Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Configuração de redes e firewall

    Hochgeladen von

    wilxavier
    775 Ansichten4 Seiten

    Originaltitel

    Ebnet+Internet

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    TXT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    775 Ansichten4 Seiten

    Configuração de redes e firewall

    Hochgeladen von

    wilxavier

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 4

    eth0 10.57.88.

    10 redelocal
    eth1 200.xx.xx.xx ehtinternet
    eth2 10.xx.xx.xx eth ebnet

    # The loopback network interface


    auto lo
    iface lo inet loopback
    allow-hotplug eth0
    iface eth0 inet static
    address 10.57.88.10
    netmask 255.255.252.0
    network 10.57.88.0
    broadcast 10.57.91.255
    dns-nameservers 10.67.4.34 10.56.84.54 201.10.128.3 201.10.1.2
    ###########################################
    allow-hotplug eth1
    iface eth1 inet static
    address 200.xx.xx.xx
    netmask 255.255.255.224
    network 200.xx.xx.xx
    broadcast 200.xx.xx.xx
    gateway xx.xx.xx.65
    dns-nameservers 201.10.128.3 201.10.1.2

    #######################################
    allow-hotplug eth2
    iface eth2 inet static
    address 10.144.62.2
    netmask 255.255.255.0
    network 10.144.62.0
    broadcast 10.144.62.255
    #gateway 10.144.62.1
    dns-nameservers 10.56.84.54 10.67.4.34

    quem so vai possuir gateway sera a ethinternet


    dentro da arquivo rc.local adicione esse comando abaixo para iniciar junto com o
    sistema
    route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.144.62.1
    exit 0
    tudo que vo de 10 saira pela eth2 que e a intranet e o resto que for de internet
    saira pela eth1 que e ainternet e o no squid .conf adicione os dns da ebnet e o
    da velox o cache do squid que fara o roteamento dos sites se eli e da internet
    ou da ebnet
    pode tbem configurar no resolv.conf
    e da i seguinte comando /etc/init.d/squid reload || true que ira adicionar no ca
    che do squid os dns tbem
    e no seu firewal
    echo "Habilitando passagem de pacotes!"
    echo 1 > /proc/sys/net/ipv4/ip_forward]
    # Primeiro, ativar o mascaramento (nat).
    echo "Ativando mascaramento"
    iptables -t nat -A POSTROUTING -o $ethinternet -j MASQUERADE
    iptables -t nat -A POSTROUTING -s $ipadm -o $internet -j SNAT --to $ippublico
    iptables -t nat -A POSTROUTING -s $redelocalCIA -o $ethinternet -j SNAT --to $ip
    publico
    mascaramento somente na eth1
    quem nao esta acessando siafi

    echo "Liberando FORWARD para porta SIAFI......................[OK]"


    #iptables -A FORWARD -s $redelocalCIA -d $Siafi -p tcp -m multiport --destinatio
    n-port $siafi1,$siafi2,$siafi3,$siafi4 -j ACCEPT
    #iptables -A FORWARD -i $ethinternet -s $Siafi -d $redelocalCIA -p tcp -m multip
    ort --source-port $siafi1,$siafi2,$siafi3,$siafi4 -m state --state ESTABLISHED -
    j ACCEPT
    #iptables -A FORWARD -p tcp --dport 23000 -j ACCEPT
    #iptables -A FORWARD -p tcp --dport 8999 -j ACCEPT
    #iptables -A FORWARD -p tcp --dport 663 -j ACCEPT
    iptables -A FORWARD -p tcp --dport 2809 -j ACCEPT
    iptables -A FORWARD -s $redelocalCIA -d 10.67.4.20 -j ACCEPT
    #echo "FORWARD para porta SIAFI......................[OK]"

    #POP,SMTP,IMAP,SIAFI,SPP (acesso intranet -> internet)


    #iptables -t nat -A POSTROUTING -s 10.57.88.0/22 -p tcp -m multiport --dport 130
    00,13001,13002,13003,13004,13005 -j MASQUERADE
    iptables -t nat -A POSTROUTING -s 10.57.88.0/22 -p tcp -m multiport --dport 2809
    ,25,110,143,587,13352,13353,31521,3456,4661,8080,8999,23000,40960,5222 -j MASQUE
    RADE
    iptables -t nat -A POSTROUTING -s 10.57.88.0/22 -p udp -m multiport --dport 1300
    0,5060,10000,16000,10632,1571,5060 -j MASQUERADE
    iptables -A INPUT -p tcp --destination-port 8000:65535 -j ACCEPT

