rede com firewall iptables + squid3 , internet Wi-Fi não funciona em celular APENAS em Notbook ! Por

1. rede com firewall iptables + squid3 , internet Wi-Fi não funciona em celular APENAS em Notbook ! Por

Maicon Italo
maicomitalo

(usa Ubuntu)

Enviado em 09/03/2015 - 11:21h


tenho um servidor com iptables e squid3 e nessa rede tenho dois Roteadores Wi-fi consigo usar a internet wi-fi apenas usando notbook , quando eu uso celular eu consigo mim conectar a rede pega ip , coloco proxy manualmente o celular ate consegue se comunicar com o servidor através de ping , porem não tem nenhuma resposta da internet á internet nao funciona em celular apenas em nootbook wi fi ! alguem sabe o porque ? liberar alguma porta pra celular conseguir acessar a internet ???


MINHAS REGRAS IPTABLES

# Generated by iptables-save v1.4.14 on Thu Mar 5 08:18:29 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [1596792:123190304]
:OUTPUT ACCEPT [81077911:58141784577]
-A INPUT -i eth1 -m string --string "google" --algo bm --to 65535 -j ACCEPT
-A INPUT -i eth0 -m string --string "google" --algo bm --to 65535 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 3/sec --limit-burst 4 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3 -m limit --limit 3/sec --limit-burst 4 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -m limit --limit 3/sec --limit-burst 4 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 10/sec --limit-burst 50 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 10/sec --limit-burst 50 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 3/sec --limit-burst 10 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3000 --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 25/sec --limit-burst 50 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -m limit --limit 10/sec --limit-burst 10 -j ACCEPT
-A FORWARD -m string --string "live" --algo bm --to 65535 -j ACCEPT
-A FORWARD -m string --string "live" --algo bm --to 65535 -j ACCEPT
-A FORWARD -m string --string "samba" --algo bm --to 65535 -j ACCEPT
-A FORWARD -s 10.46.0.0/16 -d 74.125.225.51/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 10.46.0.0/16 -d 74.125.225.50/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 10.46.0.0/16 -d 74.125.225.49/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 10.46.0.0/16 -d 74.125.225.48/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 10.46.0.0/16 -d 74.125.225.52/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -i eth0 -m string --string "google" --algo bm --to 65535 -j ACCEPT
-A FORWARD -i eth1 -m string --string "google" --algo bm --to 65535 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 10.0.0.0/8 -p tcp -m multiport --dports 80,443,2809,2807,12170,3050,8080,995,465 -j ACCEPT
-A FORWARD -s 10.0.0.0/8 -p tcp -m multiport --dports 53,110,25,22,123,465,443,995,20,21 -j ACCEPT
-A FORWARD -s 10.0.0.0/8 -p tcp -m multiport --dports 2631,13353,8989,23000,8999,9875,13001,5432,35353,53625 -j ACCEPT
-A FORWARD -s 10.0.0.0/8 -p tcp -m multiport --dports 8000,8001,8002,8083,13353,13352,119,143,8222,8333,389,636 -j ACCEPT
-A FORWARD -s 10.0.0.0/8 -p tcp -m multiport --dports 67,68,3456,873,1863 -j ACCEPT
-A FORWARD -s 10.0.0.0/8 -p udp -m multiport --dports 5060,1194,4500,500,67,68,873 -j ACCEPT
-A FORWARD -s 10.0.0.0/8 -p icmp -j ACCEPT
-A FORWARD -s 10.46.0.0/16 -d 74.125.225.51/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 10.46.0.0/16 -d 74.125.225.52/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 10.46.0.0/16 -d 74.125.225.48/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 10.46.0.0/16 -d 74.125.225.49/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 10.46.0.0/16 -d 74.125.225.50/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -m string --string "live" --algo bm --to 65535 -j ACCEPT
-A OUTPUT -m string --string "samba" --algo bm --to 65535 -j ACCEPT
COMMIT
# Completed on Thu Mar 5 08:18:29 2015
# Generated by iptables-save v1.4.14 on Thu Mar 5 08:18:29 2015
*nat
:PREROUTING ACCEPT [10308253:833194634]
:INPUT ACCEPT [9582715:670846112]
:OUTPUT ACCEPT [4116846:276100643]
:POSTROUTING ACCEPT [1041297:122294719]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3000
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3000
-A PREROUTING -s 10.46.0.0/22 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3000
-A PREROUTING -s 10.46.0.0/22 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3000
-A PREROUTING -s 10.46.0.0/22 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3000
-A PREROUTING -s 10.46.0.0/22 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3000
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Thu Mar 5 08:18:29 2015
# Generated by iptables-save v1.4.14 on Thu Mar 5 08:18:29 2015
*mangle
:PREROUTING ACCEPT [481317103:315322663225]
:INPUT ACCEPT [265565997:159627275886]
:FORWARD ACCEPT [214650839:155150038268]
:OUTPUT ACCEPT [253416089:192240608789]
:POSTROUTING ACCEPT [467906974:347313335263]
COMMIT
# Completed on Thu Mar 5 08:18:29 2015



squid.conf

## PORTA ##
http_port 3000











## ESQUEMA AUTENTICACAO ##
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd
auth_param basic children 15
auth_param basic realm | ATENÇÃO! Todos os acessos à Internet são monitorados pela SecInfor / S2
auth_param basic credentialsttl 8 hours
auth_param basic casesensitive off
visible_hostname secInfor
cache_mgr Sd_Italo
error_directory /usr/share/squid3/errors/Portuguese
hierarchy_stoplist cgi-bin ?
cache_mem 1024 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 100 MB
cache_dir ufs /var/spool/squid3 10000 16 256

refresh_pattern ^ftp: 360 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

access_log /var/log/squid3/access.log

acl localhost src 10.46.0.0/16
acl localnet src 10.46.0.0/16

error_directory /usr/share/squid3/errors/pt-br

dns_nameservers 10.45.1.178 10.67.4.34 8.8.8.8 10.46.136.4

acl livre dstdom_regex "/etc/squid3/acesso_livre"

acl liberado url_regex "/etc/squid3/block"



http_access allow livre
http_access allow liberado all


acl s2 src 10.46.136.25 10.46.136.2 10.46.137.117 10.46.137.140 10.46.136.6 10.46.137.50 10.46.136.37 10.46.136.5 10.46.136.83 10.46.136.167 10.46.136.7 10.46.136.253 10.46.136.169 10.46.137.5 10.46.137.6 10.46.138.5 10.46.138.6 10.46.139.5 10.46.139.6

http_access allow s2


acl usuarios proxy_auth REQUIRED

acl nivel1 proxy_auth "/etc/squid3/senhaNivel1"
http_access allow nivel1

acl HorarioExpediente time MTWHF 07:20-16:00
acl HorarioSexta time F 11:20-23:30
acl Intervalo time MTWHF 11:30-13:00
acl FimExpediente time MTWH 16:10-23:40
acl FinalSemana time AS 06:00-23:55

acl block url_regex "/etc/squid3/block"

http_access deny block !FimExpediente !FinalSemana !Intervalo





## AUTENTICACAO ##




http_access allow usuarios





#acl bloqueio_por_palavras url_regex -i “/etc/squid3/listas/palavrasâ€
#http_access deny bloqueio_por_palavras




acl purge method PURGE
http_access allow purge localhost
http_access deny purge

acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 80 # http
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 488 # gss-http
acl Safe_ports port 563 # mntps
acl Safe_ports port 591 # filemaker
acl Safe_ports port 633 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl Safe_ports port 1025-65535 # unregistered ports
#http_access deny !Safe_ports

acl connect method CONNECT
acl ssl_ports port 443 # https
acl ssl_ports port 563 # mntps
acl ssl_ports port 873 # rsync
http_access allow connect
#http_access deny connect !SSL_ports


#reply_body_max_size 0 sec_infor
#reply_body_max_size 0 chefia
#reply_body_max_size 0 sec_imagem
#reply_body_max_size 0 html
#reply_body_max_size 50 MB HorarioExpediente
#reply_body_max_size 50 MB HorarioSexta
#reply_body_max_size 50 MB !HorarioExpediente !HorarioSexta
#reply_body_max_size 50 MB Intervalo
#reply_body_max_size 60 MB !sec_infor

visible_hostname nautilus2.3dl.eb.mil.br



  






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts