Re: IPTABLES

To: Junior Polegato - Linux <linux@juniorpolegato.com.br>
Cc: dup <debian-user-portuguese@lists.debian.org>
Subject: Re: IPTABLES
From: Eduardo Lopes <du.lopes@gmail.com>
Date: Fri, 15 May 2009 09:35:28 -0300
Message-id: <[🔎] 4ebf98f0905150535i536326d9mcb7a89ae1e2907ce@mail.gmail.com>
In-reply-to: <[🔎] 4A0C7E26.1060305@juniorpolegato.com.br>
References: <[🔎] 4ebf98f0905140454m33efcf21ue77257b59d887b43@mail.gmail.com> <[🔎] 4A0C6309.8030408@fing.edu.uy> <[🔎] 4ebf98f0905141159p5bad8f01u718be2606572adb9@mail.gmail.com> <[🔎] 4A0C739E.3080701@juniorpolegato.com.br> <[🔎] 4ebf98f0905141313t4dfa6977wff528b21f6a0a140@mail.gmail.com> <[🔎] 4A0C7E26.1060305@juniorpolegato.com.br>
2009/5/14 Junior Polegato - Linux <linux@juniorpolegato.com.br>:
> Eduardo Lopes escreveu:
>>
>> Opa,
>> Acesso normalmente da minha rede local para o servidor.
>>
>>>
>>>     Se for bloqueio no firewall, verifique a regra FORWARD, que pelo
>>> visto
>>> está com política DROP, se está descartando pacotes enquanto tenta
>>> acessar
>>> um IP externo, porta 8038, da rede interna com:
>>>
>>> watch -n 1 'iptables -L -v|sed -n /FORWARD/,/^$/p'
>>>
>>
>> Então o problema é que a maquina que estou fazendo o teste está toda
>> liberada no firewall. Eu acesso tudo por ela, menos o meu ip externo.
>>
>>>
>>>     Também vale uma monitorada no firewall com wireshark para ver o que
>>> chega e o que sai filtrando pelos IPs em teste.
>>>
>>
>> Já tinha monitorado com o tcpdump mas não achei nada.
>>
>
> Está ficando difícil... Se puder mandar, ou você mesmo analisar, os
> resultados de "iptables-save", "ip route" e "ip rule", dá para ter uma ideia
> melhor. Outra coisa, com o wireshark, filtre pelo seu IP (host <ip>) e veja
> se o pacote entra e sai e os estados. Mais que isso somente estando no local
> para dar suporte.

Opá,

Estou mandando a saída do iptables-save, se puder me ajudar com isso
eu agradesço muito. Já perguntei para todos meus contatos e ninguém
conseguiu me ajudar.
# Generated by iptables-save v1.4.2 on Fri May 15 09:26:43 2009
*mangle
:PREROUTING ACCEPT [8957926:6393226099]
:INPUT ACCEPT [157508:20859795]
:FORWARD ACCEPT [8776565:6369676686]
:OUTPUT ACCEPT [137594:25574808]
:POSTROUTING ACCEPT [8881505:6392747276]
-A PREROUTING -s 172.16.1.176/32 -d 189.xxx.xxx.xxx/xx -i eth1 -p tcp
-m tcp --dport 8088 -j MARK --set-xmark 0x41/0xffffffff
-A PREROUTING -s 172.16.1.33/32 -j MARK --set-xmark 0x2c/0xffffffff
-A PREROUTING -s 172.16.1.33/32 -j MARK --set-xmark 0x31/0xffffffff
-A PREROUTING -s 172.16.1.176/32 -d ! 172.16.1.0/24 -j MARK
--set-xmark 0x1e/0xffffffff
-A PREROUTING -s 172.16.1.88/32 -d ! 172.16.1.0/24 -j MARK --set-xmark
0x1f/0xffffffff
-A PREROUTING -s 172.16.1.89/32 -d ! 172.16.1.0/24 -j MARK --set-xmark
0x20/0xffffffff
-A PREROUTING -s 172.16.1.176/32 -d ! 172.16.1.0/24 -j MARK
--set-xmark 0x1e/0xffffffff
-A PREROUTING -s 172.16.1.88/32 -d ! 172.16.1.0/24 -j MARK --set-xmark
0x1f/0xffffffff
