Ubuntu server 12.04.
- Modem ZTE está conectado a eth1
- Após rodar pppoeconf o servidor navega normalmente.
- No roteador wireless desabilitei o dhcp e coloqeui o ip 192.164.1.10 (está como ponto de acesso apenas)
- já retirei o proxy mas os clientes continuam a não navegar
Minha configuração está assim:
#/etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp
auto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf
provider dsl-provider
auto eth1
iface eth1 inet static
address 192.168.1.7
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
###################################################
#/etc/dhcp/dhcpd.conf
#
# Attention: If /etc/ltsp/dhcpd.conf exists, that will be used as
# configuration file instead of this file.
#
#
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
# option definitions common to all supported networks...
#ption domain-name "lanpredio2
#ption domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
#lanpredio2
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.1 192.168.1.50;
options routers 192.168.1.7;
option boadcast-address 192.168.1.255;
}
###################################################
#/etc/NetworkManager$
[main]
plugins=ifupdown,keyfile
dns=dnsmasq
[ifupdown]
managed=true
===================================================
#/etc/default/isc-dhcp-server
# Defaults for dhcp initscript
# sourced by /etc/init.d/dhcp
# installed at /etc/default/isc-dhcp-server by the maintainer scripts
#
# This is a POSIX shell fragment
#
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES="eth0"
===================================================
#firewall compartilha
# Firewall compatilha
#
#!/bin/bash -e
#
modprobe iptable_nat
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
#
#não responde a ping
#
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
# habilita forward
echo 1 > /proc/sys/net/ipv4/ip_forward
# Abre algumas portas (opcional)
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 7777:7779 -j DNAT --to-dest 192.168.1.7
iptables -A FORWARD -p udp -i eth1 --dport 7777:7779 -d 192.168.1.7 -j ACCEP
iptables -A INPUT -p tcp --destination-port 22 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 1021 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 1080 -j ACCEPT
# Abre para a rede local
iptables -A INPUT -p tcp --syn -s 192.168.1.0/255.255.255.0 -j ACCEPT
# Fecha o resto
iptables -A INPUT -p tcp --syn -j DROP
#foward da porta. Neste caso estou direcionando a porta 22 (do SSH) na conexão com a internet (eth1) para o eth1 192.168.1.7 da rede local:
iptables -t nat -A PREROUTING -i etho -p tcp --dport 22 -j DNAT --to-dest 192.168.1.7
iptables -A FORWARD -p tcp -i eth0 --dport 22 -d 192.168.1.7 -j ACCEPT
#No bittorrent, que usa as portas tcp de 6881 a 6889 (ele tenta uma a uma até achar uma disponível) a regra seria:
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 6881:6889 -j DNAT --to-dest 192.168.0.2
# iptables -A FORWARD -p tcp -i eth0 --dport 6881:6889 -d 192.168.1.7 -j ACCEPT
================================================
Desde já agradeço qq. ajuda...
