Porta e IP [RESOLVIDO]

1. Porta e IP [RESOLVIDO]

marcelohbr
(usa CentOS)

Enviado em 15/06/2011 - 17:27h

Galera, eh o seguinte:
Sei q existe, jah usei mas nao me lembro mais como se faz.
Tenho q acessar a internet com um determinado programa q esta sempre dando erro.
Preciso de um comando q, quando eu starto ele, ele me mostra quais as portas e ip's q estou tentando acessar naqele exato momento.
Sei q nao eh: tail -f /var/log/...
Qem souber, da uma ajudinha ae?
Vlw galera!

0 0

Quote

2. MELHOR RESPOSTA

thiagocoimbra23
(usa Debian)

Enviado em 16/06/2011 - 09:48h

marcelo bom dia, o software bom para o que você precisa é o tcpdump, pois ele mostra todo trafego da rede, voce consegue saber exatamente o que precisa. caso seja alguma coisa especifica para saber quais portas estão aberta, você pode usar o nmap. qualquer dúvida estamos ai pra ajudar, abraços e fique com DEUS.

0 0

Quote

3. Re: Porta e IP [RESOLVIDO]

/bin/laden
(usa Void Linux)

Enviado em 15/06/2011 - 17:36h

Por acaso ñ seria o netstat?

0 0

Quote

4. Re: Porta e IP [RESOLVIDO]

marcelohbr
(usa CentOS)

Enviado em 16/06/2011 - 08:18h

Brodi, como seria o uso desse troço ae? rsrsrs....
Eh soh digitar netstat e dar enter?

Vlw pela dica!

0 0

Quote

5. Consulta o manual

/bin/laden
(usa Void Linux)

Enviado em 16/06/2011 - 08:29h

man netstat

Tá tudinho explicado lá.

0 0

Quote

6. Re: Porta e IP [RESOLVIDO]

marcelohbr
(usa CentOS)

Enviado em 16/06/2011 - 09:08h

Brodi, pelo q vi nao eh o q estou precisando...
Qando digito a linha de comando em qestao e pressiono ENTER, ele dispara e soh para qando dou Ctrl+C, daí, tudo o q ele gerou ali, eu leio e interpreto e vejo q o computador X tentou acessar na internet o ip Y e a porta W.
De posse desse relatorio, vou no meu firewall e libero determinado ip e porta.

Um exemplo bom eh essa regra q foi criada usando o dito cujo q nao me recordo mais:
iptables -A OUTPUT -p tcp --dport 8017 -j ACCEPT
iptables -A OUTPUT -p udp --dport 8017 -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 201.16.234.27/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 200.166.92.27/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 201.16.234.27/24 -p udp -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 200.166.92.27/24 -p udp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 201.16.234.27/24 -d 192.168.0.0/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 201.16.234.27/24 -d 192.168.0.0/24 -p udp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 200.166.92.27/24 -d 192.168.0.0/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 200.166.92.27/24 -d 192.168.0.0/24 -p udp -j ACCEPT

0 0

Quote

7. Re: Porta e IP [RESOLVIDO]

marcelohbr
(usa CentOS)

Enviado em 16/06/2011 - 09:23h

Pesquisando na net, achei algo q parece ser o q estou procurando

tcpdump

e pelo q vi, o iptraf tb pod me ajudar...

assim q eu testar, posto aki o resultado

0 0

Quote

8. Sobre o nmap

marcelohbr
(usa CentOS)

Enviado em 16/06/2011 - 10:10h

Thiago, nesse momento estou precisando eh para liberar o conexao segura e o conectividade social da Caixa Economica Federal.

Me auxilie em como usar o nmap junto com esses programas?

Vlw

0 0

Quote

9. bom dia

thiagocoimbra23
(usa Debian)

Enviado em 16/06/2011 - 10:12h

bom dia marcelo tudo blz?, por gentileza post seu firewall para analisarmos o que pode ser feito.

0 0

Quote

10. Re: Porta e IP [RESOLVIDO]

marcelohbr
(usa CentOS)

Enviado em 16/06/2011 - 13:40h

Ta ae brodi, da uma olhadinha e me diz o q pode ser feito vlw!?

#Liberando Roteamento e protegendo contra spoofing
echo "1" > /proc/sys/net/ipv4/ip_forward

#Limpando Regras
iptables -F
iptables -X
iptables -F -t nat
iptables -X -t nat
iptables -F -t mangle
iptables -X -t mangle

#Definindo politica padrao
iptables -P INPUT ACCEPT # Foi removido a letra 'F' antes do INPUT
iptables -P OUTPUT ACCEPT # Foi removido a letra 'F' antes do OUTPUT
iptables -P FORWARD ACCEPT

#Comunicacao entre processos Loopback
iptables -A INPUT -i lo -j ACCEPT

#libera acesso a porta do sintegra
iptables -A OUTPUT -p tcp --dport 8017 -j ACCEPT
iptables -A OUTPUT -p udp --dport 8017 -j ACCEPT
iptables -A INPUT -p tcp --dport 8017 -j ACCEPT
iptables -A INPUT -p udp --dport 8017 -j ACCEPT

# ICMP
iptables -A INPUT -p icmp -j ACCEPT
iptables -A FORWARD -p icmp -j ACCEPT

# Regra criada para o DHCP
iptables -A OUTPUT -o eth1 -p UDP --sport 67 --dport 68 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p UDP --sport 68 --dport 67 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth1 -p UDP --sport 67 --dport 68 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p UDP --sport 68 --dport 67 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth2 -p UDP --sport 67 --dport 68 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth2 -p UDP --sport 68 --dport 67 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth2 -p UDP --sport 67 --dport 68 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth2 -p UDP --sport 68 --dport 67 -m state --s# DNS
iptables -A INPUT -i eth2 -p udp -s 10.0.1.0/24 --dport 53 -j ACCEPT
iptables -A INPUT -i eth2 -p tcp -s 10.0.1.0/24 --dport 53 -j ACCEPT
iptables -A INPUT -i eth1 -p udp -s 192.168.0.0/24 --dport 53 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp -s 192.168.0.0/24 --dport 53 -j ACCEPT

# SSH e FTP rede interna
iptables -A INPUT -i eth1 -s 192.168.0.0/24 -p tcp --dport 22 --syn -j ACCEPT
iptables -A INPUT -i eth1 -s 192.168.0.0/24 -p tcp --dport 21 --syn -j ACCEPT
iptables -A INPUT -i eth2 -s 10.0.1.0/24 -p tcp --dport 22 --syn -j ACCEPT
iptables -A INPUT -i eth2 -s 10.0.1.0/24 -p tcp --dport 21 --syn -j ACCEPT

# SSH rede exterma
iptables -A INPUT -i ppp0 -s 0/0 -p tcp --dport 22 --syn -j ACCEPT
iptables -A INPUT -i eth0 -s 0/0 -p tcp --dport 22 --syn -j ACCEPT

#Webmin rede interna
iptables -A INPUT -p tcp -s 192.168.0.0/24 -d 0/0 --dport 10000 --syn -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.1.0/24 -d 0/0 --dport 10000 --syn -j ACCEPT

#Webmin rede externa
iptables -A INPUT -s 0/0 -p tcp --dport 10000 -j ACCEPT

# NetBIOS rede interna
iptables -A INPUT -i eth1 -s 192.168.0.0/24 -p tcp --dport 137:139 --syn -j ACCEPT
iptables -A INPUT -i eth1 -s 192.168.0.0/24 -p udp --dport 137:139 -j ACCEPT
iptables -A INPUT -i eth2 -s 10.0.1.0/24 -p tcp --dport 137:139 --syn -j ACCEPT
iptables -A INPUT -i eth2 -s 10.0.1.0/24 -p udp --dport 137:139 -j ACCEPT

# Acesso interno ao PROXY
iptables -A INPUT -i eth1 -s 192.168.0.0/24 -d 192.168.0.1 -p tcp --dport 3128 --tcp-flags ACK,SYN SYN -j ACCEPT
iptables -A INPUT -i eth2 -s 10.0.1.0/24 -d 10.0.1.1 -p tcp --dport 3128 --tcp-flags ACK,SYN SYN -j ACCEPT

#Pacotes TCP e UDP de retorno sempre abertos (ACK)
iptables -A INPUT -s 0/0 -d 0/0 -p tcp -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -s 0/0 -d 0/0 -p udp -m state --state ESTABLISHED -j ACCEPT
tate NEW,ESTABLISHED -j ACCEPT

# Regra de masquerading
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -d 0/0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp0 -s 10.0.1.0/24 -d 0/0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -d 0/0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -s 10.0.1.0/24 -d 0/0 -j MASQUERADE

# Regras de roteamento

# Acesso interno ao SMTP e POP
iptables -A FORWARD -s 192.168.0.0/24 -d 0/0 -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.0/24 -p tcp --sport 25 -j ACCEPT
iptables -A FORWARD -s 10.0.1.0/24 -d 0/0 -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 10.0.1.0/24 -p tcp --sport 25 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -d 0/0 -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.0/24 -p tcp --sport 110 -j ACCEPT
iptables -A FORWARD -s 10.0.1.0/24 -d 0/0 -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 10.0.1.0/24 -p tcp --sport 110 -j ACCEPT

#NTP
iptables -A FORWARD -p udp --dport 123 -j ACCEPT

# Libera MSN Teste
#iptables -A FORWARD -o ppp0 -p tcp -s 192.168.0.10/24 -m multiport --dports 1863,7001 -j ACCEPT
#iptables -A FORWARD -o ppp0 -p udp -s 192.168.0.10/24 --dport 7001 -j ACCEPT
#iptables -A FORWARD -i ppp0 -p tcp -d 192.168.0.10/24 -m multiport --sports 1863,7001 -j ACCEPT
#iptables -A FORWARD -i ppp0 -p udp -d 192.168.0.10/24 --sport 7001 -j ACCEPT

# Bloqueia MSN Geral
iptables -A FORWARD -o ppp0 -p tcp -m multiport --dports 1863,7001 -j DROP
iptables -A FORWARD -o ppp0 -p udp --dport 7001 -j DROP

########################################### DCTF ####################################################

iptables -A OUTPUT -p tcp --dport 3456 -j ACCEPT
iptables -A INPUT -p tcp --dport 3456 -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 161.148.0.0/16 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 200.198.239.0/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 200.198.239.0/24 -d 192.168.0.0/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 161.148.0.0/16 -d 192.168.0.0/24 -p tcp -j ACCEPT
iptables -A OUTPUT -p tcp --dport 3007 -j ACCEPT
iptables -A INPUT -p tcp --dport 3007 -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 161.148.185.46 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 161.148.185.46 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 161.148.185.46 -d 192.168.0.0/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 161.148.185.46 -d 192.168.0.0/24 -p tcp -j ACCEPT

############################## Liberar Conexao TED ##################################################

iptables -A OUTPUT -p tcp --dport 8017 -j ACCEPT
iptables -A OUTPUT -p udp --dport 8017 -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 201.16.234.27/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 200.166.92.27/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 201.16.234.27/24 -p udp -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 200.166.92.27/24 -p udp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 201.16.234.27/24 -d 192.168.0.0/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 201.16.234.27/24 -d 192.168.0.0/24 -p udp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 200.166.92.27/24 -d 192.168.0.0/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 200.166.92.27/24 -d 192.168.0.0/24 -p udp -j ACCEPT

################################# REGRA PARA CONECTIVIDADE SOCIAL ######################################

iptables -t nat -A PREROUTING -i eth1 -p tcp -d ! 200.201.174.207 --dport 80 -j REDIRECT --to-port 3128 #foi retirado um ! e
iptables -I FORWARD -p tcp --dport 21 -d 200.201.174.207 -j ACCEPT
iptables -I FORWARD -p tcp --dport 80 -d 200.201.174.207 -j ACCEPT
iptables -I FORWARD -p tcp --dport 20001:20005 -s 200.201.174.207 -j ACCEPT
iptables -I FORWARD -p tcp --dport 20000:20019 -d 200.201.174.207 -j ACCEPT
iptables -I FORWARD -p tcp -s 200.201.174.207 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -I PREROUTING -d 200.201.174.207 -j ACCEPT
iptables -t nat -I PREROUTING -s 200.201.174.207 -j ACCEPT
iptables -A INPUT -i eth1 -p udp -s 200.201.174.207 -j ACCEPT
iptables -A INPUT -i eth0 -p udp -s 200.201.174.207 -j ACCEPT
iptables -A OUTPUT -p tcp --destination-port 2631:2631 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 2631:2631 -j ACCEPT
########################################################################################################

############### REGRA DE COMPATIBILIDADE COM A FAIXA DA CAIXA ################

iptables -I FORWARD -d 200.201.160/20 -p tcp --dport 80 -j ACCEPT
iptables -t nat -I PREROUTING -d 200.201.160/20 -p tcp --dport 80 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -j MASQUERADE

##############################################################################

#################################### SEFIP ######################
iptables -t nat -A PREROUTING -p tcp -d 200.201.0.0/16 -j ACCEPT
iptables -A FORWARD -p tcp -d 200.201.0.0/16 -j ACCEPT
#################################################################

######################################## TEDSEF ####################################################

iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -d 200.199.34.41 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -d ! 200.199.34.41 -p tcp --dport 80 -j REDIRECT --to-port 3128 #foi retirado um ! ent
iptables -I FORWARD -p tcp -s 192.168.0.0/24 -d 200.199.34.41 -j ACCEPT
iptables -I FORWARD -p tcp -s 192.168.0.0/24 -d 200.199.34.41 --dport 8017 -j ACCEPT
iptables -I FORWARD -p tcp -s 192.168.0.0/24 -d 200.199.34.41 --sport 8017 -j ACCEPT
iptables -I FORWARD -p tcp -s 192.168.0.0/24 -d 200.199.34.41 --dport 80 -j ACCEPT

######################################################################################################

####################################### SINTEGRA #############################
iptables -t filter -A FORWARD -p tcp -s 192.168.0.0/24 --dport 8017 -j ACCEPT
##############################################################################

######################################## SEFIP ########################################################
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 200.201.174.204/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 200.201.174.204/24 -p udp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 200.201.174.204/24 -d 192.168.0.0/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 200.201.174.204/24 -d 192.168.0.0/24 -p udp -j ACCEPT
#######################################################################################################

# Sicoob CEDENTE
iptables -A OUTPUT -p tcp --dport 5006 -j ACCEPT # Conexao com a base da # cooperativa
iptables -A OUTPUT -p udp --dport 5006 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 8080 -j ACCEPT # Envio de arquivo de movimento
iptables -A OUTPUT -p udp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 5006 -j ACCEPT # Conexao com a base da #cooperativa
iptables -A INPUT -p udp --dport 5006 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT # Envio de arquivo demovimento
iptables -A INPUT -p udp --dport 8080 -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 186.215.92.145/24 -p tcp -j ACCEPT # Conexao com a base d
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 186.215.92.131/24 -p tcp -j ACCEPT # Envio de arquivo de
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 186.215.92.145/24 -p udp -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 186.215.92.131/24 -p udp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 186.215.92.145/24 -d 192.168.0.0/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 186.215.92.145/24 -d 192.168.0.0/24 -p udp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 186.215.92.131/24 -d 192.168.0.0/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 186.215.92.131/24 -d 192.168.0.0/24 -p udp -j ACCEPT

# Fecha o roteamento com destino a porta 80 e 443
iptables -A FORWARD -s 192.168.0.0/24 -d 0/0 -p tcp --sport 1:65535 --dport www -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -d 0/0 -p tcp --sport 1:65535 --dport 443 -j DROP
iptables -A FORWARD -s 10.0.1.0/24 -d 0/0 -p tcp --sport 1:65535 --dport www -j DROP
iptables -A FORWARD -s 10.0.1.0/24 -d 0/0 -p tcp --sport 1:65535 --dport 443 -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -d 0/0 -p tcp -j DROP

# Libera o roteamento DNS
iptables -A FORWARD -s 192.168.0.0/24 -d 0/0 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -d 0/0 -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.0/24 -p udp --sport 53 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.0/24 -p tcp --sport 53 -j ACCEPT
iptables -A FORWARD -s 10.0.1.0/24 -d 0/0 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -s 10.0.1.0/24 -d 0/0 -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 10.0.1.0/24 -p udp --sport 53 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 10.0.1.0/24 -p tcp --sport 53 -j ACCEPT

# Fecha todo o resto do roteamento

iptables -A INPUT -s 0/0 -d 0/0 -j LOG
iptables -A INPUT -s 0/0 -d 0/0 -j DROP

iptables -A FORWARD -s 0/0 -d 0/0 -j LOG
iptables -A FORWARD -s 0/0 -d 0/0 -j DROP

0 0

Quote