Comunidade IPCOP-BR
Setembro 07 2010 23:06:01
Navegação
· Principal
· Artigos
· FAQ
· Forum
· Contato
· Busca
· Chatroom
Usuários Online
· Visitantes Online: 2

· Membros Online: 0

· Membros Registrados: 803
· Mais Novo Membro: rofWeargo
Tópicos do Fórum
Últimos Tópicos
· Carrie Prejean **** ...
· Sem acesso a WEBGUI ...
· Layer 7 + IPCOP 1.4.21
· Tamanho do Cache
· Internet muito lenta
Tópicos Populares
· IPCOP V2 - Vers?o... [23]
· Impedir que o ipc... [21]
· Instalo o IPCOP m... [19]
· Bloquear MSN [14]
· Redirecionamento ... [14]
xanax addiction and withdrawal xanax afterlife injecting shooting up xanax xanax codeine interaction ways to take xanax articals on xanax xanax and prozac pink oval pill 17 xanax identification xanax and valium cheap xanax overnight xanax epigastric pain xanax anxiety packge insert discount xanax pictures of xanax doses get xanax no rx needed peaches xanax xanax street prices generic xanax online no prescription required xanax and kidenys xanax tab 0.5mg quality care xanax detox program xanax and ambien sideaffects 2 online u view xanax buy xanax online no prior prescription benzodiazepine xanax cod xanax no prescription xanax using paypal xanax 1 mg xanax withdrawal headache xanax generic brand onset time of oral xanax xanax abdominal pain what is similar to xanax xanax 0.5 xanax vs clodopins what is it xanax contraindications herbs homeopathic valium xanax vs xanax breast feeding xanax and mastercard xanax online without prescription buy xanax online c o d buy cheap xanax at kalesaedu org apple cider vinegar and xanax need for xanax xanax no script xanax ambien interactions contraindications between xanax and wellbutrin xanax doctor online buy cheap xanax without prescription 4 prescription walmart xanax xanax bar song lyrics buy xanax pharmacy overnight xanax hair signs of xanax use xanax alcohol death cheap prescription cheap online prescription xanax xanax in pregnancy xanax suicide generic xanax no prescription xanax valium quick does like look xanax online xanax 2mg sent to california get doctor to give me xanax order xanax cod panic attack dosage for xanax xanax euphoria consultation online physician xanax xanax on line prescription buy no prescription xanax xanax delivered with cash on delivery xanax pill identification brand name xanax online 2mg buy xanax and ambien onlie xanax on line no prescription effects long term xanax xanax alcohol combined xanax order buy site xanax tylenol and xanax xanax from online pharmacy mixing dxm and xanax mgs of xanax buy card master online xanax 2mg xanax overnight shipping what class of drug is xanax xanax tapering cheap generic xanax xanax withouth perscription xanax u s pharmacy xanax 2 mg on line cheap valium clonipin xanax klonopin or xanax xanax interaction with oxycodone is klonopin stronger then xanax mixing ambien and xanax and lexapro dose due to xanax overdose xanax retard xanax online overnight sh effectiveness of xanax on panic risperdal and xanax interaction which is better xanax or klonopin weight gain on xanax history of xanax cod only xanax xanax after thyroid surgery xanax online no consultation xanax drug test time xanax us pharmacy prescription xanax online overnight delivery buy xanax without prescription overnight delivery xanax treatment xanax used for antimetic xanax next day delivery gg 257 xanax xanax can cause depression xanax buy online cheap overnight delivery duration of xanax in urine screen ambien versus xanax xanax sticks over dose xanax white bar xanax xanax foamy urine xanax weight gain with 2684v and xanax leal xanax getting high xanax xanax weight gain recreational use of xanax cheap generic xanax without prescription mylan a1 xanax xanax 2 mg upjohn long bars xanax xanax xanax drug sheet no prescribtion xanax xanax anonamous generic xanax online pictures of xanax bars xanax strengths and doses xanax detox medicine xanax xr 2 mg xanax 2mg online mastercard accepted xanax order pharmacy injecting xanax tablets xanax cod overnight delivery order fda approved xanax drugs online xanax abuse stats xanax overnight delivery guaranteed xanax effects and drug interactions delivered no overnight prescription xanax xanax 0.5mg xanax and grapefruit seed