| Linha 1: | Linha 1: | ||
| - | + | ||
| + | =Acesso= | ||
ssh cartoriobiguacu.no-ip.info -l root --> firewall | ssh cartoriobiguacu.no-ip.info -l root --> firewall | ||
ssh 187.55.251.121 -l root --> firewall | ssh 187.55.251.121 -l root --> firewall | ||
| + | IP 186.215.117.71 | ||
| + | Mascara 255.255.255.192 | ||
| + | GW 186.215.117.65 | ||
| - | |||
| - | + | =Compartilhamentos e grupos de acesso= | |
| - | + | ||
| - | + | ||
| + | Administrativo | ||
| + | mauricio | ||
| - | + | Arquivos Gerais | |
| + | todos | ||
| - | + | CartMySQL | |
| + | todos | ||
| - | + | CartScan | |
| + | todos | ||
| + | LspSys | ||
| + | todos | ||
| - | + | SeloDigital | |
| + | todos | ||
| + | Suporte | ||
| + | todos | ||
| - | + | Usuarios | |
| + | todos | ||
| - | + | ==Usuarios e senhas== | |
| - | * | + | cart01, c4rt*01 |
| + | cart02, c4rt*02 | ||
| + | cart03, c4rt*03 | ||
| + | cart04, c4rt*04 | ||
| + | cart05, c4rt*05 | ||
| + | cart06, c4rt*06 | ||
| + | cart07, c4rt*07 | ||
| + | cart08, c4rt*08 | ||
| + | cart09, c4rt*09 | ||
| + | cart10, c4rt*10 | ||
| + | cart11, c4rt*11 | ||
| + | cart12, c4rt*12 | ||
| + | cart13, c4rt*13 | ||
| + | cart14, c4rt*14 | ||
| - | |||
| - | |||
| - | + | =Backup= | |
| - | + | '''backup diario via cobian local e para HD externo''' | |
| - | + | ||
| - | + | D:\BACKUP --> local | |
| - | + | ||
| - | + | G:\BACKUP_EXTERNO --> HD_externo | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
Tabela de conteúdo |
ssh cartoriobiguacu.no-ip.info -l root --> firewall ssh 187.55.251.121 -l root --> firewall
IP 186.215.117.71 Mascara 255.255.255.192 GW 186.215.117.65
Administrativo mauricio
Arquivos Gerais todos
CartMySQL todos
CartScan todos
LspSys todos
SeloDigital todos
Suporte todos
Usuarios todos
cart01, c4rt*01 cart02, c4rt*02 cart03, c4rt*03 cart04, c4rt*04 cart05, c4rt*05 cart06, c4rt*06 cart07, c4rt*07 cart08, c4rt*08 cart09, c4rt*09 cart10, c4rt*10 cart11, c4rt*11 cart12, c4rt*12 cart13, c4rt*13 cart14, c4rt*14
backup diario via cobian local e para HD externo
D:\BACKUP --> local G:\BACKUP_EXTERNO --> HD_externo
rc.local
#### Bloqueio do msn
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 1863 -j REJECT
iptables -A FORWARD -s 192.168.0.0/24 -d loginnet.passport.com -j REJECT
#### Libera estacoes para MSN
iptables -A FORWARD -s 192.168.0.15/32 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.15/32 -d loginnet.passport.com -j ACCEPT
iptables -A FORWARD -s 192.168.0.20/32 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.20/32 -d loginnet.passport.com -j ACCEPT
#iptables -A FORWARD -s 192.168.0.4/32 -p tcp --dport 1863 -j ACCEPT
#iptables -A FORWARD -s 192.168.0.4/32 -d loginnet.passport.com -j ACCEPT
#### IP/Bancos por fora do proxy Santander
iptables -t nat -I tproxy -d 200.220.186.3 -j RETURN
iptables -t nat -I tproxy -d 200.220.178.3 -j RETURN
iptables -t nat -I tproxy -d 200.220.179.4 -j RETURN
iptables -t nat -I tproxy -d 200.220.187.4 -j RETURN
#### Conectividade Social Caixa
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -d 200.201.174.0/24 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -d 200.201.174.202 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.202:80
iptables -t nat -A PREROUTING -d 200.201.174.203 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.203:80
iptables -t nat -A PREROUTING -d 200.201.174.204 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.204:80
iptables -t nat -A PREROUTING -d 200.201.174.205 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.205:80
