[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Acesso externo com no-ip

Ola Amigo.. esta dando erro no Iptables.. o que pode ser..


iptables -t nat -A PREROUTING -p tcp -d $ETH1 --dport 8080 -j DNAT
--to 192.168.0.1:80

Bad argument `8080'
Try `iptables -h' or 'iptables --help' for more information.




Em 18 de março de 2010 13:49, Catulo Hansen <catulok@gmail.com> escreveu:
> Não. O apache ainda vai ficar ouvindo na porta 80, quando a requisição
> chegar na porta 8080 o teu firewall através da regra de NAT vai
> redirecionar a requisição para porta 80 do apache.
>
> Em 18 de março de 2010 09:58, Lista Debian <alanbrawdebian@gmail.com> escreveu:
>> Catulo Hansen.. me tira uma duvida..
>> Com esse scrip não vai ser necessário mudar o aquivo ports.conf do apache2?
>>
>> Abraço.
>>
>> Att: Alan
>>
>> -----Mensagem original-----
>> De: Catulo Hansen [mailto:catulok@gmail.com]
>> Enviada em: quinta-feira, 18 de março de 2010 08:22
>> Para: Thiago Silveira de Oliveira
>> Cc: Lista Debian; debian-user-portuguese@lists.debian.org
>> Assunto: Re: Acesso externo com no-ip
>>
>> Com isso, teu script teria que ficar assim:
>> #NAT DE SERVIÇO
>> iptables -t nat -A PREROUTING -p tcp -d $ETH1 --dport 8080 -j DNAT
>> --to 192.168.0.1:80
>>
>> Em 18 de março de 2010 08:03, Thiago Silveira de Oliveira
>> <thiagocpv@ig.com.br> escreveu:
>>> Funciona.........nesse caso vc pode até inventar portas....
>>>
>>> 8080, 9090, 1010, e assim por diante.....
>>>
>>> [ ] ,
>>>
>>> Thiago
>>>
>>> Em 17 de março de 2010 21:34, Lista Debian <alanbrawdebian@gmail.com>
>>> escreveu:
>>>>
>>>> Então thiago.. e se eu mudar para a porta 8080?
>>>>
>>>>
>>>>
>>>> Sera que funciona?
>>>>
>>>>
>>>>
>>>> De: Thiago Silveira de Oliveira [mailto:thiagocpv@ig.com.br]
>>>> Enviada em: quarta-feira, 17 de março de 2010 20:10
>>>> Para: Catulo Hansen
>>>> Cc: Lista Debian; debian-user-portuguese@lists.debian.org
>>>> Assunto: Re: Acesso externo com no-ip
>>>>
>>>>
>>>>
>>>> Pessoal.....
>>>>
>>>> A telefonica bloqueia trafego entrante em conexoes ADSL HOME, ou seja as
>>>> portas 21,25,80 e 110 sao bloqueadas justamente para o cidadão não fazer
>>>> "servidor" com ele.
>>>>
>>>> [ ] ,
>>>>
>>>> Thiago
>>>>
>>>>
>>>> Em 17 de março de 2010 18:34, Catulo Hansen <catulok@gmail.com> escreveu:
>>>>
>>>> Tú tem que carregar os seguintes módulos no teu script:
>>>>
>>>> modprobe ip_tables
>>>> modprobe iptable_nat
>>>> modprobe ip_nat_ftp
>>>> modprobe ip_conntrack_ftp
>>>>
>>>> Em 17 de março de 2010 17:18, Lista Debian <alanbrawdebian@gmail.com>
>>>> escreveu:
>>>> > #Variavel
>>>> > Coloquei essas linhas conforme vc falo mas parece que agora esta dando
>>>> > erro
>>>> > no iptables. Vou pegar as logs
>>>> >
>>>> >
>>>> >
>>>> > ETH1=`ifconfig eth1 |grep "inet end" |cut -d: -f2|cut -d" " -f2`
>>>> >
>>>> > #NAT DE SERVIÇO
>>>> > iptables -t nat -A PREROUTING -p tcp -d $ETH1 --dport 80 -j DNAT --to
>>>> > 192.168.0.1:80
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > -----Mensagem original-----
>>>> > De: Catulo Hansen [mailto:catulok@gmail.com]
>>>> > Enviada em: quarta-feira, 17 de março de 2010 16:54
>>>> > Para: Lista Debian
>>>> > Cc: debian-user-portuguese@lists.debian.org
>>>> > Assunto: Re: Acesso externo com no-ip
>>>> >
>>>> > Adicione no seu script:
>>>> > #Variavel
>>>> > ETH1=`ifconfig eth1 |grep "inet end" |cut -d: -f2|cut -d" " -f2`
>>>> >
>>>> > #NAT DE SERVIÇO
>>>> > iptables -t nat -A PREROUTING -p tcp -d $ETH1 --dport 80 -j DNAT --to
>>>> > IPSERVIDORAPACHE:80
>>>> >
>>>> > Em 17 de março de 2010 15:43, Lista Debian <alanbrawdebian@gmail.com>
>>>> > escreveu:
>>>> >> Srs. Ainda sou leigo no assunto. Estou tentando configura o no –ip
>> para