extract xanax 2mg picture xanax panic attacks hydrocodone and xanax oval xanax xanax and heart problems buy xanax bars online xanax master card photo of 2 mg xanax keyword xanax interaction between xanax and prozac xanax induced psychosis wellbutrin xl alcohol xanax generic xanax xr vicodin xanax interaction xanax for deprssion generic xanax 32 reactions from xanax buy xanax without prescription xanax no perscription master card fedex shipped xanax clonazepam xanax buy generic xanax heroin xanax bars ambien and xanax buy xanax legally online xanax without a prescrption xanax .25 mil valium or xanax to treat dystonia xanax free consultation does xanax show up on dru liquid xanax recipe cheap xanax 32 can u take xanax while pregnant xanax from canada no prescription doses for xanax can you take paxil xanax together buy consultation free overnight xanax mixing ambien and xanax xanax no perscription master card paypal xanax under the tongue xanax and preganancy coumadin with xanax ketamine quaaludes xanax mdma lsd rohypnol xanax gaba receptors what does xanax pill look like xanax opiates what is xanax for online prescription for xanax on-line doctors who will prescribe xanax valuim and xanax hydrocodone and xanax with mastercard buy xanax from south america xanax dosage pictures where can i buy generic xanax xanax 2mg bar information drug information xanax xanax xr picture xanax and weight gain ativan xanax effects of long term xanax use buy xanax 2mg get high on xanax xanax sulfa xanax fear of needles u s pharmacies online with xanax buy xanax no rx cialis levitra xanax us approved pharmacies buy 2mg xanax no prescription carisoprodol xanax xanax reaction symptoms main line xanax 2 mg xanax bars xanax strenght doses administration xanax mixed opiates 2mg yellow xanax xanax detectable drug screen medications for xanax abuse xanax wi overnight delivery on xanax no rx needed generic xanax overnight xanax long stays system is xanax or klonopin stronger drug testing xanax zanax or xanax xanax 2 mg bars xanax chemical structure xanax pill pictures doctors prescribing xanax recommended online pharmacy adipex amp xanax name for generic xanax xanax pt opinions online doctors perscriptions xanax steroids official site xanax cheap 2 mg xanax buy xanax by check xanax and cats xanax pharmarcy xanax contraindications supplements xanax anxiety disorders xanax free consultation overnight delivery cheap online order xanax xanax pill path xanax order xanax overnight shipping xanax expierences dependency xanax xanax addition xanax or alprazolam overnight delivery buy xanax with rx xanax picture .25 .5 picture xanax mixed with does xanax contain maoi detox body from xanax xanax on line without rx xanax to sleep drug screen xanax what is xanax trusted pharmacy catalog xanax dizziness central il xanax what is xanax rss feed xanax bars mg xanax memory loss mg xanax order xanax from south america xanax safe in pregnancy xanax ativan and valium in pregnancy doctors who prescribe xanax san benardino xanax and nausea detox rehabilitation xanax forms of alprozalom xanax can you take benaderl with xanax xanax directions for use xanax 2c guaranteed overnight delivery buying online rx without xanax xanax 2 wider than normal no scrip xanax xanax injected online pharmacy for xanax xanax hiatal hernia fake xanax from greece history of the xanax can xanax cause fasiculations xanax and bipolar 2 mg xanax fedex delivery xanax effect time xanax usa online prescription top rated prescription free xanax xanax from uk xanax xr generic willy moderator rx xanax canine xanax xanax buy domain xanax atspace org xanax depakote xanax treatment menopause symptoms of addictions to xanax will xanax lower blood pressure xanax identification effcts of xanax and lunesta mixed xanax one day delivery buy xanax without prescri buy xanax we accept money orders methedone and xanax xanax overnight cod delivery xanax canine xanax costa rico what to take to intensify xanax xanax purchase with mastercard warfarin xanax xanax on line with out prescription xanax day delivery time xanax online no prescription xanax hotline buy side viagra xanax what color pill is a xanax xanax highs is xanax a mao xanax symptom nausea xanax and sleep aids yellow xanax bar generic xanax overnight delivery no prescription xanax by mail pictures of mylan xanax herbal substitutes for xanax xanax cheap mexico brazil quality care xanax valium xanax ativan xanax adverse side effects can dogs take xanax safe to mix ativan and xanax xanax online consultation ambien re vs xanax different mgs of xanax xanax fedex shipping method safe inject xanax aprazolam drug internet xanax mental illness cause by xanax taking darvocet and xanax buy xanax online no prescription xanax pill with 249 on it xanax shapes and miligrams public speaking phobia xanax dose xanax cat side affects from xanax buy xanax cash xanax and pseudoephidrine xanax length of time in body xanax pill color no online pharmacy prescription xanax xanax alprazolam xanax 2mg online buy xanax overnght 2mg xanax no prescribtion xanax drug test residue contraindications to xanax sleepwell herbal xanax duran duran lady xanax lyrics 2006 chat gastenboek hotmail site xanax duration of xanax withdrawal imuran and xanax xanax 5 babies born with xanax withdrawals xanax 10 mg number of us people on xanax xanax detection time cheapest xanax can you snort xanax dangers of xanax bars and vicodin adderall xanax combo xanax overdose affter effects xanax drug testing times xanax order no prescription xanax xr 5 mg addiction recovery xanax xanax tablets xanax dosage for vasovagal syncope no prescription requred for xanax purchase xanax without prescription images xanax or alprolozam side efects of xanax deroxat xanax refusal to take medicine xanax what it looks like fear flying xanax difference between clonopin and xanax xanax estrogen xanax overdose suicide overnight delivery of xanax drug interaction cocaine xanax xanax with out a prescription aetna doctors who prescribe xanax tablet xanax flexeril xanax urine results xanax and ambien xanax overnight buy xanax no prescription online pharmacy online drug xanax xanax prozac xanax bars 2 mg xanax and juice xanax on line rx xanax and mescaline which is safer xanax or antidepressnats dxm mixed with xanax xanax and adderall high xanax buy no rx contraindications of xanax with cymbalta on line pharmacy xanax xanax withdraw melatonin ingredients in xanax xanax us pharmacy online consultation info on xanax xanax nonprescription drugs order xanax buy cod getting high happy on xanax overdose on xanax definite fatal xanax overdose xanax supplements does xanax cause liver damage wine and xanax xanax dependence increase issues with xanax can you inject xanax social anxiety disorder xanax difference between clonazepam and xanax generic for xanax order xanax now visa xanax overnight without a prescription xanax xl xanax photographs weening off xanax purepac xanax complaints xanax health risks no prescription wholesale xanax xanax shapes colors xanax l441 st john wort paxil xanax adhd xanax weakness xanax ladders normal dose of xanax xanax and aggression anger marijuana and xanax withdrawal symptoms searchterm xanax benzodiazepine xanax for treatment of menopause xanax prescriptions xanax vicodin allergic to codeine flexeril and xanax unire tests kids taking xanax mixing heroin and xanax healthline search results for xanax dog xanax dose is xanax a muscle relaxant xanax xr forum site xanax coming off of xanax buying xanax without a prescription xanax colors xanax yahoo methadone xanax xanax robbery barnesville ga generic xanax xanax alprazolam zanax cheap xanax fedex patient complaints about xanax xanax how many mg to overdose xanax smoking about xanax xanax drug interactions my friend drinks alcohol on xanax getting xanax buzz online rx overnight xanax valium versus xanax different tablets of xanax order xanax online from mexico nurse use xanax g3721 xanax picture xanax and federal experss xanax addiction treatment xanax abuse snorting buy xanax cheap medication gabapentin vs xanax ambien xanax taking xanax everyday for social environmental effects of xanax search results generic xanax xanax pregnancy xanax cod fedex xanax recreational buy xanax overnight with online consultation where can you purchase xanax getting off xanax medicines you can not take xanax what schedule narcotic is xanax
Chat Preview
Sala de Bate-Papo
 
