Acesso ao GO Global

1. Acesso ao GO Global

wevertonbatista
(usa Outra)

Enviado em 18/10/2017 - 18:09h

Olá pessoal!!!

Estou tendo um problema de acesso ao Go Global... Atualmente em minha rede roda um windows server 2008 onde esta instalado o Go Global, quando um usuário tenta acessar o windows server 2008 externamente acessa pelo Go Global que roda na porta 491...

Quem faz todo o roteamento atual é um roteador TP-LINK e o ip do server 2008 esta no forward liberando o ip 192.168.0.5 para porta 491... deste jeito acessam normalmente toda a aplicação que roda nele...Porem como estou implantando o Linux Debian para rodar como Firewall, Gateway e Dns da rede, e quando testo ele para rodar, os usuários não acessam o server 2008..

Já fiz o redirecionamento para o ip 192.168.0.5 porta 491, configurei o Forward mas não vai...

Preciso dessa aplicação rodando, pois só falta isso para implementação...

Alguém pode me ajudar!!!

Segue configuração do meu firewall...

#!/bin/bash

PATH='/sbin'

if [ "$#" -ne 1 ]
then

echo "Quantidade de parametro incorreto!"
exit 1
fi

###Regras para o case STOP
parar() {
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

}

###Regras para serem carregadas
geral() {

iptables -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
echo "1" > /proc/sys/net/ipv4/ip_forward

}

###Regras para o INPUT do proprio servidor
entrada() {

#gerais
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT

#DNS
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --sport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 491 -j ACCEPT
iptables -A INPUT -p tcp --sport 491 -j ACCEPT
#iptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 491 -j ACCEPT
#iptables -A INPUT -s 192.168.0.0/24 -p udp --dport 491 -j ACCEPT
#iptables -A INPUT -s 192.168.1.2/24 -p tcp --dport 53 -j ACCEPT
#iptables -A INPUT -s 192.168.1.2/24 -p udp --dport 53 -j ACCEPT
#iptables -A INPUT -d 192.168.1.2/24 -p tcp --sport 53 -j ACCEPT
#iptables -A INPUT -d 192.168.1.2/24 -p udp --sport 53 -j ACCEPT

#NTP

iptables -A INPUT -p udp --dport 123 -j ACCEPT
iptables -A INPUT -p udp --sport 123 -j ACCEPT

#rede1
iptables -A INPUT -i eth0 -p tcp --dport 2222 -m state --state NEW --syn -j ACCEPT
iptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 2222 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.0.0/24 -d 192.168.0.5/24 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.0.0/24 -d 192.168.0.5/24 -j ACCEPT
iptables -A INPUT -p tcp -d 192.168.0.0/24 -s 192.168.0.5/24 -j ACCEPT
iptables -A INPUT -p udp -d 192.168.0.0/24 -s 192.168.0.5/24 -j ACCEPT
iptables -A INPUT -p tcp -m multiport -d 192.168.0.0/24 --dport 491 -j ACCEPT

#iptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 491 -j ACCEPT
#iptables -A INPUT -s 192.168.0.0/24 -p udp --dport 491 -j ACCEPT
}

###regras para o FORWARD
encaminhamento() {

#gerais
iptables -A FORWARD -p icmp -j ACCEPT
iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 -d 192.168.0.2/24 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.0/24 -d 192.168.0.2/24 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.0.0/24 -s 192.168.0.2/24 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.0.0/24 -s 192.168.0.2/24 -j ACCEPT
iptables -A FORWARD -p tcp --dport 491 -d 177.135.144.130/29 -j ACCEPT
iptables -A FORWARD -p tcp --dport 491 -d 192.168.0.5/24 -j ACCEPT### GO GLOBAL
iptables -A FORWARD -p tcp --sport 491 -d 192.168.0.5/24 -j ACCEPT### GO GLOBAL
iptables -A FORWARD -d 192.168.0.5/24 -p tcp --dport 491 -j ACCEPT### GO GLOBAL
iptables -A FORWARD -d 192.168.0.5/24 -p tcp --sport 491 -j ACCEPT### GO GLOBAL
iptables -A FORWARD -d 192.168.0.5/24 -p udp --dport 491 -j ACCEPT### GO GLOBAL
iptables -A FORWARD -d 192.168.0.5/24 -p udp --sport 491 -j ACCEPT### GO GLOBAL
iptables -A FORWARD -i eth0 -p tcp -m multiport -d 192.168.0.0/24 --dport 491 -j ACCEPT### GO GLOBAL
iptables -A FORWARD -i eth0 -p tcp -m multiport -d 192.168.0.0/24 --sport 491 -j ACCEPT### GO GLOBAL
iptables -A FORWARD -i eth1 -p tcp -m multiport -d 192.168.0.0/24 --dport 491 -j ACCEPT### GO GLOBAL
iptables -A FORWARD -i eth1 -p tcp -m multiport -d 192.168.0.0/24 --sport 491 -j ACCEPT### GO GLOBAL
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.0.0/24 -m multiport --dport 491,8087 -j ACCEPT### GO GLOBAL

iptables -A FORWARD -s 192.168.0.5/24 -j ACCEPT### GO GLOBAL
iptables -A FORWARD -d 192.168.0.5/24 -j ACCEPT### GO GLOBAL
iptables -A FORWARD -s 192.168.0.33/24 -j ACCEPT### BANCO DE DADOS SALA SERVIDOR
iptables -A FORWARD -d 192.168.0.33/24 -j ACCEPT### BANCO DE DADOS SALA SERVIDOR

#iptables -A FORWARD -p tcp -s 192.168.0.0/24 -d 192.168.0.5/24 -j ACCEPT
#iptables -A FORWARD -p udp -s 192.168.0.0/24 -d 192.168.0.5/24 -j ACCEPT
#iptables -A FORWARD -p tcp -d 192.168.0.0/24 -s 192.168.0.5/24 -j ACCEPT
#iptables -A FORWARD -p udp -d 192.168.0.0/24 -s 192.168.0.5/24 -j ACCEPT
#iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 491 -j ACCEPT
#iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 491 -j ACCEPT
#iptables -A FORWARD -d 192.168.0.0/24 -p tcp --sport 491 -j ACCEPT
#iptables -A FORWARD -p tcp -s 192.168.0.0/24 -d 192.168.0.33/24 -j ACCEPT ##BancoDados
#iptables -A FORWARD -p udp -s 192.168.0.0/24 -d 192.168.0.33/24 -j ACCEPT ##BancoDados
#iptables -A FORWARD -p tcp -d 192.168.0.0/24 -s 192.168.0.33/24 -j ACCEPT ##BancoDados
#iptables -A FORWARD -p udp -d 192.168.0.0/24 -s 192.168.0.33/24 -j ACCEPT ##BancoDados
#iptables -A FORWARD -p tcp -s 192.168.0.0/24 -d 192.168.0.5/24 -j ACCEPT ##Server2008
#iptables -A FORWARD -p udp -s 192.168.0.0/24 -d 192.168.0.5/24 -j ACCEPT ##Server2008
#iptables -A FORWARD -p tcp -d 192.168.0.0/24 -s 192.168.0.5/24 -j ACCEPT ##Server2008
#iptables -A FORWARD -p udp -d 192.168.0.0/24 -s 192.168.0.5/24 -j ACCEPT ##Server2008
#iptables -A FORWARD -p tcp -s 192.168.0.0/24 -d 192.168.0.201/24 -j ACCEPT ##RelogioPonto
#iptables -A FORWARD -p udp -s 192.168.0.0/24 -d 192.168.0.201/24 -j ACCEPT ##RelogioPonto
#iptables -A FORWARD -p tcp -d 192.168.0.0/24 -s 192.168.0.201/24 -j ACCEPT ##RelogioPonto
#iptables -A FORWARD -p udp -d 192.168.0.0/24 -s 192.168.0.201/24 -j ACCEPT ##RelogioPonto
#iptables -A FORWARD -p tcp -s 192.168.0.0/24 -d 192.168.0.2/24 -j ACCEPT
#iptables -A FORWARD -p udp -s 192.168.0.0/24 -d 192.168.0.2/24 -j ACCEPT
#iptables -A FORWARD -p tcp -d 192.168.0.0/24 -s 192.168.0.2/24 -j ACCEPT
#iptables -A FORWARD -p udp -d 192.168.0.0/24 -s 192.168.0.2/24 -j ACCEPT

#Outlook

iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 995 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p udp --dport 995 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 587 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p udp --dport 587 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p udp --dport 110 -j ACCEPT

#rede1

iptables -A FORWARD -p tcp --dport 22 -d 192.168.0.2 -j ACCEPT
iptables -A FORWARD -p tcp --dport 22 -s 192.168.0.2 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 3389 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p udp --dport 3389 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p udp --dport 80 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 8080 -j ACCEPT
#iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 491 -d 192.168.0.5/24 -j ACCEPT
#iptables -A FORWARD -s 192.168.0.0/24 -p udp --dport 491 -d 192.168.0.5/24 -j ACCEPT
#iptables -A FORWARD -d 192.168.0.0/24 -p tcp --sport 491 -s 192.168.0.5/24 -j ACCEPT
#iptables -A FORWARD -d 192.168.0.0/24 -p udp --sport 491 -s 192.168.0.5/24 -j ACCEPT

}

##Regras para o OUTPUT
saida() {
iptables -A OUTPUT -o lo -j ACCEPT
}

###Regras para NAT na chain POSTROUTING
nat_pos() {
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 491 -j MASQUERADE ### Go GLOBAL

}

###Regras para NAT na chain PREROUTING
nat_pre() {
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT --to-destination 192.168.0.1:2222 #linux
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT --to-destination 192.168.0.33:3389 #BancoDados
iptables -t nat -A PREROUTING -i eth0 -p tcp --sport 3389 -j DNAT --to-destination 192.168.0.33:3389 #BancoDados
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 3389 -j DNAT --to-destination 192.168.0.33:3389 #BancoDados
iptables -t nat -A PREROUTING -i eth0 -p udp --sport 3389 -j DNAT --to-destination 192.168.0.33:3389 #BancoDados
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 491 -j DNAT --to-destination 192.168.0.5:491 #Server 2008 GO GLOBAL
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 491 -j DNAT --to-destination 192.168.0.5:491 #Server 2008 GO GLOBAL
iptables -t nat -A PREROUTING -i eth0 -p tcp --sport 491 -j DNAT --to-destination 192.168.0.5:491 #Server 2008 GO GLOBAL
iptables -t nat -A PREROUTING -i eth0 -p udp --sport 491 -j DNAT --to-destination 192.168.0.5:491 #Server 2008 GO GLOBAL
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3002 -j DNAT --to-destination 192.168.0.5:3002 #Server 2008
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3000 -j DNAT --to-destination 192.168.0.201:3000 #RelogioPonto
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to-destination 192.168.0.2:22 #Samba4 AD

}

case $1 in

start)

geral
entrada
encaminhamento
saida
nat_pos
nat_pre

echo "Firewall Jomed iniciado com sucesso!"
;;

stop)
parar
echo "Firewall parado com sucesso!"
;;

*)

echo "Invalid option. Use: firewall.sh <start|stop>"

esac
exit 0

0 0

Quote