-A PREROUTING -s 172.16.1.89/32 -d ! 172.16.1.0/24 -j MARK --set-xmark
0x20/0xffffffff
-A PREROUTING -s 172.16.1.237/32 -j MARK --set-xmark 0x2f/0xffffffff
-A PREROUTING -s 172.16.1.237/32 -j MARK --set-xmark 0x2f/0xffffffff
-A PREROUTING -s 172.16.1.237/32 -j MARK --set-xmark 0x2f/0xffffffff
-A PREROUTING -s 172.16.1.15/32 -j MARK --set-xmark 0x27/0xffffffff
-A PREROUTING -s 172.16.1.89/32 -j MARK --set-xmark 0x22/0xffffffff
-A PREROUTING -s 172.16.1.11/32 -j MARK --set-xmark 0x23/0xffffffff
-A PREROUTING -s 172.16.1.21/32 -j MARK --set-xmark 0x24/0xffffffff
-A PREROUTING -s 172.16.1.10/32 -j MARK --set-xmark 0x25/0xffffffff
-A PREROUTING -s 172.16.1.11/32 -j MARK --set-xmark 0x26/0xffffffff
-A PREROUTING -s 172.16.1.15/32 -j MARK --set-xmark 0x27/0xffffffff
-A PREROUTING -s 172.16.1.15/32 -j MARK --set-xmark 0x27/0xffffffff
-A PREROUTING -s 172.16.1.18/32 -j MARK --set-xmark 0x28/0xffffffff
-A PREROUTING -s 172.16.1.25/32 -j MARK --set-xmark 0x29/0xffffffff
-A PREROUTING -s 172.16.1.28/32 -j MARK --set-xmark 0x2a/0xffffffff
-A PREROUTING -s 172.16.1.30/32 -j MARK --set-xmark 0x2b/0xffffffff
-A PREROUTING -s 172.16.1.14/32 -j MARK --set-xmark 0x2c/0xffffffff
-A PREROUTING -s 172.16.1.40/32 -j MARK --set-xmark 0x2d/0xffffffff
-A PREROUTING -s 172.16.1.237/32 -j MARK --set-xmark 0x2e/0xffffffff
-A PREROUTING -s 172.16.1.33/32 -j MARK --set-xmark 0x30/0xffffffff
-A PREROUTING -s 172.16.1.14/32 -j MARK --set-xmark 0x31/0xffffffff
-A PREROUTING -s 172.16.1.89/32 -j MARK --set-xmark 0x22/0xffffffff
-A PREROUTING -s 172.16.1.11/32 -j MARK --set-xmark 0x23/0xffffffff
-A PREROUTING -s 172.16.1.21/32 -j MARK --set-xmark 0x24/0xffffffff
-A PREROUTING -s 172.16.1.10/32 -j MARK --set-xmark 0x25/0xffffffff
-A PREROUTING -s 172.16.1.11/32 -j MARK --set-xmark 0x26/0xffffffff
-A PREROUTING -s 172.16.1.15/32 -j MARK --set-xmark 0x27/0xffffffff
-A PREROUTING -s 172.16.1.15/32 -j MARK --set-xmark 0x27/0xffffffff
-A PREROUTING -s 172.16.1.18/32 -j MARK --set-xmark 0x28/0xffffffff
-A PREROUTING -s 172.16.1.25/32 -j MARK --set-xmark 0x29/0xffffffff
-A PREROUTING -s 172.16.1.28/32 -j MARK --set-xmark 0x2a/0xffffffff
-A PREROUTING -s 172.16.1.30/32 -j MARK --set-xmark 0x2b/0xffffffff
-A PREROUTING -s 172.16.1.14/32 -j MARK --set-xmark 0x2c/0xffffffff
-A PREROUTING -s 172.16.1.40/32 -j MARK --set-xmark 0x2d/0xffffffff
-A PREROUTING -s 172.16.1.237/32 -j MARK --set-xmark 0x2e/0xffffffff
-A PREROUTING -s 172.16.1.33/32 -j MARK --set-xmark 0x30/0xffffffff
-A PREROUTING -s 172.16.1.14/32 -j MARK --set-xmark 0x31/0xffffffff
-A PREROUTING -s 172.16.1.89/32 -j MARK --set-xmark 0x22/0xffffffff
-A PREROUTING -s 172.16.1.11/32 -j MARK --set-xmark 0x23/0xffffffff
-A PREROUTING -s 172.16.1.21/32 -j MARK --set-xmark 0x24/0xffffffff
-A PREROUTING -s 172.16.1.10/32 -j MARK --set-xmark 0x25/0xffffffff
-A PREROUTING -s 172.16.1.11/32 -j MARK --set-xmark 0x26/0xffffffff
-A PREROUTING -s 172.16.1.15/32 -j MARK --set-xmark 0x27/0xffffffff
-A PREROUTING -s 172.16.1.15/32 -j MARK --set-xmark 0x27/0xffffffff
