Re: Acesso externo com no-ip
Com isso, teu script teria que ficar assim:
#NAT DE SERVIÇO
iptables -t nat -A PREROUTING -p tcp -d $ETH1 --dport 8080 -j DNAT
--to 192.168.0.1:80
Em 18 de março de 2010 08:03, Thiago Silveira de Oliveira
<thiagocpv@ig.com.br> escreveu:
> Funciona.........nesse caso vc pode até inventar portas....
>
> 8080, 9090, 1010, e assim por diante.....
>
> [ ] ,
>
> Thiago
>
> Em 17 de março de 2010 21:34, Lista Debian <alanbrawdebian@gmail.com>
> escreveu:
>>
>> Então thiago.. e se eu mudar para a porta 8080?
>>
>>
>>
>> Sera que funciona?
>>
>>
>>
>> De: Thiago Silveira de Oliveira [mailto:thiagocpv@ig.com.br]
>> Enviada em: quarta-feira, 17 de março de 2010 20:10
>> Para: Catulo Hansen
>> Cc: Lista Debian; debian-user-portuguese@lists.debian.org
>> Assunto: Re: Acesso externo com no-ip
>>
>>
>>
>> Pessoal.....
>>
>> A telefonica bloqueia trafego entrante em conexoes ADSL HOME, ou seja as
>> portas 21,25,80 e 110 sao bloqueadas justamente para o cidadão não fazer
>> "servidor" com ele.
>>
>> [ ] ,
>>
>> Thiago
>>
>>
>> Em 17 de março de 2010 18:34, Catulo Hansen <catulok@gmail.com> escreveu:
>>
>> Tú tem que carregar os seguintes módulos no teu script:
>>
>> modprobe ip_tables
>> modprobe iptable_nat
>> modprobe ip_nat_ftp
>> modprobe ip_conntrack_ftp
>>
>> Em 17 de março de 2010 17:18, Lista Debian <alanbrawdebian@gmail.com>
>> escreveu:
>> > #Variavel
>> > Coloquei essas linhas conforme vc falo mas parece que agora esta dando
>> > erro
>> > no iptables. Vou pegar as logs
>> >
>> >
>> >
>> > ETH1=`ifconfig eth1 |grep "inet end" |cut -d: -f2|cut -d" " -f2`
>> >
>> > #NAT DE SERVIÇO
>> > iptables -t nat -A PREROUTING -p tcp -d $ETH1 --dport 80 -j DNAT --to
>> > 192.168.0.1:80
>> >
>> >
>> >
>> >
>> > -----Mensagem original-----
>> > De: Catulo Hansen [mailto:catulok@gmail.com]
>> > Enviada em: quarta-feira, 17 de março de 2010 16:54
>> > Para: Lista Debian
>> > Cc: debian-user-portuguese@lists.debian.org
>> > Assunto: Re: Acesso externo com no-ip
>> >
>> > Adicione no seu script:
>> > #Variavel
>> > ETH1=`ifconfig eth1 |grep "inet end" |cut -d: -f2|cut -d" " -f2`
>> >
>> > #NAT DE SERVIÇO
>> > iptables -t nat -A PREROUTING -p tcp -d $ETH1 --dport 80 -j DNAT --to
>> > IPSERVIDORAPACHE:80
>> >
>> > Em 17 de março de 2010 15:43, Lista Debian <alanbrawdebian@gmail.com>
>> > escreveu:
>> >> Srs. Ainda sou leigo no assunto. Estou tentando configura o no –ip para
>> >> acessa o meu apache.. o acesso interno funciona perfeitamente.
>> >> http://bmxdebian.no-ip.biz ; ele até responde aos ping.. mas quando
>> >> tendo
>> > o
>> >> acesso externo não vai nem responde aos pings..
>> >>
>> >>
>> >>
>> >> Segue a baixo as configurações no meu iptables.
>> >>
>> >>
>> >>
>> >> OBS: eth0 => rede interna eth1=> mondem ADSL speedy
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> #!bin/bash
>> >>
>> >> iptables -F
>> >>
>> >> iptables -F INPUT
>> >>
>> >> iptables -F OUTPUT
>> >>
>> >> iptables -F POSTROUTING -t nat
>> >>
>> >> iptables -F PREROUTING -t nat
>> >>
>> >>
>> >>
>> >> # echo 1 > /proc/sys/net/ipv4/ip_forward
>> >>
>> >> # iptables -P FORWARD ACCEPT
>> >>
>> >> # iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth1 -j
>> >> MASQUERADE
>> >>
>> >>
>> >>
>> >> # PROXY TRANSTPARENTE
>> >>
>> >> echo 1 > /proc/sys/net/ipv4/ip_forward
>> >>
>> >> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
>> >>
>> >> iptables -t nat -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp
>> >> --dport
>> > 80
>> >> -j REDIRECT --to-port 3128
>> >>
>> >>
>> >>
>> >> # Webmin
>> >>
>> >> iptables -A INPUT -t tcp --dport 10000 -j ACCEPT
>> >>
>> >>
>> >>
>> >> # Libera FTP
>> >>
>> >> iptables -t filter -A INPUT -i eth1 -p tcp -m multiport --dports 21,20
>> >> -j
>> >> ACCEPT
>> >>
>> >> iptables -t filter -A INPUT -i eth1 -p udp -m multiport --sports 21,20
>> >> -j
>> >> ACCEPT
>> >>
>> >>
>> >>
>> >> iptables -A INPUT -i lo -j ACCEPT
>> >>
>> >> iptables -A INPUT -i eth1 -j ACCEPT
>> >>
>> >>
>> >>
>> >> # Libera SSH
>> >>
>> >> iptables -A INPUT -p tcp --dport 22 -j ACCEPT
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> # Port scanners ocultos
>> >>
>> >> iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit
>> > --limit
>> >> 1/s -j ACCEPT
>> >>
>> >>
>> >>
>> >> # Ping da morte
>> >>
>> >> iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit
>> >> 1/s
>> > -j
>> >> ACCEPT
>> >>
>> >>
>> >>
>> >>
>> >
>> >
>> >
>> > --
>> > -
>> > Atencionamente,
>> >
>> > Catulo Kruuse Hansen
>> > Analista de Suporte
>> > Procuradoria Geral do Estado do Ceará
>> > catulohansen.blogspot.com
>> > No virus found in this incoming message.
>> > Checked by AVG - www.avg.com
>> > Version: 8.5.436 / Virus Database: 271.1.1/2752 - Release Date: 03/17/10
>> > 07:33:00
>> >
>> >
>>
>>
>>
>> --
>> -
>> Atencionamente,
>>
>> Catulo Kruuse Hansen
>> Analista de Suporte
>> Procuradoria Geral do Estado do Ceará
>> catulohansen.blogspot.com
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-user-portuguese-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact
>> listmaster@lists.debian.org
>> Archive:
>> [🔎] 85da0e3a1003171434n539c2fe8xe186778d3aa43f4b@mail.gmail.com">http://lists.debian.org/[🔎] 85da0e3a1003171434n539c2fe8xe186778d3aa43f4b@mail.gmail.com
>>
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG - www.avg.com
>> Version: 8.5.436 / Virus Database: 271.1.1/2752 - Release Date: 03/17/10
>> 07:33:00
>
--
-
Atencionamente,
Catulo Kruuse Hansen
Analista de Suporte
Procuradoria Geral do Estado do Ceará
catulohansen.blogspot.com
Reply to: