Re: iptables

Mon, 23 Jan 2006 04:32:21 -0800

Renato Lorandi,
eu já liberei o forward da porta 53.
Toda a rede interna da empresa consegue resolver o nome. O problema é na maquina do firewall.
 Veja minhas regras de foward:
iptables -A FORWARD -s 192.168.200.0/24 -i lo -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.200.0/24 -i lo -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p tcp --dport 53
-j ACCEPT
iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p udp --dport 53
-j ACCEPT
iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA -o eth1 -j ACCEPT

Renato Lorandi <[EMAIL PROTECTED]> escreveu:
Leandro Orílio escreveu:

> Olá pessoal!
> Estou precisando de um ajuda!
> Tenho um firewall com iptables e squid. So que quando rodo o meu
> script de iptables a maquina não reconhece mais o dns q esta colocado
> no revolv.conf.
> Alguem saberia me dizer q estou fazendo de errado!
> Desde já obrigado!
> #!/bin/bash
> INTERFACE_INTERNA=eth0
> INTERFACE_EXTERNA=eth1
> echo 1 > /proc/sys/net/ipv4/ip_forward
> #Limpa os chains
> iptables -F
> iptables -t filter -F
> iptables -t nat -F
> #Tabela filter
> iptables -t filter -P INPUT DROP
> iptables -t filter -P OUTPUT ACCEPT
> iptables -t filter -P FORWARD ACCEPT
> #tabela nat
> iptables -t nat -P PREROUTING ACCEPT
> iptables -t nat -P OUTPUT ACCEPT
> iptables -t nat -P POSTROUTING DROP
> #tablea mangle
> iptables -t mangle -P PREROUTING ACCEPT
> iptables -t mangle -P OUTPUT ACCEPT
> iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT
> iptables -A INPUT -i eth0 -j ACCEPT
> #iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA -j ACCEPT
> iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p tcp
> --dport 22 -j ACCEPT
> iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p tcp
> --dport 80 -j ACCEPT
> iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p tcp
> --dport 3128 -j ACCEPT
> iptables -t filter -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA
> -p tcp --dport 53 -j ACCEPT
> iptables -t filter -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA
> -p udp --dport 53 -j ACCEPT
> iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_EXTERNA -o eth1
> -j ACCEPT
> iptables -A FORWARD -i $INTERFACE_EXTERNA -o $INTERFACE_INTERNA -j ACCEPT
> #iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_EXTERNA -p tcp
> -dport 80 -o eth1 -j ACCEPT
> #iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_EXTERNA -p tcp
> -dport 443 -o eth1 -j ACCEPT
> #roteamento
> iptables -t nat -A POSTROUTING -o lo -j ACCEPT
> #iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o
> $INTERFACE_EXTERNA -j MASQUERADE
> iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o
> $INTERFACE_EXTERNA -j SNAT --to 192.168.1.250
> ##################Redirecionamento#######################
> #iptables -t nat -A PREROUTING -p tcp -i $INTERFACE_INTERNA --dport 80
> -j REDIRECT --to-port 3128
> #iptables -t nat -A PREROUTING -p udp -i $INTERFACE_INTERNA --dport 80
> -j REDIRECT --to-port 3128
> #iptables -t nat -A PREROUTING -p tcp -i $INTERFACE_INTERNA --dport
> 443 -j REDIRECT --to-port 3128
> #iptables -t nat -A PREROUTING -p udp -i $INTERFACE_INTERNA --dport
> 443 -j REDIRECT --to-port 3128
>
> Yahoo! doce lar. Faça do Yahoo! sua homepage.
>


Amigo vc ce tem que liberar na FORWARD tbm a porta 53
iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p tcp
--dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p udp
--dport 53 -j ACCEPT


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


__________________________________________________
Faça ligações para outros computadores com o novo Yahoo! Messenger
http://br.beta.messenger.yahoo.com/

Reply via email to