-A PREROUTING -s 172.16.1.18/32 -j MARK --set-xmark 0x28/0xffffffff
-A PREROUTING -s 172.16.1.25/32 -j MARK --set-xmark 0x29/0xffffffff
-A PREROUTING -s 172.16.1.28/32 -j MARK --set-xmark 0x2a/0xffffffff
-A PREROUTING -s 172.16.1.30/32 -j MARK --set-xmark 0x2b/0xffffffff
-A PREROUTING -s 172.16.1.14/32 -j MARK --set-xmark 0x2c/0xffffffff
-A PREROUTING -s 172.16.1.40/32 -j MARK --set-xmark 0x2d/0xffffffff
-A PREROUTING -s 172.16.1.237/32 -j MARK --set-xmark 0x2e/0xffffffff
-A PREROUTING -s 172.16.1.33/32 -j MARK --set-xmark 0x30/0xffffffff
-A PREROUTING -s 172.16.1.14/32 -j MARK --set-xmark 0x31/0xffffffff
-A PREROUTING -s 172.16.1.89/32 -j MARK --set-xmark 0x22/0xffffffff
-A PREROUTING -s 172.16.1.11/32 -j MARK --set-xmark 0x23/0xffffffff
-A PREROUTING -s 172.16.1.21/32 -j MARK --set-xmark 0x24/0xffffffff
-A PREROUTING -s 172.16.1.10/32 -j MARK --set-xmark 0x25/0xffffffff
-A PREROUTING -s 172.16.1.11/32 -j MARK --set-xmark 0x26/0xffffffff
-A PREROUTING -s 172.16.1.15/32 -j MARK --set-xmark 0x27/0xffffffff
-A PREROUTING -s 172.16.1.15/32 -j MARK --set-xmark 0x27/0xffffffff
-A PREROUTING -s 172.16.1.18/32 -j MARK --set-xmark 0x28/0xffffffff
-A PREROUTING -s 172.16.1.25/32 -j MARK --set-xmark 0x29/0xffffffff
-A PREROUTING -s 172.16.1.28/32 -j MARK --set-xmark 0x2a/0xffffffff
-A PREROUTING -s 172.16.1.30/32 -j MARK --set-xmark 0x2b/0xffffffff
-A PREROUTING -s 172.16.1.14/32 -j MARK --set-xmark 0x2c/0xffffffff
-A PREROUTING -s 172.16.1.40/32 -j MARK --set-xmark 0x2d/0xffffffff
-A PREROUTING -s 172.16.1.237/32 -j MARK --set-xmark 0x2e/0xffffffff
-A PREROUTING -s 172.16.1.238/32 -j MARK --set-xmark 0x2f/0xffffffff
-A PREROUTING -s 172.16.1.33/32 -j MARK --set-xmark 0x30/0xffffffff
-A PREROUTING -s 172.16.1.14/32 -j MARK --set-xmark 0x31/0xffffffff
-A PREROUTING -s 172.16.1.89/32 -j MARK --set-xmark 0x22/0xffffffff
-A PREROUTING -s 172.16.1.11/32 -j MARK --set-xmark 0x23/0xffffffff
-A PREROUTING -s 172.16.1.21/32 -j MARK --set-xmark 0x24/0xffffffff
-A PREROUTING -s 172.16.1.10/32 -j MARK --set-xmark 0x25/0xffffffff
-A PREROUTING -s 172.16.1.11/32 -j MARK --set-xmark 0x26/0xffffffff
-A PREROUTING -s 172.16.1.15/32 -j MARK --set-xmark 0x27/0xffffffff
-A PREROUTING -s 172.16.1.15/32 -j MARK --set-xmark 0x27/0xffffffff
-A PREROUTING -s 172.16.1.18/32 -j MARK --set-xmark 0x28/0xffffffff
-A PREROUTING -s 172.16.1.25/32 -j MARK --set-xmark 0x29/0xffffffff
-A PREROUTING -s 172.16.1.28/32 -j MARK --set-xmark 0x2a/0xffffffff
-A PREROUTING -s 172.16.1.30/32 -j MARK --set-xmark 0x2b/0xffffffff
-A PREROUTING -s 172.16.1.14/32 -j MARK --set-xmark 0x2c/0xffffffff
-A PREROUTING -s 172.16.1.40/32 -j MARK --set-xmark 0x2d/0xffffffff
-A PREROUTING -s 172.16.1.237/32 -j MARK --set-xmark 0x2e/0xffffffff
-A PREROUTING -s 172.16.1.238/32 -j MARK --set-xmark 0x2f/0xffffffff
-A PREROUTING -s 172.16.1.33/32 -j MARK --set-xmark 0x30/0xffffffff
-A PREROUTING -s 172.16.1.14/32 -j MARK --set-xmark 0x31/0xffffffff
-A PREROUTING -m conntrack --ctstate DNAT --ctorigdst 189.xxx.xxx.xxx
-j MARK --set-xmark 0x14/0xffffffff
-A PREROUTING -m conntrack --ctstate DNAT --ctorigdst 200.xxx.xxx.xxx
-j MARK --set-xmark 0x15/0xffffffff
-A PREROUTING -m conntrack --ctstate DNAT --ctorigdst 200.xxx.xxx.xxx
-j MARK --set-xmark 0x16/0xffffffff
-A PREROUTING -s 172.16.1.89/32 -j MARK --set-xmark 0x22/0xffffffff
-A PREROUTING -s 172.16.1.11/32 -j MARK --set-xmark 0x23/0xffffffff
-A PREROUTING -s 172.16.1.21/32 -j MARK --set-xmark 0x24/0xffffffff
-A PREROUTING -s 172.16.1.10/32 -j MARK --set-xmark 0x25/0xffffffff
-A PREROUTING -s 172.16.1.11/32 -j MARK --set-xmark 0x26/0xffffffff
-A PREROUTING -s 172.16.1.15/32 -j MARK --set-xmark 0x27/0xffffffff
-A PREROUTING -s 172.16.1.15/32 -j MARK --set-xmark 0x27/0xffffffff
-A PREROUTING -s 172.16.1.18/32 -j MARK --set-xmark 0x28/0xffffffff
-A PREROUTING -s 172.16.1.25/32 -j MARK --set-xmark 0x29/0xffffffff
-A PREROUTING -s 172.16.1.28/32 -j MARK --set-xmark 0x2a/0xffffffff
-A PREROUTING -s 172.16.1.30/32 -j MARK --set-xmark 0x2b/0xffffffff
-A PREROUTING -s 172.16.1.14/32 -j MARK --set-xmark 0x2c/0xffffffff
-A PREROUTING -s 172.16.1.40/32 -j MARK --set-xmark 0x2d/0xffffffff
-A PREROUTING -s 172.16.1.237/32 -j MARK --set-xmark 0x2e/0xffffffff
-A PREROUTING -s 172.16.1.238/32 -j MARK --set-xmark 0x2f/0xffffffff
-A PREROUTING -s 172.16.1.33/32 -j MARK --set-xmark 0x30/0xffffffff
-A PREROUTING -s 172.16.1.14/32 -j MARK --set-xmark 0x31/0xffffffff
-A PREROUTING -s 172.16.1.176/32 -d ! 172.16.1.0/24 -j MARK
--set-xmark 0x3c/0xffffffff
-A PREROUTING -s 172.16.1.88/32 -d ! 172.16.1.0/24 -j MARK --set-xmark
0x3d/0xffffffff
-A PREROUTING -s 172.16.1.89/32 -d ! 172.16.1.0/24 -j MARK --set-xmark
0x3e/0xffffffff
-A PREROUTING -s 172.16.1.62/32 -d ! 172.16.1.0/24 -j MARK --set-xmark
0x3f/0xffffffff
-A PREROUTING -s 172.16.1.20/32 -d ! 172.16.1.0/24 -j MARK --set-xmark
0x40/0xffffffff
-A PREROUTING -s 172.16.1.237/32 -d ! 172.16.1.0/24 -j MARK
--set-xmark 0x41/0xffffffff
-A POSTROUTING -s 172.16.1.176/32 -j MARK --set-xmark 0x32/0xffffffff
COMMIT
# Completed on Fri May 15 09:26:43 2009
# Generated by iptables-save v1.4.2 on Fri May 15 09:26:43 2009
*nat
:PREROUTING ACCEPT [204547:19407526]
:POSTROUTING ACCEPT [60126:3626055]
:OUTPUT ACCEPT [27528:1957117]
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 10089 -j
DNAT --to-destination 172.16.1.89:22
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 10089 -j
DNAT --to-destination 172.16.1.89:22
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 10011 -j
DNAT --to-destination 172.16.1.11:22
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 10011 -j
DNAT --to-destination 172.16.1.11:22
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 10021 -j
DNAT --to-destination 172.16.1.21:22
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 10021 -j
DNAT --to-destination 172.16.1.21:22
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8088 -j DNAT
--to-destination 172.16.1.10:80
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8088 -j DNAT
--to-destination 172.16.1.10:80
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8081 -j DNAT
--to-destination 172.16.1.11:80
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8081 -j DNAT
--to-destination 172.16.1.11:80
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 80 -j DNAT
--to-destination 172.16.1.15:80
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8080 -j DNAT
--to-destination 172.16.1.15:80
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 80 -j DNAT
--to-destination 172.16.1.15:80
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8080 -j DNAT
--to-destination 172.16.1.15:80
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8078 -j DNAT
--to-destination 172.16.1.18:80
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8078 -j DNAT
--to-destination 172.16.1.18:80
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8087 -j DNAT
--to-destination 172.16.1.25:80
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8087 -j DNAT
--to-destination 172.16.1.25:80
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8028 -j DNAT
--to-destination 172.16.1.28:80
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8028 -j DNAT
--to-destination 172.16.1.28:80
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8058 -j DNAT
--to-destination 172.16.1.30:80
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8058 -j DNAT
--to-destination 172.16.1.30:80
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8068 -j DNAT
--to-destination 172.16.1.14:80
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8068 -j DNAT
--to-destination 172.16.1.14:80
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8018 -j DNAT
--to-destination 172.16.1.40:80
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8018 -j DNAT
--to-destination 172.16.1.40:80
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 53 -j DNAT
--to-destination 172.16.1.237:53
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p udp -m udp --dport 53 -j DNAT
--to-destination 172.16.1.237:53
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 53 -j DNAT
--to-destination 172.16.1.237:53
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p udp -m udp --dport 53 -j DNAT
--to-destination 172.16.1.237:53
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 25 -j DNAT
--to-destination 172.16.1.238:25
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 110 -j DNAT
--to-destination 172.16.1.238:110
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 25 -j DNAT
--to-destination 172.16.1.238:25
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 110 -j DNAT
--to-destination 172.16.1.238:110
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8048 -j DNAT
--to-destination 172.16.1.33:80
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8048 -j DNAT
--to-destination 172.16.1.33:80
-A PREROUTING -d 200.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8038 -j DNAT
--to-destination 172.16.1.14:80
-A PREROUTING -d 189.xxx.xxx.xxx/xx -p tcp -m tcp --dport 8038 -j DNAT
--to-destination 172.16.1.14:80
-A POSTROUTING -s 172.16.1.0/24 -d ! 172.16.1.0/24 -j MASQUERADE
-A POSTROUTING -s 172.16.1.89/32 -j SNAT --to-source 200.150.233.14
-A POSTROUTING -s 172.16.1.11/32 -j SNAT --to-source 200.150.233.14
-A POSTROUTING -s 172.16.1.21/32 -j SNAT --to-source 200.150.233.14
-A POSTROUTING -s 172.16.1.10/32 -j SNAT --to-source 200.150.233.14
-A POSTROUTING -s 172.16.1.11/32 -j SNAT --to-source 200.150.233.14
-A POSTROUTING -s 172.16.1.15/32 -j SNAT --to-source 200.150.233.14
-A POSTROUTING -s 172.16.1.15/32 -j SNAT --to-source 200.150.233.14
-A POSTROUTING -s 172.16.1.18/32 -j SNAT --to-source 200.150.233.14
-A POSTROUTING -s 172.16.1.25/32 -j SNAT --to-source 200.150.233.14
-A POSTROUTING -s 172.16.1.28/32 -j SNAT --to-source 200.150.233.14
-A POSTROUTING -s 172.16.1.30/32 -j SNAT --to-source 200.150.233.14
-A POSTROUTING -s 172.16.1.14/32 -j SNAT --to-source 200.150.233.14
-A POSTROUTING -s 172.16.1.40/32 -j SNAT --to-source 200.150.233.14
-A POSTROUTING -s 172.16.1.237/32 -j SNAT --to-source 189.39.11.37
-A POSTROUTING -s 172.16.1.238/32 -j SNAT --to-source 189.39.11.37
-A POSTROUTING -s 172.16.1.33/32 -j SNAT --to-source 200.150.233.14
-A POSTROUTING -s 172.16.1.14/32 -j SNAT --to-source 200.150.233.14
-A POSTROUTING -s 172.16.1.176/32 -d ! 172.16.1.0/24 -j SNAT
--to-source 189.39.11.33
-A POSTROUTING -s 172.16.1.88/32 -d ! 172.16.1.0/24 -j SNAT
--to-source 189.39.11.33
-A POSTROUTING -s 172.16.1.89/32 -d ! 172.16.1.0/24 -j SNAT
--to-source 189.39.11.33
-A POSTROUTING -s 172.16.1.62/32 -d ! 172.16.1.0/24 -j SNAT
--to-source 189.39.11.33
-A POSTROUTING -s 172.16.1.20/32 -d ! 172.16.1.0/24 -j SNAT
--to-source 189.39.11.33
-A POSTROUTING -s 172.16.1.237/32 -d ! 172.16.1.0/24 -j SNAT
--to-source 189.39.11.33
COMMIT
# Completed on Fri May 15 09:26:43 2009
# Generated by iptables-save v1.4.2 on Fri May 15 09:26:43 2009
*filter
:INPUT DROP [16948:1929363]
:FORWARD DROP [185:10788]
:OUTPUT ACCEPT [37066:3711969]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 172.16.1.176/32 -j ACCEPT
-A INPUT -s 172.16.1.88/32 -j ACCEPT
-A INPUT -s 172.16.1.89/32 -j ACCEPT
-A INPUT -s 172.16.1.237/32 -j ACCEPT
-A INPUT -s 172.16.1.20/32 -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A FORWARD -p tcp -m limit --limit 1/sec -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 172.16.1.20/32 -j ACCEPT
-A FORWARD -s 172.16.1.135/32 -j ACCEPT
-A FORWARD -s 172.16.1.238/32 -j ACCEPT
-A FORWARD -d 172.16.1.89/32 -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -d 172.16.1.11/32 -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -d 172.16.1.21/32 -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -d 172.16.1.10/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 172.16.1.11/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 172.16.1.15/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 172.16.1.15/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 172.16.1.18/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 172.16.1.25/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 172.16.1.28/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 172.16.1.30/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 172.16.1.14/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 172.16.1.40/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 172.16.1.237/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -d 172.16.1.237/32 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -d 172.16.1.237/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -d 172.16.1.237/32 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -d 172.16.1.238/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A FORWARD -d 172.16.1.238/32 -p tcp -m tcp --dport 110 -j ACCEPT
-A FORWARD -d 172.16.1.33/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 172.16.1.14/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 172.16.1.10/32 -j ACCEPT
-A FORWARD -s 172.16.1.11/32 -j ACCEPT
-A FORWARD -s 172.16.1.12/32 -j ACCEPT
-A FORWARD -s 172.16.1.13/32 -j ACCEPT
-A FORWARD -s 172.16.1.14/32 -j ACCEPT
-A FORWARD -s 172.16.1.15/32 -j ACCEPT
-A FORWARD -s 172.16.1.16/32 -j ACCEPT
-A FORWARD -s 172.16.1.17/32 -j ACCEPT
-A FORWARD -s 172.16.1.18/32 -j ACCEPT
-A FORWARD -s 172.16.1.19/32 -j ACCEPT
-A FORWARD -s 172.16.1.20/32 -j ACCEPT
-A FORWARD -s 172.16.1.21/32 -j ACCEPT
-A FORWARD -s 172.16.1.22/32 -j ACCEPT
-A FORWARD -s 172.16.1.23/32 -j ACCEPT
-A FORWARD -s 172.16.1.24/32 -j ACCEPT
-A FORWARD -s 172.16.1.25/32 -j ACCEPT
-A FORWARD -s 172.16.1.26/32 -j ACCEPT
-A FORWARD -s 172.16.1.27/32 -j ACCEPT
-A FORWARD -s 172.16.1.28/32 -j ACCEPT
-A FORWARD -s 172.16.1.29/32 -j ACCEPT
-A FORWARD -s 172.16.1.30/32 -j ACCEPT
-A FORWARD -s 172.16.1.31/32 -j ACCEPT
-A FORWARD -s 172.16.1.32/32 -j ACCEPT
-A FORWARD -s 172.16.1.33/32 -j ACCEPT
-A FORWARD -s 172.16.1.34/32 -j ACCEPT
-A FORWARD -s 172.16.1.35/32 -j ACCEPT
-A FORWARD -s 172.16.1.36/32 -j ACCEPT
-A FORWARD -s 172.16.1.37/32 -j ACCEPT
-A FORWARD -s 172.16.1.38/32 -j ACCEPT
-A FORWARD -s 172.16.1.39/32 -j ACCEPT
-A FORWARD -s 172.16.1.40/32 -j ACCEPT
-A FORWARD -s 172.16.1.41/32 -j ACCEPT
-A FORWARD -s 172.16.1.42/32 -j ACCEPT
-A FORWARD -s 172.16.1.43/32 -j ACCEPT
-A FORWARD -s 172.16.1.44/32 -j ACCEPT
-A FORWARD -s 172.16.1.45/32 -j ACCEPT
-A FORWARD -s 172.16.1.46/32 -j ACCEPT
-A FORWARD -s 172.16.1.47/32 -j ACCEPT
-A FORWARD -s 172.16.1.48/32 -j ACCEPT
-A FORWARD -s 172.16.1.49/32 -j ACCEPT
-A FORWARD -s 172.16.1.50/32 -j ACCEPT
-A FORWARD -s 172.16.1.51/32 -j ACCEPT
-A FORWARD -s 172.16.1.52/32 -j ACCEPT
-A FORWARD -s 172.16.1.53/32 -j ACCEPT
-A FORWARD -s 172.16.1.54/32 -j ACCEPT
-A FORWARD -s 172.16.1.55/32 -j ACCEPT
-A FORWARD -s 172.16.1.56/32 -j ACCEPT
-A FORWARD -s 172.16.1.57/32 -j ACCEPT
-A FORWARD -s 172.16.1.58/32 -j ACCEPT
-A FORWARD -s 172.16.1.59/32 -j ACCEPT
