AYUDA SQUID TRANSPARENTE + DANSGUARDIAN + IPTABLES

Imagen de Mirrortech

Enviado por Mirrortech en

Forums: 

BUENAS NOCHES

Agradesco si alguien me puede dar 1 Concepto sobre la configuracion del IPTABLES para la funcion del ASUNTO..

Tengo todo en 1 solo PC con CentOS 5.5 y aun NO logro que funcione adecuadamente, la navegacion esta muy lenta, y a veces se queda la pagina en blanco y NO sale las advertencias de Bloqueo del DANSGUARDIAN

Quedo atento

iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
INTERNALIF="eth0"
INTERNALNET="192.168.127.160/27"
INTERNALBCAST="192.168.127.191"
EXTERNALIF="ppp0"
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -t mangle -F
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 >/proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -d 127.0.0.0/8 -j REJECT
iptables -A INPUT -i $INTERNALIF -s $INTERNALNET -j ACCEPT
iptables -A INPUT -i $EXTERNALIF -s $INTERNALNET -j REJECT
iptables -A FORWARD -p icmp --icmp-type echo-request -o $INTERNALIF -j REJECT
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
iptables -A INPUT -p icmp -d $INTERNALBCAST -j DROP
iptables -A INPUT -p icmp -j ACCEPT
iptables -A FORWARD -o $EXTERNALIF -p tcp --dport 137 -j REJECT
iptables -A FORWARD -o $EXTERNALIF -p tcp --dport 138 -j REJECT
iptables -A FORWARD -o $EXTERNALIF -p tcp --dport 139 -j REJECT
iptables -A FORWARD -o $EXTERNALIF -p udp --dport 137 -j REJECT
iptables -A FORWARD -o $EXTERNALIF -p udp --dport 138 -j REJECT
iptables -A FORWARD -o $EXTERNALIF -p udp --dport 139 -j REJECT
iptables -A INPUT -i $EXTERNALIF -p udp --dport 137 -j REJECT
iptables -A FORWARD -o $EXTERNALIF -i $INTERNALIF -j ACCEPT
iptables -A OUTPUT -m state --state NEW -o $EXTERNALIF -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state NEW -o $EXTERNALIF -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $INTERNALIF -p tcp --sport 68 --dport 67 -j ACCEPT
iptables -A INPUT -i $INTERNALIF -p udp --sport 68 --dport 67 -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 --syn -m limit --limit 2/s --limit-burst 10 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 --syn -j DROP
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p udp --dport 161 -j ACCEPT
iptables -A INPUT -p udp --dport 162 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 389 -j ACCEPT
iptables -A INPUT -p tcp --dport 631 -j ACCEPT
iptables -A INPUT -p udp --dport 631 -j ACCEPT
iptables -A INPUT -p tcp --dport 1863 -j ACCEPT
iptables -A INPUT -p udp --dport 2727 -j ACCEPT
iptables -A INPUT -i $INTERNALIF -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --sport 4569 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp --dport 5036 -j ACCEPT
iptables -A INPUT -p tcp --dport 5038 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --sport 5060 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 8245 -j ACCEPT
iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
iptables -A INPUT -i $INTERNALIF -p tcp --dport 31100 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --sport 10000:20000 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i $INTERNALIF -p tcp --dport 58071 -j ACCEPT
iptables -A INPUT -i $INTERNALIF -p udp --dport 58071 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 0:65535 -j DROP
iptables -A INPUT -i ppp0 -p udp --dport 0:65535 -j DROP
iptables -A INPUT -p udp --dport 33434:33523 -j DROP
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A INPUT -p all -j DROP
iptables -A FORWARD -p tcp -j REJECT --reject-with tcp-reset
iptables -A FORWARD -p all -j DROP
iptables -A OUTPUT -j ACCEPT
iptables -A FORWARD -p tcp --dport 25 -j LOG
iptables -A FORWARD -p tcp --dport 25 -j DROP
iptables -A OUTPUT -p tcp --dport 25 -j DROP
iptables -t nat -A PREROUTING -i $INTERNALIF -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.127.190:8080
iptables -t nat -A PREROUTING -i $EXTERNALIF -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o $EXTERNALIF -j MASQUERADE
iptables -A FORWARD -j REJECT --reject-with icmp-port-unreachable
/sbin/service iptables save