rpsimoes
(usa Debian)
Enviado em 26/01/2012 - 07:30h
Já consegui usar o NX antes usando um artigo do VOL:
http://www.vivaolinux.com.br/artigo/Free-NX-Executando-aplicacoes-remotas?pagina=1
mas depois que configurei o firewall não consegui mais, por isso penso que o problema está em alguma regra no firewall.
Segue abaixo mensagem de erro do NX e arquivo de firewall do servidor.
IP do servidor: 192.168.0.1 Porta:22
Desde já agredeço!!!
MENSAGEM DE ERRO DO NX
======================
The remote proxy closed the connection while negotiating the session. This may be due to the wrong authentication credentials passed
to the server.
-------------------------------------------------------------------------------
Info: Display running with pid '4372' and handler '0x50616'.
NXPROXY - Version 3.5.0
Copyright (C) 2001, 2011 NoMachine.
See
http://www.nomachine.com/ for more information.
Info: Proxy running in client mode with pid '4152'.
Session: Starting session at 'Wed Jan 25 06:44:34 2012'.
Error: The remote NX proxy closed the connection.
Error: Failure negotiating the session in stage '7'.
Error: Wrong version or invalid session authentication cookie.
Session: Terminating session at 'Wed Jan 25 06:44:53 2012'.
Session: Session terminated at 'Wed Jan 25 06:44:53 2012'.
FIREWALL
========
#!/bin/sh
### BEGIN INIT INFO
# Provides: firewall
# Required-Start: $remote_fs $syslog $time
# Required-Stop: $remote_fs $syslog $time
# Default-Start: 2 3 5 S # Em que runlevel começa
# Default-Stop: 0 1 6 # Em qual runlevel para
# description: Inicia ou para o servicor de FIREWALL
### END INIT INFO
# $remote_fs: Só executa depois montar todos os sistemas de arquivos
# $syslog: O log do sistema está funcionando (System Log is Operational)
# $time: Só executa depois de acertar a hora (A hora pode ser buscada de um outro servidor)
#Internet=eth0
#Rede Interna=eth1, ppp0
#
# Ativa modulos
#
modprobe ip_tables
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_nat_ftp
modprobe ipt_REJECT
modprobe ipt_MASQUERADE
#
# Zera regras
#
iptables -F
iptables -X
iptables -F -t nat
iptables -X -t nat
iptables -F -t filter
iptables -X -t filter
#
# Determina a politica padrao
#
iptables -P INPUT DROP
iptables -P FORWARD DROP
#
# Aceita os pacotes que realmente devem entrar
#
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Controle de acesso IP X MAC
#
# Cliente 1: micro01 (Micro Linux)
iptables -t filter -A FORWARD -d 0/0 -s 192.168.0.51 -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT
iptables -t filter -A FORWARD -d 192.168.0.51 -s 0/0 -j ACCEPT
iptables -t filter -A INPUT -s 192.168.0.51 -d 0/0 -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.51 -o ppp0 -j MASQUERADE
# Cliente 2: micro02 (Micro Windows)
iptables -t filter -A FORWARD -d 0/0 -s 192.168.0.52 -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT
iptables -t filter -A FORWARD -d 192.168.0.52 -s 0/0 -j ACCEPT
iptables -t filter -A INPUT -s 192.168.0.52 -d 0/0 -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.52 -o ppp0 -j MASQUERADE
# Cliente 3: micro03 (Notebook)
iptables -t filter -A FORWARD -d 0/0 -s 192.168.0.53 -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT
iptables -t filter -A FORWARD -d 192.168.0.53 -s 0/0 -j ACCEPT
iptables -t filter -A INPUT -s 192.168.0.53 -d 0/0 -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.53 -o ppp0 -j MASQUERADE
#
# Aceita ping externo
#
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
#
# Aceita conexao externa via SSH (Porta 22)no servidor de internet
#
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#
# Aceita conexao externa via WEBMIN (Porta 10000) no servidor de internet
#
iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
#
# Aceita conexao externa via CUPS (Porta 631) no servidor de internet
#
iptables -A INPUT -p tcp --dport 631 -j ACCEPT
#
# Redirecionamento de portas
#
# Redirecionando a porta 5901 (VNC) na conexao com a internet (ppp0) para o micro 192.168.0.51
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 5901 -j DNAT --to-dest 192.168.0.51
iptables -A FORWARD -p tcp -i ppp0 --dport 5901 -d 192.168.0.51 -j ACCEPT
# Redirecionando a porta 3389 (Windows Terminal Server) na conexao com a internet (ppp0) para o micro 192.168.0.51
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 3389 -j DNAT --to-dest 192.168.0.51
iptables -A FORWARD -p tcp -i ppp0 --dport 3389 -d 192.168.0.51 -j ACCEPT
# Redirecionando a porta 5902 (VNC) na conexao com a internet (ppp0) para o micro 192.168.0.52
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 5902 -j DNAT --to-dest 192.168.0.52
iptables -A FORWARD -p tcp -i ppp0 --dport 5902 -d 192.168.0.52 -j ACCEPT
# Redirecionando a porta 2222 (ssh) na conexao com a internet (ppp0) para o micro 192.168.0.52
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 2222 -j DNAT --to-dest 192.168.0.52
iptables -A FORWARD -p tcp -i ppp0 --dport 2222 -d 192.168.0.52 -j ACCEPT
# Redirecionando a porta 5903 (VNC) na conexao com a internet (ppp0) para o micro 192.168.0.53
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 5903 -j DNAT --to-dest 192.168.0.53
iptables -A FORWARD -p tcp -i ppp0 --dport 5903 -d 192.168.0.53 -j ACCEPT
#
# Compartilha a conexao
#
echo 1 > /proc/sys/net/ipv4/ip_forward
#
# Configura o Proxy
#
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j REDIRECT --to 3128
#
# Fecha o resto
#
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP