Tú declarou a variavel ETH1? Em 20 de março de 2010 02:09, alan inacio <alanbrawdeb...@gmail.com> escreveu: > Ola Amigo.. esta dando erro no Iptables.. o que pode ser.. > > > iptables -t nat -A PREROUTING -p tcp -d $ETH1 --dport 8080 -j DNAT > --to 192.168.0.1:80 > > Bad argument `8080' > Try `iptables -h' or 'iptables --help' for more information. > > > > > Em 18 de março de 2010 13:49, Catulo Hansen <catu...@gmail.com> escreveu: >> Não. O apache ainda vai ficar ouvindo na porta 80, quando a requisição >> chegar na porta 8080 o teu firewall através da regra de NAT vai >> redirecionar a requisição para porta 80 do apache. >> >> Em 18 de março de 2010 09:58, Lista Debian <alanbrawdeb...@gmail.com> >> escreveu: >>> Catulo Hansen.. me tira uma duvida.. >>> Com esse scrip não vai ser necessário mudar o aquivo ports.conf do apache2? >>> >>> Abraço. >>> >>> Att: Alan >>> >>> -----Mensagem original----- >>> De: Catulo Hansen [mailto:catu...@gmail.com] >>> Enviada em: quinta-feira, 18 de março de 2010 08:22 >>> Para: Thiago Silveira de Oliveira >>> Cc: Lista Debian; debian-user-portuguese@lists.debian.org >>> Assunto: Re: Acesso externo com no-ip >>> >>> Com isso, teu script teria que ficar assim: >>> #NAT DE SERVIÇO >>> iptables -t nat -A PREROUTING -p tcp -d $ETH1 --dport 8080 -j DNAT >>> --to 192.168.0.1:80 >>> >>> Em 18 de março de 2010 08:03, Thiago Silveira de Oliveira >>> <thiago...@ig.com.br> escreveu: >>>> Funciona.........nesse caso vc pode até inventar portas.... >>>> >>>> 8080, 9090, 1010, e assim por diante..... >>>> >>>> [ ] , >>>> >>>> Thiago >>>> >>>> Em 17 de março de 2010 21:34, Lista Debian <alanbrawdeb...@gmail.com> >>>> escreveu: >>>>> >>>>> Então thiago.. e se eu mudar para a porta 8080? >>>>> >>>>> >>>>> >>>>> Sera que funciona? >>>>> >>>>> >>>>> >>>>> De: Thiago Silveira de Oliveira [mailto:thiago...@ig.com.br] >>>>> Enviada em: quarta-feira, 17 de março de 2010 20:10 >>>>> Para: Catulo Hansen >>>>> Cc: Lista Debian; debian-user-portuguese@lists.debian.org >>>>> Assunto: Re: Acesso externo com no-ip >>>>> >>>>> >>>>> >>>>> Pessoal..... >>>>> >>>>> A telefonica bloqueia trafego entrante em conexoes ADSL HOME, ou seja as >>>>> portas 21,25,80 e 110 sao bloqueadas justamente para o cidadão não fazer >>>>> "servidor" com ele. >>>>> >>>>> [ ] , >>>>> >>>>> Thiago >>>>> >>>>> >>>>> Em 17 de março de 2010 18:34, Catulo Hansen <catu...@gmail.com> escreveu: >>>>> >>>>> Tú tem que carregar os seguintes módulos no teu script: >>>>> >>>>> modprobe ip_tables >>>>> modprobe iptable_nat >>>>> modprobe ip_nat_ftp >>>>> modprobe ip_conntrack_ftp >>>>> >>>>> Em 17 de março de 2010 17:18, Lista Debian <alanbrawdeb...@gmail.com> >>>>> escreveu: >>>>> > #Variavel >>>>> > Coloquei essas linhas conforme vc falo mas parece que agora esta dando >>>>> > erro >>>>> > no iptables. Vou pegar as logs >>>>> > >>>>> > >>>>> > >>>>> > ETH1=`ifconfig eth1 |grep "inet end" |cut -d: -f2|cut -d" " -f2` >>>>> > >>>>> > #NAT DE SERVIÇO >>>>> > iptables -t nat -A PREROUTING -p tcp -d $ETH1 --dport 80 -j DNAT --to >>>>> > 192.168.0.1:80 >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > -----Mensagem original----- >>>>> > De: Catulo Hansen [mailto:catu...@gmail.com] >>>>> > Enviada em: quarta-feira, 17 de março de 2010 16:54 >>>>> > Para: Lista Debian >>>>> > Cc: debian-user-portuguese@lists.debian.org >>>>> > Assunto: Re: Acesso externo com no-ip >>>>> > >>>>> > Adicione no seu script: >>>>> > #Variavel >>>>> > ETH1=`ifconfig eth1 |grep "inet end" |cut -d: -f2|cut -d" " -f2` >>>>> > >>>>> > #NAT DE SERVIÇO >>>>> > iptables -t nat -A PREROUTING -p tcp -d $ETH1 --dport 80 -j DNAT --to >>>>> > IPSERVIDORAPACHE:80 >>>>> > >>>>> > Em 17 de março de 2010 15:43, Lista Debian <alanbrawdeb...@gmail.com> >>>>> > escreveu: >>>>> >> Srs. Ainda sou leigo no assunto. Estou tentando configura o no –ip >>> para >>>>> >> acessa o meu apache.. o acesso interno funciona perfeitamente. >>>>> >> http://bmxdebian.no-ip.biz ele até responde aos ping.. mas quando >>>>> >> tendo >>>>> > o >>>>> >> acesso externo não vai nem responde aos pings.. >>>>> >> >>>>> >> >>>>> >> >>>>> >> Segue a baixo as configurações no meu iptables. >>>>> >> >>>>> >> >>>>> >> >>>>> >> OBS: eth0 => rede interna eth1=> mondem ADSL speedy >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> #!bin/bash >>>>> >> >>>>> >> iptables -F >>>>> >> >>>>> >> iptables -F INPUT >>>>> >> >>>>> >> iptables -F OUTPUT >>>>> >> >>>>> >> iptables -F POSTROUTING -t nat >>>>> >> >>>>> >> iptables -F PREROUTING -t nat >>>>> >> >>>>> >> >>>>> >> >>>>> >> # echo 1 > /proc/sys/net/ipv4/ip_forward >>>>> >> >>>>> >> # iptables -P FORWARD ACCEPT >>>>> >> >>>>> >> # iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth1 -j >>>>> >> MASQUERADE >>>>> >> >>>>> >> >>>>> >> >>>>> >> # PROXY TRANSTPARENTE >>>>> >> >>>>> >> echo 1 > /proc/sys/net/ipv4/ip_forward >>>>> >> >>>>> >> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE >>>>> >> >>>>> >> iptables -t nat -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp >>>>> >> --dport >>>>> > 80 >>>>> >> -j REDIRECT --to-port 3128 >>>>> >> >>>>> >> >>>>> >> >>>>> >> # Webmin >>>>> >> >>>>> >> iptables -A INPUT -t tcp --dport 10000 -j ACCEPT >>>>> >> >>>>> >> >>>>> >> >>>>> >> # Libera FTP >>>>> >> >>>>> >> iptables -t filter -A INPUT -i eth1 -p tcp -m multiport --dports 21,20 >>>>> >> -j >>>>> >> ACCEPT >>>>> >> >>>>> >> iptables -t filter -A INPUT -i eth1 -p udp -m multiport --sports 21,20 >>>>> >> -j >>>>> >> ACCEPT >>>>> >> >>>>> >> >>>>> >> >>>>> >> iptables -A INPUT -i lo -j ACCEPT >>>>> >> >>>>> >> iptables -A INPUT -i eth1 -j ACCEPT >>>>> >> >>>>> >> >>>>> >> >>>>> >> # Libera SSH >>>>> >> >>>>> >> iptables -A INPUT -p tcp --dport 22 -j ACCEPT >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> # Port scanners ocultos >>>>> >> >>>>> >> iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit >>>>> > --limit >>>>> >> 1/s -j ACCEPT >>>>> >> >>>>> >> >>>>> >> >>>>> >> # Ping da morte >>>>> >> >>>>> >> iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit >>>>> >> 1/s >>>>> > -j >>>>> >> ACCEPT >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> > >>>>> > >>>>> > >>>>> > -- >>>>> > - >>>>> > Atencionamente, >>>>> > >>>>> > Catulo Kruuse Hansen >>>>> > Analista de Suporte >>>>> > Procuradoria Geral do Estado do Ceará >>>>> > catulohansen.blogspot.com >>>>> > No virus found in this incoming message. >>>>> > Checked by AVG - www.avg.com >>>>> > Version: 8.5.436 / Virus Database: 271.1.1/2752 - Release Date: >>> 03/17/10 >>>>> > 07:33:00 >>>>> > >>>>> > >>>>> >>>>> >>>>> >>>>> -- >>>>> - >>>>> Atencionamente, >>>>> >>>>> Catulo Kruuse Hansen >>>>> Analista de Suporte >>>>> Procuradoria Geral do Estado do Ceará >>>>> catulohansen.blogspot.com >>>>> >>>>> >>>>> -- >>>>> To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org >>>>> with a subject of "unsubscribe". Trouble? Contact >>>>> listmas...@lists.debian.org >>>>> Archive: >>>>> >>> http://lists.debian.org/85da0e3a1003171434n539c2fe8xe186778d3aa43...@mail.gm >>> ail.com >>>>> >>>>> >>>>> >>>>> No virus found in this incoming message. >>>>> Checked by AVG - www.avg.com >>>>> Version: 8.5.436 / Virus Database: 271.1.1/2752 - Release Date: 03/17/10 >>>>> 07:33:00 >>>> >>> >>> >>> >>> -- >>> - >>> Atencionamente, >>> >>> Catulo Kruuse Hansen >>> Analista de Suporte >>> Procuradoria Geral do Estado do Ceará >>> catulohansen.blogspot.com >>> No virus found in this incoming message. >>> Checked by AVG - www.avg.com >>> Version: 8.5.436 / Virus Database: 271.1.1/2754 - Release Date: 03/18/10 >>> 07:33:00 >>> >>> >> >> >> >> -- >> - >> Atencionamente, >> >> Catulo Kruuse Hansen >> Analista de Suporte >> Procuradoria Geral do Estado do Ceará >> catulohansen.blogspot.com >> >
-- - Atencionamente, Catulo Kruuse Hansen Analista de Suporte Procuradoria Geral do Estado do Ceará catulohansen.blogspot.com -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/85da0e3a1003200524t1a0e45c7uef6d1db3fc85f...@mail.gmail.com
