View Single Post
  #6  
Old 23rd December 2010, 14:55
albertox26 albertox26 is offline
Junior Member
 
Join Date: May 2009
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Unhappy Problems with Ispconfig 3

ok I'll check the dns anyway I send a copy of the iptables configuration file to see if I'm wrong in the configuration of ports


## FLUSH de reglas
iptables -F
iptables -X
iptables -t nat -F

## Establecemos politica por defecto
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT

## Nota: eth0 es el interfaz conectado a internet y eth1 a la LAN
# acceso localhost
/sbin/iptables -A INPUT -i lo -j ACCEPT

# Al firewall tenemos acceso desde las redes locales
iptables -A INPUT -s 192.168.0.0/24 -i eth0 -j ACCEPT
iptables -A INPUT -s 192.168.7.0/24 -i eth1 -j ACCEPT

# Ahora hacemos enmascaramiento de la red local
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.7.0/24 -o eth1 -j MASQUERADE

# Abrimos el puerto 25, hay que configurar bien el relay del servidor SMTP
iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 25 -j ACCEPT
# Abrimos el pop3
iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 110 -j ACCEPT

# Cerramos el rango de puerto bien conocido
# iptables -A INPUT -s 0/0 -p tcp -dport 1:1024 -j DROP
# iptables -A INPUT -s 0/0 -p udp -dport 1:1024 -j DROP

# Cerramos un puerto de gesti.n: webmin
# iptables -A INPUT -s 0/0 -p tcp -dport 10000 -j DROP

# Redireccionamiento de Puerto TCP

iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xx --dport 20 -j DNAT --to-destination 192.168.7.2:20
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xx --dport 21 -j DNAT --to-destination 192.168.7.2:21
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xx --dport 23 -j DNAT --to-destination 192.168.7.2:23
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xx --dport 25 -j DNAT --to-destination 192.168.7.2:25
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xx --dport 53 -j DNAT --to-destination 192.168.7.2:53
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xx --dport 80 -j DNAT --to-destination 192.168.7.2:80
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xx --dport 110 -j DNAT --to-destination 192.168.7.2:110
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xx --dport 143 -j DNAT --to-destination 192.168.7.2:143
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xx --dport 465 -j DNAT --to-destination 192.168.7.2:465
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xx --dport 443 -j DNAT --to-destination 192.168.7.2:443
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xx --dport 8080 -j DNAT --to-destination 192.168.7.2:8080
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xx --dport 8081 -j DNAT --to-destination 192.168.7.2:8081
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xx --dport 8070 -j DNAT --to-destination 192.168.7.3:8070
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xx --dport 9000 -j DNAT --to-destination 192.168.7.3:9000

# Redireccionamiento de Puertos UDP


# PUERTOS TELNET
#iptables -A INPUT -s 192.168.2.0/24 -p tcp --dport 22:23 -j ACCEPT
#iptables -A INPUT -s 192.168.3.0/24 -p tcp --dport 22:23 -j ACCEPT
#iptables -A INPUT -s 192.168.4.0/24 -p tcp --dport 22:23 -j ACCEPT
#iptables -A INPUT -s 192.168.5.0/24 -p tcp --dport 22:23 -j ACCEPT

# Cerrar Puertos
iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 10000 -j DROP
iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 22 -j DROP

## Enmascarar todo lo que salga por eth0 proveniente de la red local.
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.7.0/24 -o eth0 -j MASQUERADE

echo " OK "
echo "Verifique que lo que se aplica con: iptables -L -n"

if you can add me to your messenger my email is juan_alberto_ojeda@hotmail.com so I can better target

Thanks!!
Reply With Quote