Re: iptables

To: debian-user-portuguese@lists.debian.org
Subject: Re: iptables
From: Pruonckk le Punk <pruonckk@pruonckk.org>
Date: Mon, 23 Jan 2006 10:34:43 -0200
Message-id: <[🔎] 1138019684.30237.32.camel@localhost.localdomain>
In-reply-to: <[🔎] 20060123123217.91455.qmail@web35614.mail.mud.yahoo.com>
References: <[🔎] 20060123123217.91455.qmail@web35614.mail.mud.yahoo.com>

nao sei como está sua politica padrao, mas tente liberar a 53 para a
interface de loopback e no /etc/resolv.conf coloque o host 127.0.0.1


Em Seg, 2006-01-23 às 12:32 +0000, leandromailmad-debian@yahoo.com.br
escreveu:
> Renato Lorandi,
> eu já liberei o forward da porta 53.
> Toda a rede interna da empresa consegue resolver o nome. O problema é
> na maquina do firewall.
>  Veja minhas regras de foward:
> iptables -A FORWARD -s 192.168.200.0/24 -i lo -p tcp --dport 53 -j
> ACCEPT
> iptables -A FORWARD -s 192.168.200.0/24 -i lo -p udp --dport 53 -j
> ACCEPT
> iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p tcp
> --dport 53
> -j ACCEPT
> iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p udp
> --dport 53
> -j ACCEPT
> iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA -o eth1
> -j ACCEPT
> 
> Renato Lorandi <renato@quantumrs.com.br> escreveu:
>         Leandro Orílio escreveu:
>         
>         > Olá pessoal!
>         > Estou precisando de um ajuda!
>         > Tenho um firewall com iptables e squid. So que quando rodo o
>         meu 
>         > script de iptables a maquina não reconhece mais o dns q esta
>         colocado 
>         > no revolv.conf.
>         > Alguem saberia me dizer q estou fazendo de errado!
>         > Desde já obrigado!
>         > #!/bin/bash
>         > INTERFACE_INTERNA=eth0
>         > INTERFACE_EXTERNA=eth1
>         > echo 1 > /proc/sys/net/ipv4/ip_forward
>         > #Limpa os chains
>         > iptables -F
>         > iptables -t filter -F
>         > iptables -t nat -F
>         > #Tabela filter
>         > iptables -t filter -P INPUT DROP
>         > iptables -t filter -P OUTPUT ACCEPT
>         > iptables -t filter -P FORWARD ACCEPT
>         > #tabela nat
>         > iptables -t nat -P PREROUTING ACCEPT
>         > iptables -t nat -P OUTPUT ACCEPT
>         > iptables -t nat -P POSTROUTING DROP
>         > #tablea mangle
>         > iptables -t mangle -P PREROUTING ACCEPT
>         > iptables -t mangle -P OUTPUT ACCEPT
>         > iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT
>         > iptables -A INPUT -i eth0 -j ACCEPT
>         > #iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA
>         -j ACCEPT
>         > iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA
>         -p tcp 
>         > --dport 22 -j ACCEPT
>         > iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA
>         -p tcp 
>         > --dport 80 -j ACCEPT
>         > iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA
>         -p tcp 
>         > --dport 3128 -j ACCEPT
>         > iptables -t filter -A INPUT -s 192.168.200.0/24 -i
>         $INTERFACE_INTERNA 
>         > -p tcp --dport 53 -j ACCEPT
>         > iptables -t filter -A INPUT -s 192.168.200.0/24 -i
>         $INTERFACE_INTERNA 
>         > -p udp --dport 53 -j ACCEPT
>         > iptables -A FORWARD -s 192.168.200.0/24 -i
>         $INTERFACE_EXTERNA -o eth1 
>         > -j ACCEPT
>         > iptables -A FORWARD -i $INTERFACE_EXTERNA -o
>         $INTERFACE_INTERNA -j ACCEPT
>         > #iptables -A FORWARD -s 192.168.200.0/24 -i
>         $INTERFACE_EXTERNA -p tcp 
>         > -dport 80 -o eth1 -j ACCEPT
>         > #iptables -A FORWARD -s 192.168.200.0/24 -i
>         $INTERFACE_EXTERNA -p tcp 
>         > -dport 443 -o eth1 -j ACCEPT
>         > #roteamento
>         > iptables -t nat -A POSTROUTING -o lo -j ACCEPT
>         > #iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o 
>         > $INTERFACE_EXTERNA -j MASQUERADE
>         > iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o 
>         > $INTERFACE_EXTERNA -j SNAT --to 192.168.1.250
>         > ##################Redirecionamento#######################
>         > #iptables -t nat -A PREROUTING -p tcp -i $INTERFACE_INTERNA
>         --dport 80 
>         > -j REDIRECT --to-port 3128
>         > #iptables -t nat -A PREROUTING -p udp -i $INTERFACE_INTERNA
>         --dport 80 
>         > -j REDIRECT --to-port 3128
>         > #iptables -t nat -A PREROUTING -p tcp -i $INTERFACE_INTERNA
>         --dport 
>         > 443 -j REDIRECT --to-port 3128
>         > #iptables -t nat -A PREROUTING -p udp -i $INTERFACE_INTERNA
>         --dport 
>         > 443 -j REDIRECT --to-port 3128
>         >
>         > Yahoo! doce lar. Faça do Yahoo! sua homepage. 
>         >  
>         
>         
>         Amigo vc ce tem que liberar na FORWARD tbm a porta 53
>         iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA
>         -p tcp 
>         --dport 53 -j ACCEPT
>         iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA
>         -p udp 
>         --dport 53 -j ACCEPT
>         
>         
>         -- 
>         To UNSUBSCRIBE, email to
>         debian-user-portuguese-REQUEST@lists.debian.org
>         with a subject of "unsubscribe". Trouble? Contact
>         listmaster@lists.debian.org
>         
> 
> 
> 
> __________________________________________________
> Faça ligações para outros computadores com o novo Yahoo! Messenger 
> http://br.beta.messenger.yahoo.com/ 
> 
-- 
Pruonckk le Punk

http://www.debianfordummies.org
Porque o linux é para todos!

Reply to:

Follow-Ups:
- Re: iptables
  - From: <leandromailmad-debian@yahoo.com.br>

References:
- Re: iptables
  - From: <leandromailmad-debian@yahoo.com.br>

Prev by Date: Re: LTSP - error 2 (Access violation)
Next by Date: Re: instalando Egroupware
Previous by thread: Re: iptables
Next by thread: Re: iptables
Index(es):
- Date
- Thread