Ver Tópico
Comunidade IPCOP-BR :: Diversos :: Assuntos Diversos
 Imprimir Tópico
Liberar MSN a todos no IPCOP
anonimous_
#1 Imprimir Mensagem
Enviado em 27-11-2009 17:23
Iniciante


Mensagens: 8
Registrado: 27.11.09

 Olá pessoal!
Um cliente possui IPCOP, e estou com problema para liberar o acesso ao msn. Que regras preciso adicionar no firewall para liberar?
O engraçado que um PC consegue acessar, e nao achei nada onde esteja apenas o ip deste PC liberado.
O proxy é autenticado.
Preciso de ajuda urgente!
Nunca trabalhei com o IPCOP.
Vlw galera!
Att. AnOnImOuS_
 
Lucas Gabriel Capuano
#2 Imprimir Mensagem
Enviado em 27-11-2009 17:41
Avatar

Administrador


Mensagens: 91
Registrado: 27.07.08

 Esse ipcop esta com o BOT instalado ?

O msn precisa de acesso a porta 443 e 1863.
Muitas vezes sua dúvida já foi respondida, pesquise antes de perguntar.
 
www.goldentek.com.br
anonimous_
#3 Imprimir Mensagem
Enviado em 27-11-2009 17:46
Iniciante


Mensagens: 8
Registrado: 27.11.09

 Entao, nao tem o BOT instalado, tem proxy avançado, autenticado, ai no proxy ta liberado a porta 443 e 1863, e tmb nas URL List estao liberadas as urls que sao usadas pra autenticar.
Consigo liberar o msn pelo iptables?
Preciso liberar parar todas as maquinas da rede.
No aguardo!
Att. AnOnImOuS_
 
Lucas Gabriel Capuano
#4 Imprimir Mensagem
Enviado em 29-11-2009 13:25
Avatar

Administrador


Mensagens: 91
Registrado: 27.07.08

 Tente o seguinte.

Abra o Shell, putty ou direto no console, vá até sbin/ e execute.

iptables -I FORWARD -p tcp -s 192.168.1.0/24 --dport 1863 -j ACCEPT

Esse comando libera toda rede "192.168.1.0/24", se sua rede usar ip diferente substitua pelo endereço certo para funcionar.
Muitas vezes sua dúvida já foi respondida, pesquise antes de perguntar.
 
www.goldentek.com.br
anonimous_
#5 Imprimir Mensagem
Enviado em 30-11-2009 08:25
Iniciante


Mensagens: 8
Registrado: 27.11.09

 Executei este comando, mas continua exibindo a msg no MSN para verificar o firewall. pelo iptables não preciso liberar a porta 443 tmb? e tmb as urls do hotmail?
Outra coisa, aki eh proxy autenticado, o nível do usuário pode interferir para acessar o msn?
No aguardo pessoal!
Vlw
Att. AnOnImOuS_
 
anonimous_
#6 Imprimir Mensagem
Enviado em 30-11-2009 08:36
Iniciante


Mensagens: 8
Registrado: 27.11.09

 ahh...outro fator muito estranho é que apenas uma máquina consegue acessar o MSN, mas as configurações estão todas iguais, proxy no IE, nas config do MSN colokei o nome de usuario pra autenticar. E tmb no IPCOP não achei nada onde apenas este PC, MAC, IP esteja tudo liberado.
Mto estranho.
Att. AnOnImOuS_
 
anonimous_
#7 Imprimir Mensagem
Enviado em 30-11-2009 11:00
Iniciante


Mensagens: 8
Registrado: 27.11.09

 Se eu baixar o bot e utilizar, vou conseguir liberar para todos o MSN? A versão do IPCOP é 1.4.21.
No aguardo!
Att. AnOnImOuS_
 
Lucas Gabriel Capuano
#8 Imprimir Mensagem
Enviado em 01-12-2009 11:10
Avatar

Administrador


Mensagens: 91
Registrado: 27.07.08

 Pelo que entendi não foi você que configurou esse Ipcop, sendo assim quem configurou criou regras na mão para fazer bloqueios e liberações.