iptables -t nat -A PREROUTING -d 200.201.174.206 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.206:80
iptables -t nat -A PREROUTING -d 200.201.174.207 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.207:80
iptables -t nat -A PREROUTING -d 200.201.174.208 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.208:80
iptables -t nat -A PREROUTING -d 200.201.174.209 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.209:80
iptables -t nat -I PREROUTING -i eth1 -d 200.201.174.0/24 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth1 -d www.caixa.gov.br -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -d www1.caixa.gov.br -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -d cmt.caixa.gov.br -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -i eth1 -d www.caixa.com.br -p tcp --dport 80 -j ACCEPT
iptables -t nat -I PREROUTING -d 200.201.174.207 -j ACCEPT
iptables -t nat -I PREROUTING -s 200.201.174.207 -j ACCEPT
iptables -t nat -I PREROUTING -d 200.201.169.69 -j ACCEPT
iptables -t nat -I PREROUTING -s 200.201.169.69 -j ACCEPT
iptables -t nat -I PREROUTING -d 200.201.166.240 -j ACCEPT
iptables -t nat -I PREROUTING -s 200.201.166.240 -j ACCEPT
iptables -I FORWARD -p tcp --dport 80 -s 192.168.0.0/24 -d 200.201.174.0/24 -j ACCEPT
iptables -I FORWARD -p tcp --dport 21 -d 200.201.174.207 -j ACCEPT
iptables -I FORWARD -p tcp --dport 80 -d 200.201.174.207 -j ACCEPT
iptables -I FORWARD -p tcp --dport 21 -d 200.201.169.69 -j ACCEPT
iptables -I FORWARD -p tcp --dport 80 -d 200.201.169.69 -j ACCEPT
iptables -I FORWARD -p tcp --dport 21 -d 200.201.166.240 -j ACCEPT
iptables -I FORWARD -p tcp --dport 80 -d 200.201.166.240 -j ACCEPT
iptables -I FORWARD -p tcp --dport 20001:20005 -s 200.201.169.69 -j ACCEPT
iptables -I FORWARD -p tcp --dport 20000:20019 -d 200.201.169.69 -j ACCEPT
iptables -I FORWARD -p tcp --dport 20001:20005 -s 200.201.166.240 -j ACCEPT
iptables -I FORWARD -p tcp --dport 20000:20019 -d 200.201.166.240 -j ACCEPT
iptables -I FORWARD -p tcp --dport 20001:20005 -s 200.201.174.207 -j ACCEPT
iptables -I FORWARD -p tcp --dport 20000:20019 -d 200.201.174.207 -j ACCEPT
iptables -I FORWARD -p tcp -s 200.201.174.207 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD -p tcp -s 200.201.169.69 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD -p tcp -s 200.201.166.240 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p udp -s 200.201.174.207 -j ACCEPT
iptables -A INPUT -i eth1 -p udp -s 200.201.174.207 -j ACCEPT
iptables -A INPUT -i eth0 -p udp -s 200.201.169.69 -j ACCEPT
iptables -A INPUT -i eth1 -p udp -s 200.201.169.69 -j ACCEPT
iptables -A INPUT -i eth0 -p udp -s 200.201.166.240 -j ACCEPT
iptables -A INPUT -i eth1 -p udp -s 200.201.166.240 -j ACCEPT
iptables -A OUTPUT -p tcp --destination-port 2631:2631 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 2631:2631 -j ACCEPT
#### Passa por fora do Proxy ####
iptables -t nat -I tproxy -d 200.201.166.200 -j RETURN
iptables -t nat -I tproxy -d 200.201.166.240 -j RETURN
iptables -t nat -I tproxy -d 200.201.169.69 -j RETURN
iptables -t nat -I tproxy -d 200.201.173.0/24 -j RETURN
iptables -t nat -I tproxy -d 200.201.173.68 -j RETURN
iptables -t nat -I tproxy -d 200.201.174.0/24 -j RETURN
iptables -t nat -I tproxy -d 200.201.174.204 -j RETURN
iptables -t nat -I tproxy -d 200.201.174.207 -j RETURN
# Speed UP DNS
iptables -t mangle -A OUTPUT -p udp --dport 53 -j TOS --set-tos 0x08 iptables -t mangle -A PREROUTING -p udp --dport 53 -j TOS --set-tos 0x10
# Speed UP HTTP
iptables -t mangle -A OUTPUT -p tcp -j TOS --sport 80 --set-tos 0x08
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TOS --set-tos 0x08
## bloqueado https (Porta 443) iptables -A FORWARD -d 207.44.237.165 -p tcp --dport 443 -j DROP #proxify
iptables -A INPUT -d 207.44.237.165 -p tcp --dport 443 -j DROP #proxify
iptables -A FORWARD -d meebo.com -p tcp --dport 443 -j DROP iptables -A INPUT -d meebo.com -p tcp --dport 443 -j DROP
#Bloqueio do https://Imo.im
iptables -A FORWARD -d imo.im -p tcp --dport 443 -j DROP
iptables -A INPUT -d imo.im -p tcp --dport 443 -j DROP
iptables -A FORWARD -p tcp -d imo.im --dport 448 -j DROP
iptables -A FORWARD -p udp -d imo.im --dport 448 -j DROP
## google talk
iptables -A FORWARD -d talk.google.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d talkx.l.google.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d talk.l.google.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d chatenabled.mail.google.com -p tcp --dport 443 -j DROP
## bloqueado https (Porta 563)
#iptables -A FORWARD -d iy-in-f85.google.com -p tcp --dport 563 -j DROP #orkut
#iptables -A INPUT -d vw-in-f85.google.com -p tcp --dport 563 -j DROP #orkut
iptables -A FORWARD -d imo.im -p tcp --dport 563 -j DROP
iptables -A INPUT -d imo.im -p tcp --dport 563 -j DROP
iptables -A FORWARD -d 207.44.237.165 -p tcp --dport 563 -j DROP #proxify
iptables -A INPUT -d 207.44.237.165 -p tcp --dport 563 -j DROP #proxify
iptables -A FORWARD -d meebo.com -p tcp --dport 563 -j DROP
iptables -A INPUT -d meebo.com -p tcp --dport 563 -j DROP
### BLOQ PLUS
iptables -t nat -I PREROUTING -p tcp --dport 443 -j ACCEPT # LIBERADO PARA ACESSO A BANCOS iptables -A FORWARD -d orkut.com -p tcp --dport 563 -j DROP
iptables -A INPUT -d orkut.com -p tcp --dport 563 -j DROP
iptables -A FORWARD -d imo.im -p tcp --dport 563 -j DROP iptables -A INPUT -d imo.im -p tcp --dport 563 -j DROP
iptables -t nat -I PREROUTING -p tcp -d www.meebo.com --dport 443 -j DROP
iptables -t nat -I PREROUTING -p tcp -d www.orkut.com --dport 443 -j DROP
iptables -t nat -I PREROUTING -p tcp -d www.buddy.com --dport 443 -j DROP
iptables -t nat -I PREROUTING -p tcp -d www.ebuddy.com --dport 443 -j DROP
## Bloqueio das estacoes CART 10 11 e 12
iptables -t nat -I PREROUTING -p tcp -m iprange --src-range 192.168.0.5-192.168.0.7 -j DROP
## Liberação de sites essenciais para CART 10 11 e 12
iptables -t nat -I PREROUTING -p tcp -d tjsc6.tjsc.jus.br -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d www.receita.fazenda.gov.br -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d receita.fazenda.gov.br -j ACCEPT iptables -t nat -I PREROUTING -p tcp -d www.extrajudicial.tjsp.jus.br -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d extrajudicial.tjsp.jus.br -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d www.tj.sc.gov.br -j ACCEPT iptables -t nat -I PREROUTING -p tcp -d tj.sc.gov.br -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d app.tjsc.jus.br -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d www.tjsc.jus.br -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d tjsc.jus.br -j ACCEPT
## Lebera a atualização do avira
iptables -t nat -I PREROUTING -p tcp -d personal.avira-update.com -j ACCEPT
### vpn
#openvpn /etc/brazilfw/openvpn/server-01.config #openvpn /etc/brazilfw/openvpn/server-02.config
### ADM
cp /partition/lupa/otimizacoes/meu_profile/profile /root/.profile
cp /partition/lupa/otimizacoes/lupa.png /var/htdocs/webadmin/images/logo.png
/partition/lupa/scripts/snmpd.sh