-A FORWARD -s 172.16.1.60/32 -j ACCEPT
-A FORWARD -s 172.16.1.61/32 -j ACCEPT
-A FORWARD -s 172.16.1.62/32 -j ACCEPT
-A FORWARD -s 172.16.1.63/32 -j ACCEPT
-A FORWARD -s 172.16.1.64/32 -j ACCEPT
-A FORWARD -s 172.16.1.65/32 -j ACCEPT
-A FORWARD -s 172.16.1.66/32 -j ACCEPT
-A FORWARD -s 172.16.1.67/32 -j ACCEPT
-A FORWARD -s 172.16.1.68/32 -j ACCEPT
-A FORWARD -s 172.16.1.69/32 -j ACCEPT
-A FORWARD -s 172.16.1.70/32 -j ACCEPT
-A FORWARD -s 172.16.1.71/32 -j ACCEPT
-A FORWARD -s 172.16.1.72/32 -j ACCEPT
-A FORWARD -s 172.16.1.73/32 -j ACCEPT
-A FORWARD -s 172.16.1.74/32 -j ACCEPT
-A FORWARD -s 172.16.1.75/32 -j ACCEPT
-A FORWARD -s 172.16.1.76/32 -j ACCEPT
-A FORWARD -s 172.16.1.77/32 -j ACCEPT
-A FORWARD -s 172.16.1.78/32 -j ACCEPT
-A FORWARD -s 172.16.1.79/32 -j ACCEPT
-A FORWARD -s 172.16.1.80/32 -j ACCEPT
-A FORWARD -s 172.16.1.81/32 -j ACCEPT
-A FORWARD -s 172.16.1.82/32 -j ACCEPT
-A FORWARD -s 172.16.1.83/32 -j ACCEPT
-A FORWARD -s 172.16.1.84/32 -j ACCEPT
-A FORWARD -s 172.16.1.85/32 -j ACCEPT
-A FORWARD -s 172.16.1.86/32 -j ACCEPT
-A FORWARD -s 172.16.1.87/32 -j ACCEPT
-A FORWARD -s 172.16.1.88/32 -j ACCEPT
-A FORWARD -s 172.16.1.89/32 -j ACCEPT
-A FORWARD -s 172.16.1.90/32 -j ACCEPT
-A FORWARD -s 172.16.1.91/32 -j ACCEPT
-A FORWARD -s 172.16.1.92/32 -j ACCEPT
-A FORWARD -s 172.16.1.93/32 -j ACCEPT
-A FORWARD -s 172.16.1.94/32 -j ACCEPT
-A FORWARD -s 172.16.1.95/32 -j ACCEPT
-A FORWARD -s 172.16.1.96/32 -j ACCEPT
-A FORWARD -s 172.16.1.97/32 -j ACCEPT
-A FORWARD -s 172.16.1.98/32 -j ACCEPT
-A FORWARD -s 172.16.1.99/32 -j ACCEPT
-A FORWARD -s 172.16.1.0/24 -d 200.154.55.3/32 -p tcp -m tcp --dport
110 -j ACCEPT
-A FORWARD -s 172.16.1.0/24 -d 208.84.244.140/32 -p tcp -m tcp --dport
25 -j ACCEPT
-A FORWARD -s 172.16.1.176/32 -d ! 172.16.1.0/24 -j ACCEPT
-A FORWARD -s 172.16.1.88/32 -d ! 172.16.1.0/24 -j ACCEPT
-A FORWARD -s 172.16.1.89/32 -d ! 172.16.1.0/24 -j ACCEPT
-A FORWARD -s 172.16.1.62/32 -d ! 172.16.1.0/24 -j ACCEPT
-A FORWARD -s 172.16.1.20/32 -d ! 172.16.1.0/24 -j ACCEPT
-A FORWARD -s 172.16.1.237/32 -d ! 172.16.1.0/24 -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Fri May 15 09:26:43 2009

Esse wireshark eu não conheço, ele funciona via shell ? vou dar um olhada neles

> []'s
>           Junior Polegato
>
>
Reply to:
Follow-Ups:
- Re: IPTABLES
  - From: Junior Polegato - Linux <linux@juniorpolegato.com.br>
References:
- IPTABLES
  - From: Eduardo Lopes <du.lopes@gmail.com>
- Re: IPTABLES
  - From: Miguel Da Silva - URI <mdasilva@fing.edu.uy>
- Re: IPTABLES
  - From: Eduardo Lopes <du.lopes@gmail.com>
- Re: IPTABLES
  - From: Junior Polegato - Linux <linux@juniorpolegato.com.br>
- Re: IPTABLES
  - From: Eduardo Lopes <du.lopes@gmail.com>
- Re: IPTABLES
  - From: Junior Polegato - Linux <linux@juniorpolegato.com.br>
Prev by Date: Re: Ajuda com DNS - Como limpar o cache
Next by Date: Re: Linux e VIA Chrome 9 HC IGP
Previous by thread: Re: IPTABLES
Next by thread: Re: IPTABLES
Index(es):
- Date
- Thread