Manda um print do etc/rc.d/rc.firewall

Se você instalar o BOT, será preciso criar todas as regras de acesso novamente.
Muitas vezes sua dúvida já foi respondida, pesquise antes de perguntar.
 
www.goldentek.com.br
anonimous_
#9 Imprimir Mensagem
Enviado em 01-12-2009 16:24
Iniciante


Mensagens: 8
Registrado: 27.11.09

 Removi todas as regras que vi no Firewall de forward no ipcop para porta 1863 e 443.
Entrei no arquivo rc.local mas ele está vazio.
Apenas no proxy avançando ambas as portas estão lá como permitidas.

No aguardo!
Que regra posso jogar no iptables para liberar acesso?
Att. AnOnImOuS_
 
anonimous_
#10 Imprimir Mensagem
Enviado em 02-12-2009 14:08
Iniciante


Mensagens: 8
Registrado: 27.11.09

 Alguém para dar outra dica?
Att. AnOnImOuS_
 
Lucas Gabriel Capuano
#11 Imprimir Mensagem
Enviado em 03-12-2009 08:49
Avatar

Administrador


Mensagens: 91
Registrado: 27.07.08

 Manda um print do etc/rc.d/rc.firewall
Muitas vezes sua dúvida já foi respondida, pesquise antes de perguntar.
 
www.goldentek.com.br
anonimous_
#12 Imprimir Mensagem
Enviado em 03-12-2009 11:34
Iniciante


Mensagens: 8
Registrado: 27.11.09

 Segue abaixo rc.firewall
...lembrando que removi as entradas de forward no IPCOP para a porta 1863.
----
#!/bin/sh
#
# $Id: rc.firewall,v 1.7.2.24 2007/11/17 08:12:29 owes Exp $
#

eval $(/usr/local/bin/readhash /var/ipcop/ppp/settings)
eval $(/usr/local/bin/readhash /var/ipcop/ethernet/settings)
if [ -f /var/ipcop/red/iface ]; then
IFACE=`/bin/cat /var/ipcop/red/iface 2> /dev/null | /usr/bin/tr -d '\012'`
fi
if [ -f /var/ipcop/red/device ]; then
DEVICE=`/bin/cat /var/ipcop/red/device 2> /dev/null | /usr/bin/tr -d '\012'`
fi


iptables_init() {
# Flush all rules and delete all custom chains
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F
/sbin/iptables -X
/sbin/iptables -t nat -X
/sbin/iptables -t mangle -X

# Set up policies
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT

# Empty LOG_DROP and LOG_REJECT chains
/sbin/iptables -N LOG_DROP
/sbin/iptables -A LOG_DROP -m limit --limit 10/minute -j LOG
/sbin/iptables -A LOG_DROP -j DROP
/sbin/iptables -N LOG_REJECT
/sbin/iptables -A LOG_REJECT -m limit --limit 10/minute -j LOG
/sbin/iptables -A LOG_REJECT -j REJECT

# This chain will log, then DROPs packets with certain bad combinations
# of flags might indicate a port-scan attempt (xmas, null, etc)
/sbin/iptables -N PSCAN
/sbin/iptables -A PSCAN -p tcp -m limit --limit 10/minute -j LOG --log-prefix "TCP Scan? "
/sbin/iptables -A PSCAN -p udp -m limit --limit 10/minute -j LOG --log-prefix "UDP Scan? "
/sbin/iptables -A PSCAN -p icmp -m limit --limit 10/minute -j LOG --log-prefix "ICMP Scan? "
/sbin/iptables -A PSCAN -f -m limit --limit 10/minute -j LOG --log-prefix "FRAG Scan? "
/sbin/iptables -A PSCAN -j DROP

# New tcp packets without SYN set - could well be an obscure type of port scan
# that's not covered above, may just be a broken windows machine
/sbin/iptables -N NEWNOTSYN
/sbin/iptables -A NEWNOTSYN -m limit --limit 10/minute -j LOG --log-prefix "NEW not SYN? "
/sbin/iptables -A NEWNOTSYN -j DROP

# Chain to contain all the rules relating to bad TCP flags
/sbin/iptables -N BADTCP

# Disallow packets frequently used by port-scanners
# nmap xmas
/sbin/iptables -A BADTCP -p tcp --tcp-flags ALL FIN,URG,PSH -j PSCAN
# Null
/sbin/iptables -A BADTCP -p tcp --tcp-flags ALL NONE -j PSCAN
# FIN
/sbin/iptables -A BADTCP -p tcp --tcp-flags ALL FIN -j PSCAN
# SYN/RST (also catches xmas variants that set SYN+RST+...)
/sbin/iptables -A BADTCP -p tcp --tcp-flags SYN,RST SYN,RST -j PSCAN
# SYN/FIN (QueSO or nmap OS probe)
/sbin/iptables -A BADTCP -p tcp --tcp-flags SYN,FIN SYN,FIN -j PSCAN
# NEW TCP without SYN
/sbin/iptables -A BADTCP -p tcp ! --syn -m state --state NEW -j NEWNOTSYN

/sbin/iptables -A INPUT -j BADTCP
/sbin/iptables -A FORWARD -j BADTCP

}

iptables_red() {
/sbin/iptables -F REDINPUT
/sbin/iptables -F REDFORWARD
/sbin/iptables -t nat -F REDNAT

# PPPoE / PPTP Device
if [ "$IFACE" != "" ]; then
# PPPoE / PPTP
if [ "$DEVICE" != "" ]; then
/sbin/iptables -A REDINPUT -i $DEVICE -j ACCEPT
fi
if [ "$RED_TYPE" == "PPTP" -o "$RED_TYPE" == "PPPOE" ]; then
if [ "$RED_DEV" != "" ]; then
/sbin/iptables -A REDINPUT -i $RED_DEV -j ACCEPT
fi
fi
fi

# PPTP over DHCP
if [ "$DEVICE" != "" -a "$TYPE" == "PPTP" -a "$METHOD" == "DHCP" ]; then
/sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT
/sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT
fi

# Orange pinholes
if [ "$ORANGE_DEV" != "" ]; then
# This rule enables a host on ORANGE network to connect to the outside
# (only if we have a red connection)
if [ "$IFACE" != "" ]; then
/sbin/iptables -A REDFORWARD -i $ORANGE_DEV -p tcp -o $IFACE -j ACCEPT
/sbin/iptables -A REDFORWARD -i $ORANGE_DEV -p udp -o $IFACE -j ACCEPT
fi
fi

if [ "$IFACE" != "" -a -f /var/ipcop/red/active ]; then
# DHCP
if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then
/sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
/sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
fi
if [ "$METHOD" == "DHCP" -a "$PROTOCOL" == "RFC1483" ]; then
/sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
/sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
fi

# Outgoing masquerading
/sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE

fi
}

# See how we were called.
case "$1" in
start)
iptables_init

# Limit Packets- helps reduce dos/syn attacks
# original do nothing line
#/sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 10/sec
# the correct one, but the negative '!' do nothing...
#/sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit ! --limit 10/sec -j DROP

# Fix for braindead ISP's
/sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

# CUSTOM chains, can be used by the users themselves
/sbin/iptables -N CUSTOMINPUT
/sbin/iptables -A INPUT -j CUSTOMINPUT
/sbin/iptables -N CUSTOMFORWARD
/sbin/iptables -A FORWARD -j CUSTOMFORWARD
/sbin/iptables -N CUSTOMOUTPUT
/sbin/iptables -A OUTPUT -j CUSTOMOUTPUT
/sbin/iptables -t nat -N CUSTOMPREROUTING
/sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING
/sbin/iptables -t nat -N CUSTOMPOSTROUTING
/sbin/iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING

# filtering from GUI
/sbin/iptables -N GUIINPUT
/sbin/iptables -A INPUT -j GUIINPUT

# Accept everything connected
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

#Portas Liberadas ))Siqmac((
/sbin/iptables -A INPUT -p tcp --destination-port 445 -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -p tcp -s 0/0 --dport 445 -i eth1 -j DNAT --to-dest 192.168.0.254:445
/sbin/iptables -A FORWARD -p tcp -i eth1 --dport 445 -d 192.168.0.254 -j ACCEPT

# traffic from ipsecX/tun/tap interfaces, before "-i GREEN_DEV" accept everything
/sbin/iptables -N IPSECVIRTUAL
/sbin/iptables -N OPENSSLVIRTUAL
/sbin/iptables -A INPUT -j IPSECVIRTUAL
/sbin/iptables -A INPUT -j OPENSSLVIRTUAL
/sbin/iptables -A FORWARD -j IPSECVIRTUAL
/sbin/iptables -A FORWARD -j OPENSSLVIRTUAL

# localhost and ethernet.
/sbin/iptables -A INPUT -i lo -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -s 127.0.0.0/8 -m state --state NEW -j DROP # Loopback not on lo
/sbin/iptables -A INPUT -d 127.0.0.0/8 -m state --state NEW -j DROP
/sbin/iptables -A FORWARD -i lo -m state --state NEW -j ACCEPT
/sbin/iptables -A FORWARD -s 127.0.0.0/8 -m state --state NEW -j DROP
/sbin/iptables -A FORWARD -d 127.0.0.0/8 -m state --state NEW -j DROP
/sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT -p ! icmp
/sbin/iptables -A FORWARD -i $GREEN_DEV -m state --state NEW -j ACCEPT

# If a host on orange tries to initiate a connection to IPCop's red IP and
# the connection gets DNATed back through a port forward to a server on orange
# we end up with orange -> orange traffic passing through IPCop
[ "$ORANGE_DEV" != "" ] && /sbin/iptables -A FORWARD -i $ORANGE_DEV -o $ORANGE_DEV -m state --state NEW -j ACCEPT

# allow DHCP on BLUE to be turned on/off
/sbin/iptables -N DHCPBLUEINPUT
/sbin/iptables -A INPUT -j DHCPBLUEINPUT

# IPsec
/sbin/iptables -N IPSECPHYSICAL
/sbin/iptables -A INPUT -j IPSECPHYSICAL

# OpenSSL
/sbin/iptables -N OPENSSLPHYSICAL
/sbin/iptables -A INPUT -j OPENSSLPHYSICAL

# WIRELESS chains
/sbin/iptables -N WIRELESSINPUT
/sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT
/sbin/iptables -N WIRELESSFORWARD
/sbin/iptables -A FORWARD -m state --state NEW -j WIRELESSFORWARD

# RED chain, used for the red interface
/sbin/iptables -N REDINPUT
/sbin/iptables -A INPUT -j REDINPUT
/sbin/iptables -N REDFORWARD
/sbin/iptables -A FORWARD -j REDFORWARD
/sbin/iptables -t nat -N REDNAT
/sbin/iptables -t nat -A POSTROUTING -j REDNAT

iptables_red

# DMZ pinhole chain. setdmzholes setuid prog adds rules here to allow
# ORANGE to talk to GREEN / BLUE.
/sbin/iptables -N DMZHOLES
if [ "$ORANGE_DEV" != "" ]; then
/sbin/iptables -A FORWARD -i $ORANGE_DEV -m state --state NEW -j DMZHOLES
fi

# XTACCESS chain, used for external access
/sbin/iptables -N XTACCESS
/sbin/iptables -A INPUT -m state --state NEW -j XTACCESS

# PORTFWACCESS chain, used for portforwarding
/sbin/iptables -N PORTFWACCESS
/sbin/iptables -A FORWARD -m state --state NEW -j PORTFWACCESS

# Custom prerouting chains (for transparent proxy and port forwarding)
/sbin/iptables -t nat -N SQUID
/sbin/iptables -t nat -A PREROUTING -j SQUID
/sbin/iptables -t nat -N PORTFW
/sbin/iptables -t nat -A PREROUTING -j PORTFW


# Custom mangle chain (for port fowarding)
/sbin/iptables -t mangle -N PORTFWMANGLE
/sbin/iptables -t mangle -A PREROUTING -j PORTFWMANGLE

