Liberar porta 3306/21

13. Cara...

TRBaldim
(usa Ubuntu)

Enviado em 22/03/2010 - 19:49h

Seguinte, você vai ter que criar um script para iniciar toda a vez esses comandos do iptables. Crie um script com um nome.sh... define a permissão usando o chmod 744 nome.sh, após isso guarde ele no /etc/. Após isso insira no arquivo /etc/rc.local o seu script de inicialização. E pronto toda a vez que você logar no servidor ele irá funcionar.

0 0

Quote

14. Re: Liberar porta 3306/21

reynatojr
(usa Ubuntu)

Enviado em 24/03/2010 - 08:54h

Fiz esse comando e apareceu essa mensagem:

Arquivo ou diretório inexistente

Eu uso Ubuntu 8.10

0 0

Quote

15. Re: Liberar porta 3306/21

reynatojr
(usa Ubuntu)

Enviado em 05/04/2010 - 08:37h

porque o Volcom usa essa porta 1024?!? pra que ela serve?

0 0

Quote

16. Re: Liberar porta 3306/21

reynatojr
(usa Ubuntu)

Enviado em 06/04/2010 - 13:33h

Gente,
não é possivel so esta faltando liberar a porta 3306 alguem me ajuda por favor ja nao sei mais o que fazer!!!

0 0

Quote

17. Re: Liberar porta 3306/21

renato_pacheco
(usa Debian)

Enviado em 06/04/2010 - 13:36h

Só recapitulando... o q vc fez até agora nas suas regras d iptables?

0 0

Quote

18. Re: Liberar porta 3306/21

reynatojr
(usa Ubuntu)

Enviado em 06/04/2010 - 13:48h

Segue abaixo todo meu script:

########## Ativa roteamento
echo 1 > /proc/sys/net/ipv4/ip_forward

########## Limpa Regras nas tabelas Filters e NAT
iptables -F
iptables -F -t nat

########## Bloqueia Todas Entradas e Saidas
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

########## Permite ssh para o firewall
iptables -A INPUT -p tcp -i eth0 -s 10.0.0.0/24 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i eth2 -s 192.168.0.0/24 --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -o eth0 -d 10.0.0.0/24 --sport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -o eth2 -d 192.168.0.0/24 --sport 22 -j ACCEPT
iptables -A FORWARD -p tcp -i eth0 -s 10.0.0.0/24 --dport 22 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -s 192.168.0.0/24 --dport 22 -j ACCEPT
iptables -A FORWARD -p tcp -o eth0 -d 10.0.0.0/24 --sport 22 -j ACCEPT
iptables -A FORWARD -p tcp -o eth2 -d 192.168.0.0/24 --sport 22 -j ACCEPT

########## Cria mascaramento da rede interna com a Internet IP Dinamico
#iptables -A INPUT -d 192.168.1.4 -p tcp --dport 3128 -j ACCEPT
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

########## Cria mascaramento da rede interna com a Internet IP Fixo
iptables -t nat -A POSTROUTING -o eth1 -s 10.0.0.0/24 -j SNAT --to-source 200.155.25.214
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/24 -j SNAT --to-source 200.155.25.214

#iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128

######### Modulos para permitir uso de FTP
iptables -A FORWARD -p tcp -s 10.0.0.0/24 -i eth0 --sport 1024: -d 0/0 -o eth1 --dport 20:21 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 -i eth2 --sport 1024: -d 0/0 -o eth1 --dport 20:21 -j ACCEPT
iptables -A FORWARD -p udp -s 10.0.0.0/24 -i eth0 --sport 1024: -d 0/0 -o eth1 --dport 20:21 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.0/24 -i eth2 --sport 1024: -d 0/0 -o eth1 --dport 20:21 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth1 --sport 20:21 -d 10.0.0.0/24 -o eth0 --dport 1024: -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth1 --sport 20:21 -d 192.168.0.0/24 -o eth2 --dport 1024: -j ACCEPT
iptables -A FORWARD -p udp -s 0/0 -i eth1 --sport 20:21 -d 10.0.0.0/24 -o eth0 --dport 1024: -j ACCEPT
iptables -A FORWARD -p udp -s 0/0 -i eth1 --sport 20:21 -d 192.168.0.0/24 -o eth2 --dport 1024: -j ACCEPT
modprobe ip_nat_ftp
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