    #Liberando portas da SERPRO


    #iptables -t nat -I POSTROUTING -o $ethinternet -p tcp -d 161.148.40.200/255.255
    .255.255 --dport 23000 -j MASQUERADE
    iptables -A FORWARD -i $ethlocalCIA -s $redelocalCIA -d 0.0.0.0/0 -p tcp --dport
    23000 -j ACCEPT
    iptables -A FORWARD -i $ethlocalCIA -s $redelocalCIA -d 0.0.0.0/0 -p tcp --dport
    8999 -j ACCEPT
    iptables -A FORWARD -i $ethlocalCIA -s $redelocalCIA -d 0.0.0.0/0 -p tcp --dport
    3456 -j ACCEPT
    iptables -A FORWARD -i $ethlocalCIA -s $redelocalCIA -d 0.0.0.0/0 -p tcp --dport
    4661 -j ACCEPT
    iptables -A FORWARD -i $ethlocalCIA -s $redelocalCIA -d 0.0.0.0/0 -p tcp --dport
    15352 -j ACCEPT
    iptables -A FORWARD -i $ethlocalCIA -s $redelocalCIA -d 0.0.0.0/0 -p tcp --dport
    15353 -j ACCEPT
    iptables -A FORWARD -i $ethlocalCIA -s $redelocalCIA -d 0.0.0.0/0 -p tcp --dport
    5222 -j ACCEPT
    no squid.conf esta assim
    acl SSL_ports port 443 563 # https, snews
    acl SSL_ports port 2809 # sppc
    acl SSL_ports port 1394 5222 # sppc
    acl SSL_ports port 873 80 # rsync
    acl SSL_ports port 3456 8088 4661 8999 23000 # SERPRO ENERSUL
    acl SSL_ports port 13352 8080 500 443 13353 # Sirf e SPP
    acl SSL_ports port 13000 13001 13002 13003 13004 13005 # DCEM DAPROM DSM DCIP DS
    AU
    acl SSL_ports port 35280 #Laudo HMil
    acl SSL_ports port 443 563 9090 # https, snews
    acl SSL_ports port 873 # rsync
    acl Safe_ports port 13000 13001 13002 13003 13004 13005 # DCEM DAPROM DSM DCIP D
    SAU
    acl Safe_ports port 21 5222 # ftp
    acl Safe_ports port 20 # ftp
    acl Safe_ports port 2809 # spp
    acl Safe_ports port 1394 9090 # spp
    acl Safe_ports port 53 # DNS
    acl Safe_ports port 25 8088 13352 8080 500 443 13353 # smtp ENERSUL Sirf e SPP
    acl Safe_ports port 80 # http
    acl Safe_ports port 110 # pop3
    acl Safe_ports port 143 # Imap2
    acl Safe_ports port 1863 #messenger
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 465 # email do gabinete do comando
    acl Safe_ports port 873 # rsync
    acl Safe_ports port 993 # imaps
    acl Safe_ports port 995 # pop3s
    acl Safe_ports port 663 # SERPRO
    acl Safe_ports port 4661 # SERPRO
    acl Safe_ports port 8999 # SERPRO
    acl Safe_ports port 23000 # SERPRO
    acl Safe_ports port 3456 # RECEITANET
    acl Safe_ports port 10000 # VPN
    acl Safe_ports port 51 # VPM
    acl Safe_ports port 1723 # VPN
    acl Safe_ports port 50 # VPN
    acl Safe_ports port 500 # VPN
    acl Safe_ports port 4500 # VPN
    acl Safe_ports port 40960 8080 #
    acl Safe_ports port 1521 #
    acl Safe_ports port 44444
    acl Safe_ports port 44718
    acl Safe_ports port 13353
    acl Safe_ports port 2631 # Conectividade Social
    acl Safe_ports port 3306
    acl Safe_ports port 13352 8080 500 443 # Sirf e SPP
    acl Safe_ports port 13353
    acl Safe_ports port 5060 5222 10000 16000
    acl Safe_ports port 1787 1790 1853
    acl Safe_ports port 7000
    acl Safe_ports port 3100 # audio-rtp
    acl Safe_ports port 3101 # audio rtcp
    acl Safe_ports port 3102 # video rtp
    acl Safe_ports port 3103 # video rtcp
    acl Safe_ports port 3104 # decc rtp
    acl Safe_ports port 3105 # fecc rtcp
    acl Safe_ports port 3106 # data conference rtp
    acl Safe_ports port 3107 # data conference rtcp
    acl Safe_ports port 49152 49153 # audio rtcp
    acl Safe_ports port 49154 # video rtp
    acl Safe_ports port 49155 # video rtcp
    acl Safe_ports port 49156 # fecc rtp
    acl Safe_ports port 49157 # fecc rtcp
    acl Safe_ports port 49158 # DATA CONFERENCE RTP
    acl Safe_ports port 49159 # DATA CONFERENCE RTCP
    acl Safe_ports port 1719 # RAS
    acl Safe_ports port 1719 1718 # RAS
    acl Safe_ports port 3000 3010 # Q391 DIAL
    acl Safe_ports port 1720 # Q391 ANSEWER
    acl Safe_ports port 2253 2255 # RAS Q391 H 245
    acl Safe_ports port 3000 3010 # H245

    Das könnte Ihnen auch gefallen