iptables problema simples.

To: debian-user-portuguese@lists.debian.org
Subject: iptables problema simples.
From: "Silvino Silva" <silvino.silva@gmail.com>
Date: Sat, 21 Apr 2007 16:01:08 +0100
Message-id: <[🔎] 3a3ff64e0704210801n57a1d06cr4cf8a2b9a884952f@mail.gmail.com>

Olá

Tenho a Simples configuração de iptables;

# Tabela filter
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

# Tabela nat
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
# Tabela mangle
iptables -t mangle -P INPUT ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P FORWARD ACCEPT
iptables -t mangle -P POSTROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT

# Habilitar IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr

#cria uma nova cadeia athinput
iptables -N athin
iptables -N athout

echo "##########################Cadeia Filter#############################"
#Aceita loopback
iptables -A INPUT -i lo -j DROP

#Cria uma cadeia para as conexões da interenet chamada athin
iptables -A INPUT -i ath0 -j athin

#Cria uma cadeia para as conexões de desntro para fora
iptables -A OUTPUT -o ath0 -j athout

#aceita a rede local
iptables -A INPUT -i eth0 -j DROP

#Tudo o resto é rejeitado e rejistado
iptables -A INPUT -j DROP

echo "##########################Cadeia FORWARD#############################"
iptables -A FORWARD -j DROP
echo "##########################Cadeia athin###############################"
#Aceitas respostas de destino inatingível e ping com um limite de 2 por segundo
iptables -A athin -p icmp --icmp-type 3 -m limit --limit 2/s -j ACCEPT
iptables -A athin -m state --state INVALID -j DROP

#Aceita conecções para o apache
iptables -A athin -p tcp --dport 80 -j ULOG --ulog-prefix "FIREWALL: Apache"
iptables -A athin -p tcp --dport 80 -j ACCEPT

#Aceita serviço de HTML
iptables -A athin -p tcp --sport 80: --dport 1024: -j ACCEPT

#Resposta de DNS
iptables -A athin -p udp --sport 53 --dport 1024: -j ACCEPT

#rejeita tudo o resto
iptables -A athin -j ULOG --ulog-nlgroup 1 --ulog-prefix "FIREWALL: Excluido"
iptables -A athin -j DROP

echo "##########################Cadeia OUT###############################"

#Pedido de Serviço HTML
iptables -A athout -p tcp --dport 80 -j ACCEPT

#Pedido de Serviço DNS
iptables -A athout -p udp --dport 53 -j ACCEPT

#Tudo o resto Rejeitado
iptables -A athout -j DROP

echo "##########################Cadeia NAT###############################"
# iptables -t nat -A PREROUTING -i eth0 -s 192.168.1.0/24 -j DNAT --to 200.200.217.40-200.200.217.50:1024:5000
# iptables -t nat -A PREROUTING -j DNAT -p udp --dport 53 -i eth0 --to-destination 195.22.0.136
# iptables -t nat -A PREROUTING -j DNAT -p tcp --dport 53 -i eth0 --to-destination 195.22.0.136
#
# #iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o ath0 -j MASQUERADE
# iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE

exit 0

Mas se correr o nmap com as opções

nmap -sT -F -P0 192.168.1.253

Devolve;

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-04-21 15:53 WEST
Interesting ports on silvinosilva.no-ip.org (192.168.1.253):
Not shown: 656 closed ports, 581 filtered ports
PORT STATE SERVICE
80/tcp open http
6017/tcp open xmail-ctrl

Nmap finished: 1 IP address (1 host up) scanned in 13.222 seconds

Eu não autorizo no iptables 6017/tcp open xmail-ctrl

:( Onde esta o meu erro ?

Reply to:

Follow-Ups:
- Re: iptables problema simples.
  - From: Douglas Sales <dsales@click21.com.br>

Prev by Date: Re: Upgrade de Máquina
Next by Date: cade o xorgconfig???
Previous by thread: Re: DVDShrink
Next by thread: Re: iptables problema simples.
Index(es):
- Date
- Thread