########## Permite comunicação com servidores DNS
iptables -A FORWARD -p udp -s 10.0.0.0/24 --sport 1024: -d 0/0 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.0/24 --sport 1024: -d 0/0 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 0/0 --sport 53 -d 10.0.0.0/24 --dport 1024: -j ACCEPT
iptables -A FORWARD -p udp -s 0/0 --sport 53 -d 192.168.0.0/24 --dport 1024: -j ACCEPT

########## Permite comunicação com protocolo HTTP
iptables -A FORWARD -p tcp -s 10.0.0.0/24 -i eth0 --sport 1024: -d 0/0 -o eth1 --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 -i eth2 --sport 1024: -d 0/0 -o eth1 --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth1 --sport 80 -d 10.0.0.0/24 -o eth0 --dport 1024: -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth1 --sport 80 -d 192.168.0.0/24 -o eth2 --dport 1024: -j ACCEPT

########## Permite comunicação com protocolo HTTPS
iptables -A FORWARD -p tcp -s 10.0.0.0/24 -i eth0 --sport 1024: -d 0/0 -o eth1 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 -i eth2 --sport 1024: -d 0/0 -o eth1 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth1 --sport 443 -d 10.0.0.0/24 -o eth0 --dport 1024: -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth1 --sport 443 -d 192.168.0.0/24 -o eth2 --dport 1024: -j ACCEPT

########## Permite comunicação com protocolo HTDynDNS
iptables -A FORWARD -p tcp -s 10.0.0.0/24 -i eth0 --sport 1024: -d 0/0 -o eth1 --dport 8245 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 -i eth2 --sport 1024: -d 0/0 -o eth1 --dport 8245 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth1 --sport 8245 -d 10.0.0.0/24 -o eth0 --dport 1024: -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth1 --sport 8245 -d 192.168.0.0/24 -o eth2 --dport 1024: -j ACCEPT

########## Permite comunicação com protocolos 3DES, SHA1
iptables -A FORWARD -p udp -s 10.0.0.0/24 -i eth0 --sport 1024: -d 0/0 -o eth1 --dport 40002 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.0/24 -i eth2 --sport 1024: -d 0/0 -o eth1 --dport 40002 -j ACCEPT
iptables -A FORWARD -p udp -s 0/0 -i eth1 --sport 40002 -d 10.0.0.0/24 -o eth0 --dport 1024: -j ACCEPT
iptables -A FORWARD -p udp -s 0/0 -i eth1 --sport 40002 -d 192.168.0.0/24 -o eth2 --dport 1024: -j ACCEPT
iptables -A FORWARD -p udp -s 10.0.0.0/24 -i eth0 --sport 1024: -d 0/0 -o eth1 --dport 40003 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.0/24 -i eth2 --sport 1024: -d 0/0 -o eth1 --dport 40003 -j ACCEPT
iptables -A FORWARD -p udp -s 0/0 -i eth1 --sport 40003 -d 10.0.0.0/24 -o eth0 --dport 1024: -j ACCEPT
iptables -A FORWARD -p udp -s 0/0 -i eth1 --sport 40003 -d 192.168.0.0/24 -o eth2 --dport 1024: -j ACCEPT
iptables -A FORWARD -p udp -s 10.0.0.0/24 -i eth0 --sport 1024: -d 0/0 -o eth1 --dport 40004 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.0/24 -i eth2 --sport 1024: -d 0/0 -o eth1 --dport 40004 -j ACCEPT
iptables -A FORWARD -p udp -s 0/0 -i eth1 --sport 40004 -d 10.0.0.0/24 -o eth0 --dport 1024: -j ACCEPT
iptables -A FORWARD -p udp -s 0/0 -i eth1 --sport 40004 -d 192.168.0.0/24 -o eth2 --dport 1024: -j ACCEPT

########## Permite comunicaç com SERASA Porta 3006
iptables -A FORWARD -p tcp -s 10.0.0.0/24 -i eth0 --sport 1024: -d 0/0 -o eth1 --dport 3006 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 -i eth2 --sport 1024: -d 0/0 -o eth1 --dport 3006 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth1 --sport 3006 -d 10.0.0.0/24 -o eth0 --dport 1024: -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth1 --sport 3006 -d 192.168.0.0/24 -o eth2 --dport 1024: -j ACCEPT

########## Permite comunicação com Terminal Server
iptables -A FORWARD -p tcp -s 10.0.0.0/24 -i eth0 --sport 1024: -d 0/0 -o eth1 --dport 3389 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth1 --sport 3389 -d 10.0.0.0/24 -o eth0 --dport 1024: -j ACCEPT

########## Permite a Rede Local pingar na Internet
iptables -A FORWARD -p icmp --icmp-type ping -s 10.0.0.0/24 -i eth0 -d 0/0 -o eth1 -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type pong -s 0/0 -i eth1 -d 10.0.0.0/24 -o eth0 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -s 10.0.0.0/24 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 8 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -s 10.0.0.0/24 -j ACCEPT

########## Permite a Rede Local acessar um servidor POP3 na Internet
iptables -A FORWARD -p tcp -s 10.0.0.0/24 -i eth0 --sport 1024: -d 0/0 -o eth1 --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth1 --sport 110 -d 10.0.0.0/24 -o eth0 --dport 1024: -j ACCEPT

########## Permite a Rede Local acessar um servidor SMTP na Internet
iptables -A FORWARD -p tcp -s 10.0.0.0/24 -i eth0 --sport 1024: -d 0/0 -o eth1 --dport 25 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth1 --sport 25 -d 10.0.0.0/24 -o eth0 --dport 1024: -j ACCEPT

########## Permite comunicaç completa para HOSTMEDIA
#iptables -A FORWARD -s 192.168.1.0/24 -i eth1 -d 74.54.98.20 -o eth0 -j ACCEPT
#iptables -A FORWARD -s 74.54.98.20 -i eth0 -d 192.168.1.0/24 -o eth1 -j ACCEPT

########## Permite comunicaç completa para Conectividade Social
#iptables -A FORWARD -s 192.168.1.57 -i eth1 -d 0/0 -o eth0 -j ACCEPT
#iptables -A FORWARD -s 0/0 -i eth0 -d 192.168.1.57 -o eth1 -j ACCEPT

########## Permite comunicaç com MySQL
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 3306 -j ACCEPT
iptables -A FORWARD -p tcp -s 10.0.0.0/24 -i eth0 --sport 1024: -d 0/0 -o eth1 --dport 3306 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth1 --sport 3306 -d 10.0.0.0/24 -o eth0 --dport 1024: -j ACCEPT

#iptables -A FORWARD -p tcp -s 10.0.0.0/24 -i eth0 --sport 1024: -d 0/0 -o eth1 --dport 3306 -j ACCEPT
#iptables -A FORWARD -p tcp -s 0/0 -i eth1 --sport 3306 -d 10.0.0.0/24 -o eth0 --dport 1024: -j ACCEPT

########## Permite comunicaç com VNC
#iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 5900 -j ACCEPT
#iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 5900 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT

## Libera SQL do SYSBD para SYSWEB
#iptables -A FORWARD -p tcp --sport 1433 -j ACCEPT
#iptables -A FORWARD -p tcp --dport 1433 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1433 -j DNAT --to-destination 192.168.1.6
#iptables -t nat -A PREROUTING -i eth0 -p udp --dport 1433 -j DNAT --to-destination 192.168.1.6

########## Permite conexao com Banco Indusval
#iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 1414 -j ACCEPT
#iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 1414 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT

########## Permite comunicaç com Banco Rural na porta 8444

#iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 8444 -j ACCEPT
#iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 8444 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT

########## Permite comunicaç com BSistema de Cameras
#iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 5400 -j ACCEPT
#iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 5400 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT

######### YAZIGI TRAVEL
########## Permite comunicaç com Empresa Externa - YET
#iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 8007 -j ACCEPT
#iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 8007 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT

########## Permite comunicaç com YET e sistema Rextur
#iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 30030 -j ACCEPT
#iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 30030 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT

########## Permite comunicaç com YET e sistema Rextur
#iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 30031 -j ACCEPT
#iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 30031 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT

########## Permite comunicaç com YET e sistema Rextur
#iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 30032 -j ACCEPT
#iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 30032 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT

########## Permite comunicaç com YET e sistema Rextur
#iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 30051 -j ACCEPT
#iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 30051 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT

########## Permite comunicaç com YET e sistema Rextur
#iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 6723 -j ACCEPT
#iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 6723 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT

########## Permite comunicaç com ReceitaNet 2006
iptables -A FORWARD -p tcp -s 10.0.0.0/24 -i eth0 --sport 1024: -d 0/0 -o eth1 --dport 3456 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth1 --sport 3456 -d 10.0.0.0/24 -o eth0 --dport 1024: -j ACCEPT

######## Direciona o Acesso remoto pra IP interno - HELDER
#iptables -A FORWARD -p tcp --sport 3389 -j ACCEPT
#iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT --to-destination 192.168.1.24
#iptables -t nat -A PREROUTING -i eth0 -p udp --dport 3389 -j DNAT --to-destination 192.168.1.24

######## Direciona o Acesso remoto pra IP interno - CAMERAS
#iptables -A FORWARD -p tcp --sport 5400 -j ACCEPT
#iptables -A FORWARD -p tcp --dport 5400 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5400 -j DNAT --to-destination 192.168.1.100
#iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5400 -j DNAT --to-destination 192.168.1.100

####################################################################################################################
########## Redireciona os pacotes para porta 80 para a 3128
iptables -t nat -A PREROUTING -p tcp -s 10.0.0.0/24 -i eth0 -d 0/0 --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -p tcp -s 192.168.0.0/24 -i eth2 -d 0/0 --dport 80 -j REDIRECT --to-port 3128

########## Redireciona os pacotes para porta 8080 para a 3128
########## iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 -i eth1 -d 0/0 --dport 8080 -j REDIRECT --to-port 3128

########## Redireciona os pacotes para porta 443 para a 3128
########## iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 -i eth1 -d 0/0 --dport 443 -j REDIRECT --to-port 3128

########## Permite a entrada de pacotes para a porta 3128
iptables -A INPUT -s 10.0.0.0/24 -i eth0 -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/24 -i eth2 -p tcp --dport 3128 -j ACCEPT

########## Permite a Rede Local enviar pacotes para a porta 80 na Web
iptables -A FORWARD -s 10.0.0.0/24 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 80 -j ACCEPT

########## Permite a Rede Local enviar pacotes para a porta 443 na Web
iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 443 -j ACCEPT

########## Libera o PROXY, que está dentro do firewall pesquisar na web
iptables -A OUTPUT -p tcp -o eth1 -d -0/0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -i eth1 -s -0/0 --sport 80 -j ACCEPT

########## Libera o PROXY, que está dentro do firewall pesquisar na web
iptables -A OUTPUT -p tcp -o eth1 -d -0/0 --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -i eth1 -s -0/0 --sport 443 -j ACCEPT

########## Libera o PROXY, que está dentro do firewall pesquisar DNS
iptables -A OUTPUT -p udp -o eth1 -d -0/0 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -i eth1 -s -0/0 --sport 53 -j ACCEPT

########## Libera o retorno do pacotes do PROXY para a rede local
iptables -A OUTPUT -d 10.0.0.0/24 -o eth0 -p tcp --sport 3128 -j ACCEPT
iptables -A OUTPUT -d 192.168.0.0/24 -o eth2 -p tcp --sport 3128 -j ACCEPT

########## Libera o trafico interno da loopback com ela mesma
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

0 0

Quote

19. Re: Liberar porta 3306/21

renato_pacheco
(usa Debian)

Enviado em 06/04/2010 - 14:33h

Tire aquelas regras loucas lá e coloque essas:

iptables -A FORWARD -p tcp --dport 3306 -j ACCEPT
iptables -A FORWARD -p udp --dport 3306 -j ACCEPT

0 0

Quote

20. Re: Liberar porta 3306/21

reynatojr
(usa Ubuntu)

Enviado em 06/04/2010 - 14:44h

Continua nao acessando =/

0 0

Quote

21. Re: Liberar porta 3306/21

renato_pacheco
(usa Debian)

Enviado em 06/04/2010 - 14:48h

Acho q faltou a regra d volta:

iptables -A FORWARD -p tcp --dport 3306 -j ACCEPT
iptables -A FORWARD -p udp --dport 3306 -j ACCEPT
iptables -A FORWARD -p tcp --sport 3306 -j ACCEPT
iptables -A FORWARD -p udp --sport 3306 -j ACCEPT

0 0

Quote

22. Re: Liberar porta 3306/21

reynatojr
(usa Ubuntu)

Enviado em 06/04/2010 - 15:07h

Nada feito, continuo na mesma... =/

0 0

Quote

23. Re: Liberar porta 3306/21

renato_pacheco
(usa Debian)

Enviado em 06/04/2010 - 15:21h

Vamo tentar analisar o tráfego?

iptables -A FORWARD -p tcp --dport 3306 -j ACCEPT
iptables -A FORWARD -p tcp --dport 3306 -j LOG --log-level info --log-prefix "MYSQL TCP INDO >"
iptables -A FORWARD -p udp --dport 3306 -j ACCEPT
iptables -A FORWARD -p udp --dport 3306 -j LOG --log-level info --log-prefix "MYSQL UDP INDO >"
iptables -A FORWARD -p tcp --sport 3306 -j ACCEPT
iptables -A FORWARD -p tcp --sport 3306 -j LOG --log-level info --log-prefix "MYSQL TCP VOLTANDO >"
iptables -A FORWARD -p udp --sport 3306 -j ACCEPT
iptables -A FORWARD -p udp --sport 3306 -j LOG --log-level info --log-prefix "MYSQL UDP VOLTANDO >"

Faça um:

# tail -f /var/log/messages

E espere... poste o resultado aki.

0 0

Quote

24. Re: Liberar porta 3306/21

reynatojr
(usa Ubuntu)

Enviado em 06/04/2010 - 15:25h

Apr 6 14:42:18 linux kernel: [59839.927296] INPUT int-lab-to-fw: IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:10:4b:c7:83:a7:08:00 SRC=192.168.0.4 DST=192.168.0.255 LEN=271 TOS=0x00 PREC=0x00 TTL=128 ID=15029 PROTO=UDP SPT=138 DPT=138 LEN=251
Apr 6 14:42:18 linux kernel: [59839.927479] INPUT int-lab-to-fw: IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:5b:2f:46:0e:08:00 SRC=192.168.0.2 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=25960 PROTO=UDP SPT=137 DPT=137 LEN=58
Apr 6 14:42:33 linux kernel: [59854.682635] INPUT int-lab-to-fw: IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:10:4b:c7:83:a7:08:00 SRC=192.168.0.4 DST=192.168.0.255 LEN=271 TOS=0x00 PREC=0x00 TTL=128 ID=15089 PROTO=UDP SPT=138 DPT=138 LEN=251
Apr 6 14:42:33 linux kernel: [59854.683023] INPUT int-lab-to-fw: IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:47:3e:58:e0:08:00 SRC=192.168.0.127 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=137 DPT=137 LEN=58
Apr 6 14:43:06 linux kernel: [59887.426779] INPUT int-lab-to-fw: IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:10:4b:c7:83:a7:08:00 SRC=192.168.0.4 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=15164 PROTO=UDP SPT=137 DPT=137 LEN=58
Apr 6 14:43:06 linux kernel: [59887.584953] FORWARD, int-to-ext: IN=eth2 OUT=eth1 SRC=192.168.0.4 DST=200.150.144.253 LEN=71 TOS=0x00 PREC=0x00 TTL=127 ID=15189 PROTO=UDP SPT=64794 DPT=53 LEN=51
Apr 6 14:43:53 linux kernel: [59934.929838] INPUT ext-to-fw: IN=eth1 OUT= MAC=00:e1:bb:00:03:3b:00:09:43:7f:41:a6:08:00 SRC=189.106.76.137 DST=200.155.25.214 LEN=64 TOS=0x00 PREC=0x00 TTL=120 ID=40623 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=22398
Apr 6 14:44:03 linux kernel: [59944.517272] INPUT int-adm-to-fw: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:16:76:75:83:2e:08:00 SRC=10.0.0.6 DST=10.0.255.255 LEN=239 TOS=0x00 PREC=0x00 TTL=128 ID=20341 PROTO=UDP SPT=138 DPT=138 LEN=219
Apr 6 14:44:05 linux kernel: [59946.301554] FORWARD, int-to-ext: IN=eth2 OUT=eth1 SRC=192.168.0.84 DST=74.54.82.209 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=52804 DF PROTO=TCP SPT=4929 DPT=7000 WINDOW=65535 RES=0x00 SYN URGP=0
Apr 6 15:05:33 linux -- MARK --

0 0

Quote