# Postrouting rules (for port forwarding)
/sbin/iptables -t nat -A POSTROUTING -m mark --mark 1 -j SNAT \
--to-source $GREEN_ADDRESS
if [ "$BLUE_DEV" != "" ]; then
/sbin/iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to-source $BLUE_ADDRESS
fi
if [ "$ORANGE_DEV" != "" ]; then
/sbin/iptables -t nat -A POSTROUTING -m mark --mark 3 -j SNAT --to-source $ORANGE_ADDRESS
fi


# run local firewall configuration, if present
if [ -x /etc/rc.d/rc.firewall.local ]; then
/etc/rc.d/rc.firewall.local start
fi

# last rule in input and forward chain is for logging.
/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "INPUT "
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "OUTPUT "
;;
stop)
iptables_init
# Accept everyting connected
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# localhost and ethernet.
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT

if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" -a "$IFACE" != "" ]; then
/sbin/iptables -A INPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
/sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
fi
if [ "$PROTOCOL" == "RFC1483" -a "$METHOD" == "DHCP" -a "$IFACE" != "" ]; then
/sbin/iptables -A INPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
/sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
fi

# run local firewall configuration, if present
if [ -x /etc/rc.d/rc.firewall.local ]; then
/etc/rc.d/rc.firewall.local stop
fi

/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "INPUT "
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "OUTPUT "
;;
reload)
iptables_red

# run local firewall configuration, if present
if [ -x /etc/rc.d/rc.firewall.local ]; then
/etc/rc.d/rc.firewall.local reload
fi
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 {start|stop|reload|restart}"
exit 1
;;

esac
/sbin/iptables -t nat -A PREROUTING -i eth0 -s 0/0 -p tcp --dport 80 -j REDIRECT --to-ports 3128
exit 0
Att. AnOnImOuS_
 
Lucas Gabriel Capuano
#13 Imprimir Mensagem
Enviado em 09-12-2009 16:02
Avatar

Administrador


Mensagens: 91
Registrado: 27.07.08

 anonimous_, todos os ipcops que tenho instalados estão com o BOT, vou instalar um ipcop em uma vm para comparar com o seu e ver se acho o problema.
Muitas vezes sua dúvida já foi respondida, pesquise antes de perguntar.
 
www.goldentek.com.br
Ir ao Fórum:
Entrar
Usuário

Senha



Não é um membro ainda?
Clique aqui e registre-se.

Esqueceu sua senha?
Solicite uma nova aqui.
Enquete
Qual browser você mais usa ?





















Você deve entrar para votar.
Mural de Recados
Você deve entrar para enviar uma mensagem.

alrferreira
02/03/2010 08:09
parabéns pelo site! muito organizado e com muito conteúdo útil!

ziss
21/02/2010 04:57
Estou usando a mais nova versão do IPCOP já a 30 dias com 60 usuários e funcionando normalmente, HD 10 G e 2 G deRAM, ótimo desempenho.

Lucas Gabriel Capuano
19/11/2009 10:34
Pessoal, o mural de recados não serve para postar dúvidas. Postem suas dúvidas no local apropriado do fórum.

Anderson Costa de Azevedo
18/11/2009 14:31
Boa tarde pessoal, tenho uma maquina com hd e cd sata masna hora de instalar o instalador pede a midia do cd-rom. O que Faço?

tdsantos
12/11/2009 14:11
Bom dia pessoal, tem como configurar as placas de rede via interface web?

edney
05/11/2009 19:32
Olá a todos! Estou tentando usar o IPCop em minhas aulas mas estou tendo problemas para configurá-lo. Qual a versão mais estável? Onde consigo addons compatíveis?
Últimos Artigos
· Instalação do Layer7...
· Relatorio de acessos
· IP-COP
· IPCOP + ADSL com PPP...
· OpenVPN
Tempo de renderização: 0.14 segundos 128,017 visitas únicas
Copyright © 2009 IPCOP-BR


Powered by PHP-Fusion copyright © 2002 - 2010 by Nick Jones.
Released as free software without warranties under GNU Affero GPL v3.