liberar vpn

1. liberar vpn

jeferson de oliveira
jefsni

(usa Debian)

Enviado em 06/04/2020 - 18:20h

boa tarde, tem um windows server 2019 como servidor vpn e tem o Debian proxy firewall iptables, com acesso internet por usuário e senha, alguns bloqueios de sites, e não estou conseguindo acessar VPN externa com IP Fixo, o script de firewall:

WAN="eth0" #internet (onboard)
WAN0="192.168.0.250"
LAN="eth1" #redelocal (offboard)
LAN0='192.168.2.250'
LAN1='192.168.2.0/24'
TS='192.168.2.200'
DVR='192.168.2.150'
PORTASUDP="53"
PORTASTCP="21,25,53,80,110,143,443,587,993,995"
PORTASTCP1="22,3128,3389,33899,3322"
PORTASDVR="8000,8001,554"

# PoliticAs Padrao
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP

# Liberar Portas TCP
$IPT -A INPUT -p tcp -m multiport --dports $PORTASDVR -j ACCEPT
$IPT -A INPUT -p tcp -m multiport --dports $PORTASTCP -j ACCEPT
$IPT -A INPUT -p tcp -m multiport --dports $PORTASTCP1 -j ACCEPT
$IPT -A FORWARD -p tcp -m multiport --dports $PORTASDVR -j ACCEPT
$IPT -A FORWARD -p tcp -m multiport --dports $PORTASTCP -j ACCEPT
$IPT -A FORWARD -p tcp -m multiport --dports $PORTASTCP1 -j ACCEPT

# NAT redirecionamento de portas
$IPT -t nat -A PREROUTING -i $WAN -p tcp --dport 3389 -j DNAT --to-destination $TS:3389
$IPT -t nat -A POSTROUTING -d $TS -j SNAT --to $WAN0

$IPT -t nat -A PREROUTING -i $WAN -p tcp -m tcp --dport 3322 -j DNAT --to-destination $LAN0:22
$IPT -t nat -A POSTROUTING -d $LAN0 -j SNAT --to $WAN0

$IPT -t nat -A PREROUTING -i $WAN -p tcp -m tcp --dport 8001 -j DNAT --to-destination $DVR:8001
$IPT -t nat -A POSTROUTING -d $DVR -j SNAT --to $WAN0

$IPT -t nat -A PREROUTING -i $WAN -p tcp -m tcp --dport 8000 -j DNAT --to-destination $DVR:8000
$IPT -t nat -A POSTROUTING -d $DVR -j SNAT --to $WAN0

$IPT -t nat -A PREROUTING -i $WAN -p tcp -m tcp --dport 554 -j DNAT --to-destination $DVR:554
$IPT -t nat -A POSTROUTING -d $DVR -j SNAT --to $WAN0

#Permitir ReceitaNet
$IPT -A FORWARD -p tcp -s $LAN1 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 3456 -j ACCEPT
$IPT -A FORWARD -p tcp -s 0/0 -i eth0 --sport 3456 -d $LAN1 -o eth1 --dport 1024: -j ACCEPT
#$IPT -A INPUT -p tcp -s $LAN1 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 3456 -j ACCEPT
#$IPT -A INPUT -p tcp -s $LAN1 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 3456 -j ACCEPT

#Bloquear as portas UDP de 0 a 1023 exceto as liberadas acima
#$IPT -A INPUT -p udp --dport 0:1023 -j DROP


  






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts