACCEPT
iptables -A INPUT -i eth1 -m state --state NEW -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
############################ Liberando o INPUT #################################
################################################################################
echo "liberando o INPUT externo"
iptables -A INPUT -i eth0 -p tcp -m multiport --dport 1056,1030,25,631,1050,1055,1051,1057,8083,8088,8086,8090,8092,22,3128 -j ACCEPT
################################################################################
############################ Redirecionamentos #################################
################################################################################
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 1030 -j DNAT --to-destination 10.0.0.1:80
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 1050 -j DNAT --to-destination 10.0.0.50:1050
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8083 -j DNAT --to-destination 10.0.0.50:8083
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8088 -j DNAT --to-destination 10.0.0.50:8088
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8086 -j DNAT --to-destination 10.0.0.153:8086
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8092 -j DNAT --to-destination 10.0.0.147:8092
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8090 -j DNAT --to-destination 10.0.0.211:8090
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 22 -j DNAT --to-destination 10.0.0.50:22
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 222 -j DNAT --to-destination 10.0.0.1:22
iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 1057 -j DNAT --to-destination 200.98.171.134:1050 #ip servidor uol
iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 1055 -j DNAT --to-destination 200.98.171.134:1050 #ip servidor uol
iptables -t nat -I PREROUTING -i eth1 -p tcp -m tcp --dport 1051 -j DNAT --to-destination 200.98.171.134:1056
iptables -t nat -A PREROUTING -d 10.0.0.1 -p tcp --dport 1030 -j DNAT --to 10.0.0.69:80
################################################################################
############################ Drop Input #################################
################################################################################
echo " Fechando portas no abertas acima ##"
iptables -A INPUT -i eth0 -j REJECT
################################################################################
############################ Compartilhamento Internet #########################
################################################################################
echo "Compartilhando Internet"
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo "..........................Firewall Ativo[OK]"
################################################################################
######################################## Fim ############################################################################.
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Artigos
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Dicas
Como renomear arquivos de letras maiúsculas para minúsculas
Imprimindo no formato livreto no Linux
Vim - incrementando números em substituição
Efeito "livro" em arquivos PDF
Como resolver o erro no CUPS: Unable to get list of printer drivers
Tópicos
Melhorando a precisão de valores flutuantes em python[AJUDA] (9)
GLPI - Configuração de destinatário com conta Microsoft Exchange (0)
Vou voltar moderar conteúdos de Dicas e Artigos (3)
OpenVPN no MACBOOK conecta mas não pinga pastas de rede compartilhada ... (1)
Top 10 do mês
-
Xerxes
1° lugar - 68.453 pts -
Fábio Berbert de Paula
2° lugar - 51.832 pts -
Buckminster
3° lugar - 18.557 pts -
Mauricio Ferrari
4° lugar - 16.159 pts -
Alberto Federman Neto.
5° lugar - 14.923 pts -
Diego Mendes Rodrigues
6° lugar - 13.678 pts -
Daniel Lara Souza
7° lugar - 13.323 pts -
edps
8° lugar - 11.650 pts -
Andre (pinduvoz)
9° lugar - 11.321 pts -
Alessandro de Oliveira Faria (A.K.A. CABELO)
10° lugar - 11.201 pts
Scripts
[Python] Automação de scan de vulnerabilidades
[Python] Script para analise de superficie de ataque
[Shell Script] Novo script para redimensionar, rotacionar, converter e espelhar arquivos de imagem
[Shell Script] Iniciador de DOOM (DSDA-DOOM, Doom Retro ou Woof!)
[Shell Script] Script para adicionar bordas às imagens de uma pasta
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