>>>> >> acessa o meu apache.. o acesso interno funciona perfeitamente.
>>>> >>  http://bmxdebian.no-ip.biz ; ele até responde aos ping.. mas quando
>>>> >> tendo
>>>> >  o
>>>> >> acesso externo não vai nem responde aos pings..
>>>> >>
>>>> >>
>>>> >>
>>>> >> Segue a baixo as configurações no meu iptables.
>>>> >>
>>>> >>
>>>> >>
>>>> >> OBS: eth0 => rede interna  eth1=>  mondem ADSL speedy
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >> #!bin/bash
>>>> >>
>>>> >>  iptables -F
>>>> >>
>>>> >>  iptables -F INPUT
>>>> >>
>>>> >>  iptables -F OUTPUT
>>>> >>
>>>> >>  iptables -F POSTROUTING -t nat
>>>> >>
>>>> >>  iptables -F PREROUTING -t nat
>>>> >>
>>>> >>
>>>> >>
>>>> >> # echo 1 > /proc/sys/net/ipv4/ip_forward
>>>> >>
>>>> >> # iptables -P FORWARD ACCEPT
>>>> >>
>>>> >> # iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth1 -j
>>>> >> MASQUERADE
>>>> >>
>>>> >>
>>>> >>
>>>> >> # PROXY TRANSTPARENTE
>>>> >>
>>>> >> echo 1 > /proc/sys/net/ipv4/ip_forward
>>>> >>
>>>> >> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
>>>> >>
>>>> >> iptables -t nat -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp
>>>> >> --dport
>>>> > 80
>>>> >> -j REDIRECT --to-port 3128
>>>> >>
>>>> >>
>>>> >>
>>>> >> # Webmin
>>>> >>
>>>> >> iptables -A INPUT -t tcp --dport 10000 -j ACCEPT
>>>> >>
>>>> >>
>>>> >>
>>>> >> # Libera FTP
>>>> >>
>>>> >> iptables -t filter -A INPUT -i eth1 -p tcp -m multiport --dports 21,20
>>>> >> -j
>>>> >> ACCEPT
>>>> >>
>>>> >> iptables -t filter -A INPUT -i eth1 -p udp -m multiport --sports 21,20
>>>> >> -j
>>>> >> ACCEPT
>>>> >>
>>>> >>
>>>> >>
>>>> >> iptables -A INPUT -i lo -j ACCEPT
>>>> >>
>>>> >> iptables -A INPUT -i eth1 -j ACCEPT
>>>> >>
>>>> >>
>>>> >>
>>>> >> # Libera SSH
>>>> >>
>>>> >> iptables -A INPUT -p tcp --dport 22 -j ACCEPT
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >> # Port scanners ocultos
>>>> >>
>>>> >> iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit
>>>> > --limit
>>>> >> 1/s -j ACCEPT
>>>> >>
>>>> >>
>>>> >>
>>>> >> # Ping da morte
>>>> >>
>>>> >> iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit
>>>> >> 1/s
>>>> > -j
>>>> >> ACCEPT
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> > -
>>>> > Atencionamente,
>>>> >
>>>> > Catulo Kruuse Hansen
>>>> > Analista de Suporte
>>>> > Procuradoria Geral do Estado do Ceará
>>>> > catulohansen.blogspot.com
>>>> > No virus found in this incoming message.
>>>> > Checked by AVG - www.avg.com
>>>> > Version: 8.5.436 / Virus Database: 271.1.1/2752 - Release Date:
>> 03/17/10
>>>> > 07:33:00
>>>> >
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> -
>>>> Atencionamente,
>>>>
>>>> Catulo Kruuse Hansen
>>>> Analista de Suporte
>>>> Procuradoria Geral do Estado do Ceará
>>>> catulohansen.blogspot.com
>>>>
>>>>
>>>> --
>>>> To UNSUBSCRIBE, email to debian-user-portuguese-REQUEST@lists.debian.org
>>>> with a subject of "unsubscribe". Trouble? Contact
>>>> listmaster@lists.debian.org
>>>> Archive:
>>>>
>> http://lists.debian.org/85da0e3a1003171434n539c2fe8xe186778d3aa43f4b@mail.gm
>> ail.com
>>>>
>>>>
>>>>
>>>> No virus found in this incoming message.
>>>> Checked by AVG - www.avg.com
>>>> Version: 8.5.436 / Virus Database: 271.1.1/2752 - Release Date: 03/17/10
>>>> 07:33:00
>>>
>>
>>
>>
>> --
>> -
>> Atencionamente,
>>
>> Catulo Kruuse Hansen
>> Analista de Suporte
>> Procuradoria Geral do Estado do Ceará
>> catulohansen.blogspot.com
>> No virus found in this incoming message.
>> Checked by AVG - www.avg.com
>> Version: 8.5.436 / Virus Database: 271.1.1/2754 - Release Date: 03/18/10
>> 07:33:00
>>
>>
>
>
>
> --
> -
> Atencionamente,
>
> Catulo Kruuse Hansen
> Analista de Suporte
> Procuradoria Geral do Estado do Ceará
> catulohansen.blogspot.com
>
Reply to: