Denuncie   Favoritos   Indicar  

Ajuda IpTables [RESOLVIDO]

1. Ajuda IpTables [RESOLVIDO]

Renato Cesar Damasio
renatodamasio
(usa Debian)

Enviado em 21/02/2017 - 09:31h

Bom dia,

Estou com dificuldades em fazer o firewall funcionar, quando aponto no browser o ip do servidor firewall e a porta 3128 ele entra sai pra internet normalmente e funciona correto, quando seto na placa o ip do firewall que estou fazendo ele da erro no proxy.


0 0
  • Quote

    •   


    2. Re: Ajuda IpTables [RESOLVIDO]

    Carlos Alberto de Souza Barbosa
    souzacarlos
    (usa Outra)

    Enviado em 21/02/2017 - 09:48h

    Bom dia
    Como assim quando seta na placa?
    O squid e teu Firewall são a mesma máquina?

    Network Analyst - Consultor para empresas
    contact skype: carlossouzainfo
    21 99180-8165 (WhattsApp)

    1 0
  • Quote

    • 3. Re: Ajuda IpTables

    Renato Cesar Damasio
    renatodamasio
    (usa Debian)

    Enviado em 21/02/2017 - 14:58h

    souzacarlos escreveu:

    Bom dia
    Como assim quando seta na placa?
    O squid e teu Firewall são a mesma máquina?

    Network Analyst - Consultor para empresas
    contact skype: carlossouzainfo
    21 99180-8165 (WhattsApp)


    Amigo resumindo configurei tudo e o firewall só funciona se eu dar um:

    
# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

    meu firewall esta assim

    
#!/bin/bash -x
    
#
    
# /etc/rc.d/rc.firewall
    
#
    
# Start/stop/restart Firewall
    
#
    
# To make Firewall start automatically at boot, make this
    
# file executable:  chmod 755 /etc/rc.d/rc.firewall
    
#
    

    
################
    
## Variáris ##
    
################
    

    
# Rede externa eth1 off-board
    
LanExt=187.49.235.140
    
# Rede interna eth0 on-board
    
LanInt=192.168.0.240
    
Rede=192.168.0.0/24
    

    
#############
    
## Modulos ##
    
#############
    

    
/sbin/modprobe ip_tables
    
/sbin/modprobe ip_conntrack
    
/sbin/modprobe iptable_filter
    
/sbin/modprobe iptable_mangle
    
/sbin/modprobe iptable_nat
    
/sbin/modprobe ipt_LOG
    
/sbin/modprobe ipt_limit
    
/sbin/modprobe ipt_state
    
/sbin/modprobe ipt_REDIRECT
    
/sbin/modprobe ipt_owner
    
/sbin/modprobe ipt_REJECT
    
/sbin/modprobe ipt_MASQUERADE
    
/sbin/modprobe ip_conntrack_ftp
    
/sbin/modprobe ip_nat_ftp
    

    
####################
    
### Funç START ###
    
####################
    

    

    
firewall_start() {
    
echo "Iniciando o Firewall"
    

    
#####################
    
## Limpa as regras ##
    
#####################
    

    
iptables -X
    
iptables -Z
    
iptables -F INPUT
    
iptables -F OUTPUT
    
iptables -F FORWARD
    
iptables -F -t nat
    
iptables -F -t mangle
    

    
######################
    
## Politicas padrao ##
    
######################
    

    
iptables -t filter -P INPUT DROP
    
iptables -t filter -P OUTPUT ACCEPT
    

    
iptables -t filter -P FORWARD ACCEPT
    
iptables -t nat -P PREROUTING ACCEPT
    
iptables -t nat -P OUTPUT ACCEPT
    
iptables -t nat -P POSTROUTING ACCEPT
    
iptables -t mangle -P PREROUTING ACCEPT
    
iptables -t mangle -P OUTPUT ACCEPT
    

    
## Manter conexoes jah estabelecidas para nao parar ##
    

    
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    

    
## Aceita todo o trafego vindo do loopback e indo pro loopback ##
    

    
iptables -t filter -A INPUT -i lo -j ACCEPT
    

    
###############################
    
#         Proteçs           #
    
###############################
    

    
# Configurando a Protecao anti-spoofing
    
for spoofing in /proc/sys/net/ipv4/conf/*/rp_filter; do
    
        echo "1" > $spoofing
    
done
    

    
# Impedimos que um atacante possa maliciosamente alterar alguma rota
    
echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects
    

    
# Utilizado em diversos ataques, isso possibilita que o atacante determine o "caminho" que seu
    
# pacote vai percorrer (roteadores) ate seu destino. Junto com spoof, isso se torna muito perigoso.
    
echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route
    

    
# Protecao contra responses bogus
    
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
    

    
# Protecao contra ataques de syn flood (inicio da conexao TCP). Tenta conter ataques de DoS.
    
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
    

    
# Habilita o forward
    
echo 1 > /proc/sys/net/ipv4/ip_forward
    

    
# Protege contra os "Ping of Death"
    
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 20/m -j ACCEPT
    
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 20/m -j ACCEPT
    

    

    
# Protege contra port scanners avanços (Ex.: nmap)
    
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 6/m -j ACCEPT
    

    
# Bloqueando tracertroute
    
#iptables -A INPUT -p udp -s 0/0 -i eth0 --dport 33435:33525 -j DROP
    

    
# Protecoes contra ataques
    
iptables -A INPUT -m state --state INVALID -j DROP
    

    

    
###############################
    
#       TABELA Input          #
    
###############################
    

    
# Liberando dhcpd
    
#iptables -A INPUT -i eth1 -p udp --sport 67:68 -j LOG --log-level 6 --log-prefix "FIREWALL: DHCPD"
    
#iptables -A INPUT -s $Rede_lib -p udp --sport 67:68 -j ACCEPT
    

    
#######################
    
### Destino Externo ###
    
#######################
    

    
# Liberando Porta 6622 (SSH)
    
#iptables -A INPUT -d $LanExt -p tcp --dport 6622 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH EXT 6622"
    
iptables -A INPUT -d $LanExt -p tcp --dport 6622 -j ACCEPT
    

    
# Liberando porta 3000 (ntop)
    
iptables -A INPUT -d $LanExt -p tcp --dport 3000 -j ACCEPT
    

    
# Liberando Porta 80 (http)
    
#iptables -A INPUT -d $LanExt -p tcp --dport 80 -j LOG --log-level 6 --log-prefix "FIREWALL: HTTP EXT 80"
    
iptables -A INPUT -d $LanExt -p tcp --dport 80 -j ACCEPT
    

    
# Liberando Porta 81 (http Genexis)
    
#iptables -A INPUT -d $LanExt -p tcp --dport 81 -j LOG --log-level 6 --log-prefix "FIREWALL: HTTP EXT 81"
    
iptables -A INPUT -d $LanExt -p tcp --dport 81 -j ACCEPT
    

    
# Liberando porta 53 (DNS)
    
iptables -A INPUT -d $LanExt -p tcp --dport 53 -j ACCEPT
    
iptables -A INPUT -d $LanExt -p udp --dport 53 -j ACCEPT
    
#iptables -A INPUT -d 200.194.238.51 -p tcp --dport 53 -j ACCEPT
    
#iptables -A INPUT -d 200.194.238.51 -p udp --dport 53 -j ACCEPT
    

    
# Liberando Porta 21 (ftp)
    
#iptables -A INPUT -d $LanExt -p tcp --dport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: FTP EXT 21"
    
iptables -A INPUT -d $LanExt -p tcp --dport 21 -j ACCEPT
    
iptables -A INPUT -d $LanExt -p tcp --dport 20 -j ACCEPT
    

    
#######################
    
### Destino Interno ###
    
#######################
    

    
# Liberando Porta 22 (SSH)
    
#iptables -A INPUT -d $LanInt -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH INT 22"
    
iptables -A INPUT -d $LanInt -p tcp --dport 6622 -j ACCEPT
    

    
# Liberando Porta 53 (DNS)
    
#iptables -A INPUT -d $LanInt -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH INT 22"
    
iptables -A INPUT -d $LanInt -p tcp --dport 53 -j ACCEPT
    
iptables -A INPUT -d $LanInt -p udp --dport 53 -j ACCEPT
    
#iptables -A INPUT -d $Rede_lib -p tcp --dport 53 -j ACCEPT
    
#iptables -A INPUT -d $Rede_lib -p udp --dport 53 -j ACCEPT
    

    
# Liberando Porta 80 (http)
    
#iptables -A INPUT -d $LanInt -p tcp --dport 80 -j LOG --log-level 6 --log-prefix "FIREWALL: HTTP INT 80"
    
iptables -A INPUT -d $LanInt -p tcp --dport 80 -j ACCEPT
    

    
# Liberando Porta 81 (http Genexis)
    
#iptables -A INPUT -d $LanInt -p tcp --dport 81 -j LOG --log-level 6 --log-prefix "FIREWALL: HTTP INT 80"
    
iptables -A INPUT -d $LanInt -p tcp --dport 81 -j ACCEPT
    

    
# Liberando Porta 21 (ftp)
    
#iptables -A INPUT -d $LanInt -p tcp --dport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: FTP INT 21"
    
iptables -A INPUT -d $LanInt -p tcp --dport 21 -j ACCEPT
    
iptables -A INPUT -d $LanInt -p tcp --dport 20 -j ACCEPT
    

    
# Libera o proxy 3128 (teste)
    
iptables -A INPUT -d $LanInt -p tcp --dport 3128 -j ACCEPT
    

    
#iptables -A INPUT -s $Rede_lib -j ACCEPT
    
###############################
    
#       TABELA Forward        #
    
###############################
    

    
#iptables -A FORWARD -i eth1 -p tcp --dport 443 -j DROP
    

    
###LIBERA CAIXA MAQUINA LOBINHO###2012-06-06
    
iptables -A FORWARD -s 192.168.0.14 --protocol tcp --dport 2631 -j ACCEPT
    

    
###LIBERA CAGED MAQUINA LOBINHO###2012-06-06
    
iptables -A FORWARD -s 192.168.0.14 --protocol tcp --dport 2500 -j ACCEPT
    

    
# Micro do Renato passa direto
    
iptables -A FORWARD -s 192.168.0.19 -j ACCEPT
    

    
# Micro do VMTI passa direto
    
iptables -A FORWARD -s 192.168.0.244 -j ACCEPT
    

    
# Micro do RH passa Direto 17/09/2014
    
iptables -A FORWARD -s 192.168.0.14 -j ACCEPT
    

    
# Liberando Porta 110 (pop-3)
    
iptables -A FORWARD -s $Rede -p tcp --dport 110 -j ACCEPT
    

    
# Liberando Porta 995 (spop-3)
    
iptables -A FORWARD -s $Rede -p tcp --dport 995 -j ACCEPT
    

    
# Liberando Porta 25 (smtp)
    
iptables -A FORWARD -s $Rede -p tcp --dport 25 -j ACCEPT
    

    
# Liberando Porta 81 (Genexis)
    
iptables -A FORWARD -s $Rede -p tcp --dport 81 -j ACCEPT
    

    
# Liberando Porta 465 (smtp-s)
    
iptables -A FORWARD -s $Rede -p tcp --dport 465 -j ACCEPT
    

    
# Liberando Porta 443 (http-s)
    
#iptables -A FORWARD -s $Rede -p tcp --dport 443 -j ACCEPT
    

    
# Liberando porta 53 (DNS)
    
iptables -A FORWARD -s $Rede -p tcp --dport 53 -j ACCEPT
    
iptables -A FORWARD -s $Rede -p udp --dport 53 -j ACCEPT
    

    
# Liberando acesso a Rede 192.168.1.0/24 #
    
#iptables -A FORWARD -s $Rede_lib -j ACCEPT
    

    
# Regrat forward para o funcionamento de redirecionamento de portas (NAT)
    
# Redirecionando porta 5900 (VNC)
    
iptables -A FORWARD -s 201.14.191.172 -i eth0 -p tcp --dport 5900 -j ACCEPT
    

    
# Redirecionamento para o FTP da maquina local servidora dos PALMS
    
iptables -A FORWARD -i eth1 -p tcp --dport 21 -j ACCEPT
    

    
# Redirecionamento WTS
    
iptables -A FORWARD -i eth1 -p tcp --dport 3352 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 3353 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 3354 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 3356 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 3357 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 3359 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 3340 -j ACCEPT# Redirecionamento lavendereweb - Carrus
    
iptables -A FORWARD -i eth1 -p tcp --dport 7070 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 6060 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p udp --dport 7070 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p udp --dport 6060 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 8080 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p udp --dport 8080 -j ACCEPT
    

    
# Redirecionamento carrus
    
#iptables -A FORWARD -i eth0 -p tcp --dport 8080 -j ACCEPT
    

    
# Redirecionamento cameras
    
# WEB
    
iptables -A FORWARD -i eth1 -p tcp --dport 80 -j ACCEPT
    
# Descobrir
    
iptables -A FORWARD -i eth1 -p tcp --dport 554 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 664 -j ACCEPT
    
# Celular
    
iptables -A FORWARD -i eth1 -p tcp --dport 3777 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 3888 -j ACCEPT
    

    
###############################
    
######### TABELA NAT ## #######
    
###############################
    

    
# Acesso ao conexao segura da caixa
    
iptables -t nat -A PREROUTING -p tcp -d 200.201.174.207 -j ACCEPT
    
iptables -A FORWARD -p tcp -d 200.201.174.207 -j ACCEPT
    

    
# Redireconamento de portas
    

    
# VNC Para algum micro (192.168.0.203 = Renato)
    
#iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 5900 -j DNAT --to 192.168.0.203:5900
    

    

    
# Proxy transparente #
    
iptables -t nat -A PREROUTING -s $Rede -d srvwebmet.genexis.com -p tcp --dport 81 -j ACCEPT
    
#iptables -t nat -A PREROUTING -s $Rede_lib -p tcp --dport 80 -j REDIRECT --to-port 3128
    
iptables -t nat -A PREROUTING -s $Rede -d srvwebmet.genexis.com -p tcp --dport 80 -j ACCEPT
    
iptables -t nat -A PREROUTING -s $Rede -p tcp --dport 80 -j REDIRECT --to-ports 3128
    
#iptables -t nat -A PREROUTING -s $Rede -p tcp --dport 443 -j REDIRECT --to-port 3128
    

    

    
# Redirecionamento para o FTP da maquina local servidora dos PALMS
    
#iptables -t nat -A PREROUTING -d $LanExt  -p tcp --dport 21 -j DNAT --to 192.168.0.101:21
    

    
#### Redirecionamento WTS ###
    
#Direcionamento hv03
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3352 -j DNAT --to 192.168.0.252:3389
    
#Direcionamento HV01
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3353 -j DNAT --to 192.168.0.242:3389
    
#Direcionamento SRVTI
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3354 -j DNAT --to 192.168.0.244:3389
    
#Direcionamento HV02
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3356 -j DNAT --to 192.168.0.241:3389
    
#Direcionamento SRVDB
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3357 -j DNAT --to 192.168.0.251:3389
    
#Direcionamento SANDRO
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3359 -j DNAT --to 192.168.0.5:3389
    
#Direcionamento Maquina programador
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3340 -j DNAT --to 192.168.0.17:3389
    

    
#### Redirecionamento WTS ###
    
### Redirecionamento lavendereweb ###
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 7070 -j DNAT --to 192.168.0.252:7070
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 6060 -j DNAT --to 192.168.0.252:6060
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 8080 -j DNAT --to 192.168.0.252:8080
    
iptables -t nat -A PREROUTING -d $LanExt -p udp --dport 7070 -j DNAT --to 192.168.0.252:7070
    
iptables -t nat -A PREROUTING -d $LanExt -p udp --dport 6060 -j DNAT --to 192.168.0.252:6060
    
iptables -t nat -A PREROUTING -d $LanExt -p udp --dport 8080 -j DNAT --to 192.168.0.252:8080
    

    
#Direcionamento intelbras 01
    
# WEB
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 8081 -j DNAT --to 192.168.0.199:80
    
# Descobrir
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 554 -j DNAT --to 192.168.0.199:554
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 664 -j DNAT --to 192.168.0.198:664
    
# Celular
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3777 -j DNAT --to 192.168.0.199:3777
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3888 -j DNAT --to 192.168.0.198:3888
    

    
# Mascaramento de rede para acesso externo #
    
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
    

    
### Bloqueia todo o resto ###
    

    
#iptables -A INPUT -p tcp -j LOG --log-level 6 --log-prefix "FIREWALL: GERAL "
    
iptables -A INPUT -p tcp --syn -j DROP
    
iptables -A INPUT -p tcp -j DROP
    
iptables -A INPUT -p udp -j DROP
    

    

    
}
    

    
###################
    
### Funcao stop  ##
    
###################
    

    
firewall_stop() {
    

    
echo "Parando firewall e funcionando apenas com mascaramento"
    
# Limpa as regras #
    

    
iptables -X
    
iptables -Z
    
iptables -F INPUT
    
iptables -F OUTPUT
    
iptables -F FORWARD
    
iptables -F -t nat
    
iptables -F -t mangle
    

    
# Politicas padrao #
    

    
iptables -t filter -P INPUT ACCEPT
    
iptables -t filter -P OUTPUT ACCEPT
    
iptables -t filter -P FORWARD ACCEPT
    
iptables -t nat -P PREROUTING ACCEPT
    
iptables -t nat -P OUTPUT ACCEPT
    
iptables -t nat -P POSTROUTING ACCEPT
    
iptables -t mangle -P PREROUTING ACCEPT
    
iptables -t mangle -P OUTPUT ACCEPT
    

    
# Manter conexoes jah estabelecidas para nao parar
    

    
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    

    
# Aceita todo o trafego vindo do loopback e indo pro loopback
    

    
iptables -t filter -A INPUT -i lo -j ACCEPT
    

    
###############################
    
#         Proteçs           #
    
###############################
    

    
# Protege contra os "Ping of Death"
    
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 20/m -j ACCEPT
    
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 20/m -j ACCEPT
    

    
# Protege contra os ataques do tipo "Syn-flood, DoS, etc"
    
iptables -A INPUT -p tcp -m limit --limit 20/m -j ACCEPT
    

    
# Logar os pacotes mortos por inatividade ...
    
iptables -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level 6 --log-prefix "FIREWALL: Pacotes mortos"
    

    
# Protege contra port scanners avanços (Ex.: nmap)
    
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 20/m -j ACCEPT
    

    
# Bloqueando tracertroute
    
iptables -A INPUT -p udp -s 0/0 -i eth0 --dport 33435:33525 -j REJECT
    

    
# Protecoes contra ataques
    
iptables -A INPUT -m state --state INVALID -j DROP
    

    
###############################
    
######### TABELA NAT ## #######
    
###############################
    

    
# Proxy transparente #
    
#iptables -t nat -A PREROUTING -s $Rede -p tcp --dport 80 -j REDIRECT --to 3128
    

    
# Mascaramento de rede para acesso externo #
    
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
    

    
    echo "Regras Limpas e Firewall desabilitado"
    
}
    

    
firewall_restart() {
    
  echo "Reiniciando Firewall"
    
  firewall_stop
    
  sleep 3
    
  firewall_start
    
  echo "Firewall Reiniciado"
    
}
    
case "$1" in
    
'start')
    
  firewall_start
    
echo "Firewall Iniciado"
    
  ;;
    
'stop')
    
  firewall_stop
    
  ;;
    
'restart')
    
  firewall_restart
    

    
  ;;
    
*)
    
        echo "Opçs possíis:"
    
        echo "firewall.sh start"
    
        echo "firewall.sh stop"
    
        echo "firewall.sh restart"
    
esac


    0 0
  • Quote

    • 4. Re: Ajuda IpTables [RESOLVIDO]

    Carlos Alberto de Souza Barbosa
    souzacarlos
    (usa Outra)

    Enviado em 21/02/2017 - 16:35h

    renatodamasio escreveu:

    souzacarlos escreveu:

    Bom dia
    Como assim quando seta na placa?
    O squid e teu Firewall são a mesma máquina?

    Network Analyst - Consultor para empresas
    contact skype: carlossouzainfo
    21 99180-8165 (WhattsApp)


    Amigo resumindo configurei tudo e o firewall só funciona se eu dar um:

    
# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

    meu firewall esta assim

    
#!/bin/bash -x
    
#
    
# /etc/rc.d/rc.firewall
    
#
    
# Start/stop/restart Firewall
    
#
    
# To make Firewall start automatically at boot, make this
    
# file executable:  chmod 755 /etc/rc.d/rc.firewall
    
#
    

    
################
    
## Variáris ##
    
################
    

    
# Rede externa eth1 off-board
    
LanExt=187.49.235.140
    
# Rede interna eth0 on-board
    
LanInt=192.168.0.240
    
Rede=192.168.0.0/24
    

    
#############
    
## Modulos ##
    
#############
    

    
/sbin/modprobe ip_tables
    
/sbin/modprobe ip_conntrack
    
/sbin/modprobe iptable_filter
    
/sbin/modprobe iptable_mangle
    
/sbin/modprobe iptable_nat
    
/sbin/modprobe ipt_LOG
    
/sbin/modprobe ipt_limit
    
/sbin/modprobe ipt_state
    
/sbin/modprobe ipt_REDIRECT
    
/sbin/modprobe ipt_owner
    
/sbin/modprobe ipt_REJECT
    
/sbin/modprobe ipt_MASQUERADE
    
/sbin/modprobe ip_conntrack_ftp
    
/sbin/modprobe ip_nat_ftp
    

    
####################
    
### Funç START ###
    
####################
    

    

    
firewall_start() {
    
echo "Iniciando o Firewall"
    

    
#####################
    
## Limpa as regras ##
    
#####################
    

    
iptables -X
    
iptables -Z
    
iptables -F INPUT
    
iptables -F OUTPUT
    
iptables -F FORWARD
    
iptables -F -t nat
    
iptables -F -t mangle
    

    
######################
    
## Politicas padrao ##
    
######################
    

    
iptables -t filter -P INPUT DROP
    
iptables -t filter -P OUTPUT ACCEPT
    

    
iptables -t filter -P FORWARD ACCEPT
    
iptables -t nat -P PREROUTING ACCEPT
    
iptables -t nat -P OUTPUT ACCEPT
    
iptables -t nat -P POSTROUTING ACCEPT
    
iptables -t mangle -P PREROUTING ACCEPT
    
iptables -t mangle -P OUTPUT ACCEPT
    

    
## Manter conexoes jah estabelecidas para nao parar ##
    

    
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    

    
## Aceita todo o trafego vindo do loopback e indo pro loopback ##
    

    
iptables -t filter -A INPUT -i lo -j ACCEPT
    

    
###############################
    
#         Proteçs           #
    
###############################
    

    
# Configurando a Protecao anti-spoofing
    
for spoofing in /proc/sys/net/ipv4/conf/*/rp_filter; do
    
        echo "1" > $spoofing
    
done
    

    
# Impedimos que um atacante possa maliciosamente alterar alguma rota
    
echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects
    

    
# Utilizado em diversos ataques, isso possibilita que o atacante determine o "caminho" que seu
    
# pacote vai percorrer (roteadores) ate seu destino. Junto com spoof, isso se torna muito perigoso.
    
echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route
    

    
# Protecao contra responses bogus
    
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
    

    
# Protecao contra ataques de syn flood (inicio da conexao TCP). Tenta conter ataques de DoS.
    
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
    

    
# Habilita o forward
    
echo 1 > /proc/sys/net/ipv4/ip_forward
    

    
# Protege contra os "Ping of Death"
    
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 20/m -j ACCEPT
    
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 20/m -j ACCEPT
    

    

    
# Protege contra port scanners avanços (Ex.: nmap)
    
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 6/m -j ACCEPT
    

    
# Bloqueando tracertroute
    
#iptables -A INPUT -p udp -s 0/0 -i eth0 --dport 33435:33525 -j DROP
    

    
# Protecoes contra ataques
    
iptables -A INPUT -m state --state INVALID -j DROP
    

    

    
###############################
    
#       TABELA Input          #
    
###############################
    

    
# Liberando dhcpd
    
#iptables -A INPUT -i eth1 -p udp --sport 67:68 -j LOG --log-level 6 --log-prefix "FIREWALL: DHCPD"
    
#iptables -A INPUT -s $Rede_lib -p udp --sport 67:68 -j ACCEPT
    

    
#######################
    
### Destino Externo ###
    
#######################
    

    
# Liberando Porta 6622 (SSH)
    
#iptables -A INPUT -d $LanExt -p tcp --dport 6622 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH EXT 6622"
    
iptables -A INPUT -d $LanExt -p tcp --dport 6622 -j ACCEPT
    

    
# Liberando porta 3000 (ntop)
    
iptables -A INPUT -d $LanExt -p tcp --dport 3000 -j ACCEPT
    

    
# Liberando Porta 80 (http)
    
#iptables -A INPUT -d $LanExt -p tcp --dport 80 -j LOG --log-level 6 --log-prefix "FIREWALL: HTTP EXT 80"
    
iptables -A INPUT -d $LanExt -p tcp --dport 80 -j ACCEPT
    

    
# Liberando Porta 81 (http Genexis)
    
#iptables -A INPUT -d $LanExt -p tcp --dport 81 -j LOG --log-level 6 --log-prefix "FIREWALL: HTTP EXT 81"
    
iptables -A INPUT -d $LanExt -p tcp --dport 81 -j ACCEPT
    

    
# Liberando porta 53 (DNS)
    
iptables -A INPUT -d $LanExt -p tcp --dport 53 -j ACCEPT
    
iptables -A INPUT -d $LanExt -p udp --dport 53 -j ACCEPT
    
#iptables -A INPUT -d 200.194.238.51 -p tcp --dport 53 -j ACCEPT
    
#iptables -A INPUT -d 200.194.238.51 -p udp --dport 53 -j ACCEPT
    

    
# Liberando Porta 21 (ftp)
    
#iptables -A INPUT -d $LanExt -p tcp --dport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: FTP EXT 21"
    
iptables -A INPUT -d $LanExt -p tcp --dport 21 -j ACCEPT
    
iptables -A INPUT -d $LanExt -p tcp --dport 20 -j ACCEPT
    

    
#######################
    
### Destino Interno ###
    
#######################
    

    
# Liberando Porta 22 (SSH)
    
#iptables -A INPUT -d $LanInt -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH INT 22"
    
iptables -A INPUT -d $LanInt -p tcp --dport 6622 -j ACCEPT
    

    
# Liberando Porta 53 (DNS)
    
#iptables -A INPUT -d $LanInt -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH INT 22"
    
iptables -A INPUT -d $LanInt -p tcp --dport 53 -j ACCEPT
    
iptables -A INPUT -d $LanInt -p udp --dport 53 -j ACCEPT
    
#iptables -A INPUT -d $Rede_lib -p tcp --dport 53 -j ACCEPT
    
#iptables -A INPUT -d $Rede_lib -p udp --dport 53 -j ACCEPT
    

    
# Liberando Porta 80 (http)
    
#iptables -A INPUT -d $LanInt -p tcp --dport 80 -j LOG --log-level 6 --log-prefix "FIREWALL: HTTP INT 80"
    
iptables -A INPUT -d $LanInt -p tcp --dport 80 -j ACCEPT
    

    
# Liberando Porta 81 (http Genexis)
    
#iptables -A INPUT -d $LanInt -p tcp --dport 81 -j LOG --log-level 6 --log-prefix "FIREWALL: HTTP INT 80"
    
iptables -A INPUT -d $LanInt -p tcp --dport 81 -j ACCEPT
    

    
# Liberando Porta 21 (ftp)
    
#iptables -A INPUT -d $LanInt -p tcp --dport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: FTP INT 21"
    
iptables -A INPUT -d $LanInt -p tcp --dport 21 -j ACCEPT
    
iptables -A INPUT -d $LanInt -p tcp --dport 20 -j ACCEPT
    

    
# Libera o proxy 3128 (teste)
    
iptables -A INPUT -d $LanInt -p tcp --dport 3128 -j ACCEPT
    

    
#iptables -A INPUT -s $Rede_lib -j ACCEPT
    
###############################
    
#       TABELA Forward        #
    
###############################
    

    
#iptables -A FORWARD -i eth1 -p tcp --dport 443 -j DROP
    

    
###LIBERA CAIXA MAQUINA LOBINHO###2012-06-06
    
iptables -A FORWARD -s 192.168.0.14 --protocol tcp --dport 2631 -j ACCEPT
    

    
###LIBERA CAGED MAQUINA LOBINHO###2012-06-06
    
iptables -A FORWARD -s 192.168.0.14 --protocol tcp --dport 2500 -j ACCEPT
    

    
# Micro do Renato passa direto
    
iptables -A FORWARD -s 192.168.0.19 -j ACCEPT
    

    
# Micro do VMTI passa direto
    
iptables -A FORWARD -s 192.168.0.244 -j ACCEPT
    

    
# Micro do RH passa Direto 17/09/2014
    
iptables -A FORWARD -s 192.168.0.14 -j ACCEPT
    

    
# Liberando Porta 110 (pop-3)
    
iptables -A FORWARD -s $Rede -p tcp --dport 110 -j ACCEPT
    

    
# Liberando Porta 995 (spop-3)
    
iptables -A FORWARD -s $Rede -p tcp --dport 995 -j ACCEPT
    

    
# Liberando Porta 25 (smtp)
    
iptables -A FORWARD -s $Rede -p tcp --dport 25 -j ACCEPT
    

    
# Liberando Porta 81 (Genexis)
    
iptables -A FORWARD -s $Rede -p tcp --dport 81 -j ACCEPT
    

    
# Liberando Porta 465 (smtp-s)
    
iptables -A FORWARD -s $Rede -p tcp --dport 465 -j ACCEPT
    

    
# Liberando Porta 443 (http-s)
    
#iptables -A FORWARD -s $Rede -p tcp --dport 443 -j ACCEPT
    

    
# Liberando porta 53 (DNS)
    
iptables -A FORWARD -s $Rede -p tcp --dport 53 -j ACCEPT
    
iptables -A FORWARD -s $Rede -p udp --dport 53 -j ACCEPT
    

    
# Liberando acesso a Rede 192.168.1.0/24 #
    
#iptables -A FORWARD -s $Rede_lib -j ACCEPT
    

    
# Regrat forward para o funcionamento de redirecionamento de portas (NAT)
    
# Redirecionando porta 5900 (VNC)
    
iptables -A FORWARD -s 201.14.191.172 -i eth0 -p tcp --dport 5900 -j ACCEPT
    

    
# Redirecionamento para o FTP da maquina local servidora dos PALMS
    
iptables -A FORWARD -i eth1 -p tcp --dport 21 -j ACCEPT
    

    
# Redirecionamento WTS
    
iptables -A FORWARD -i eth1 -p tcp --dport 3352 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 3353 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 3354 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 3356 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 3357 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 3359 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 3340 -j ACCEPT# Redirecionamento lavendereweb - Carrus
    
iptables -A FORWARD -i eth1 -p tcp --dport 7070 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 6060 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p udp --dport 7070 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p udp --dport 6060 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 8080 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p udp --dport 8080 -j ACCEPT
    

    
# Redirecionamento carrus
    
#iptables -A FORWARD -i eth0 -p tcp --dport 8080 -j ACCEPT
    

    
# Redirecionamento cameras
    
# WEB
    
iptables -A FORWARD -i eth1 -p tcp --dport 80 -j ACCEPT
    
# Descobrir
    
iptables -A FORWARD -i eth1 -p tcp --dport 554 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 664 -j ACCEPT
    
# Celular
    
iptables -A FORWARD -i eth1 -p tcp --dport 3777 -j ACCEPT
    
iptables -A FORWARD -i eth1 -p tcp --dport 3888 -j ACCEPT
    

    
###############################
    
######### TABELA NAT ## #######
    
###############################
    

    
# Acesso ao conexao segura da caixa
    
iptables -t nat -A PREROUTING -p tcp -d 200.201.174.207 -j ACCEPT
    
iptables -A FORWARD -p tcp -d 200.201.174.207 -j ACCEPT
    

    
# Redireconamento de portas
    

    
# VNC Para algum micro (192.168.0.203 = Renato)
    
#iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 5900 -j DNAT --to 192.168.0.203:5900
    

    

    
# Proxy transparente #
    
iptables -t nat -A PREROUTING -s $Rede -d srvwebmet.genexis.com -p tcp --dport 81 -j ACCEPT
    
#iptables -t nat -A PREROUTING -s $Rede_lib -p tcp --dport 80 -j REDIRECT --to-port 3128
    
iptables -t nat -A PREROUTING -s $Rede -d srvwebmet.genexis.com -p tcp --dport 80 -j ACCEPT
    
iptables -t nat -A PREROUTING -s $Rede -p tcp --dport 80 -j REDIRECT --to-ports 3128
    
#iptables -t nat -A PREROUTING -s $Rede -p tcp --dport 443 -j REDIRECT --to-port 3128
    

    

    
# Redirecionamento para o FTP da maquina local servidora dos PALMS
    
#iptables -t nat -A PREROUTING -d $LanExt  -p tcp --dport 21 -j DNAT --to 192.168.0.101:21
    

    
#### Redirecionamento WTS ###
    
#Direcionamento hv03
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3352 -j DNAT --to 192.168.0.252:3389
    
#Direcionamento HV01
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3353 -j DNAT --to 192.168.0.242:3389
    
#Direcionamento SRVTI
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3354 -j DNAT --to 192.168.0.244:3389
    
#Direcionamento HV02
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3356 -j DNAT --to 192.168.0.241:3389
    
#Direcionamento SRVDB
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3357 -j DNAT --to 192.168.0.251:3389
    
#Direcionamento SANDRO
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3359 -j DNAT --to 192.168.0.5:3389
    
#Direcionamento Maquina programador
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3340 -j DNAT --to 192.168.0.17:3389
    

    
#### Redirecionamento WTS ###
    
### Redirecionamento lavendereweb ###
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 7070 -j DNAT --to 192.168.0.252:7070
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 6060 -j DNAT --to 192.168.0.252:6060
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 8080 -j DNAT --to 192.168.0.252:8080
    
iptables -t nat -A PREROUTING -d $LanExt -p udp --dport 7070 -j DNAT --to 192.168.0.252:7070
    
iptables -t nat -A PREROUTING -d $LanExt -p udp --dport 6060 -j DNAT --to 192.168.0.252:6060
    
iptables -t nat -A PREROUTING -d $LanExt -p udp --dport 8080 -j DNAT --to 192.168.0.252:8080
    

    
#Direcionamento intelbras 01
    
# WEB
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 8081 -j DNAT --to 192.168.0.199:80
    
# Descobrir
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 554 -j DNAT --to 192.168.0.199:554
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 664 -j DNAT --to 192.168.0.198:664
    
# Celular
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3777 -j DNAT --to 192.168.0.199:3777
    
iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 3888 -j DNAT --to 192.168.0.198:3888
    

    
# Mascaramento de rede para acesso externo #
    
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
    

    
### Bloqueia todo o resto ###
    

    
#iptables -A INPUT -p tcp -j LOG --log-level 6 --log-prefix "FIREWALL: GERAL "
    
iptables -A INPUT -p tcp --syn -j DROP
    
iptables -A INPUT -p tcp -j DROP
    
iptables -A INPUT -p udp -j DROP
    

    

    
}
    

    
###################
    
### Funcao stop  ##
    
###################
    

    
firewall_stop() {
    

    
echo "Parando firewall e funcionando apenas com mascaramento"
    
# Limpa as regras #
    

    
iptables -X
    
iptables -Z
    
iptables -F INPUT
    
iptables -F OUTPUT
    
iptables -F FORWARD
    
iptables -F -t nat
    
iptables -F -t mangle
    

    
# Politicas padrao #
    

    
iptables -t filter -P INPUT ACCEPT
    
iptables -t filter -P OUTPUT ACCEPT
    
iptables -t filter -P FORWARD ACCEPT
    
iptables -t nat -P PREROUTING ACCEPT
    
iptables -t nat -P OUTPUT ACCEPT
    
iptables -t nat -P POSTROUTING ACCEPT
    
iptables -t mangle -P PREROUTING ACCEPT
    
iptables -t mangle -P OUTPUT ACCEPT
    

    
# Manter conexoes jah estabelecidas para nao parar
    

    
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    

    
# Aceita todo o trafego vindo do loopback e indo pro loopback
    

    
iptables -t filter -A INPUT -i lo -j ACCEPT
    

    
###############################
    
#         Proteçs           #
    
###############################
    

    
# Protege contra os "Ping of Death"
    
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 20/m -j ACCEPT
    
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 20/m -j ACCEPT
    

    
# Protege contra os ataques do tipo "Syn-flood, DoS, etc"
    
iptables -A INPUT -p tcp -m limit --limit 20/m -j ACCEPT
    

    
# Logar os pacotes mortos por inatividade ...
    
iptables -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level 6 --log-prefix "FIREWALL: Pacotes mortos"
    

    
# Protege contra port scanners avanços (Ex.: nmap)
    
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 20/m -j ACCEPT
    

    
# Bloqueando tracertroute
    
iptables -A INPUT -p udp -s 0/0 -i eth0 --dport 33435:33525 -j REJECT
    

    
# Protecoes contra ataques
    
iptables -A INPUT -m state --state INVALID -j DROP
    

    
###############################
    
######### TABELA NAT ## #######
    
###############################
    

    
# Proxy transparente #
    
#iptables -t nat -A PREROUTING -s $Rede -p tcp --dport 80 -j REDIRECT --to 3128
    

    
# Mascaramento de rede para acesso externo #
    
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
    

    
    echo "Regras Limpas e Firewall desabilitado"
    
}
    

    
firewall_restart() {
    
  echo "Reiniciando Firewall"
    
  firewall_stop
    
  sleep 3
    
  firewall_start
    
  echo "Firewall Reiniciado"
    
}
    
case "$1" in
    
'start')
    
  firewall_start
    
echo "Firewall Iniciado"
    
  ;;
    
'stop')
    
  firewall_stop
    
  ;;
    
'restart')
    
  firewall_restart
    

    
  ;;
    
*)
    
        echo "Opçs possíis:"
    
        echo "firewall.sh start"
    
        echo "firewall.sh stop"
    
        echo "firewall.sh restart"
    
esac

    Boa tarde
    Olhei teu firewall superficialmente, vi bastante coisas desnecessária ou errada então nem continuei vendo, mas vamos lá"

    Essa regra < # iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE > vc sabe pra que é né?

    Porque pra mim ela faz todo sentido, não entendo onde está o problema
    Explane por favor teu problema


    Network Analyst - Consultor para empresas
    contact skype: carlossouzainfo
    21 99180-8165 (WhattsApp)

    0 0
  • Quote

    • 5. Problema

    Renato Cesar Damasio
    renatodamasio
    (usa Debian)

    Enviado em 22/02/2017 - 07:37h

    Meu exato problema é que não navega as maquinas sem que eu coloque o proxy na mão no navegador.

    Esse meu script de firewall é de um firewall que ja tenho funcionando a anos e preciso trocar a maquina por esta nova.
    agradeço muito sua ajuda.

    0 0
  • Quote

    • 6. Re: Ajuda IpTables [RESOLVIDO]

    Carlos Alberto de Souza Barbosa
    souzacarlos
    (usa Outra)

    Enviado em 22/02/2017 - 10:48h

    renatodamasio escreveu:

    Meu exato problema é que não navega as maquinas sem que eu coloque o proxy na mão no navegador.

    Esse meu script de firewall é de um firewall que ja tenho funcionando a anos e preciso trocar a maquina por esta nova.
    agradeço muito sua ajuda.

    Bom dia
    E teu squid, tá preparado para tratar tráfego de forma transparente?


    Network Analyst - Consultor para empresas
    contact skype: carlossouzainfo
    21 99180-8165 (WhattsApp)

    0 0
  • Quote





    • Patrocínio

    Site hospedado pelo provedor RedeHost.
    Linux banner

    Destaques

    Artigos

    Manutenção de sistemas Linux Debian e derivados com apt-get, apt, aptitude e dpkg

    Criatividade para TI parte 1

    Melhorando o tempo de boot do Fedora e outras distribuições

    Como instalar as extensões Dash To Dock e Hide Top Bar no Gnome 45/46

    E a guerra contra bots continua

    Dicas

    Como Atualizar Fedora 39 para 40

    Instalar Google Chrome no Debian e derivados

    Consertando o erro do Sushi e Wayland no Opensuse Leap 15

    Instalar a última versão do PostgreSQL no Lunix mantendo atualizado

    Flathub na sua distribuição Linux e comandos básicos de gerenciamento

    Tópicos

    Lançado Fedora 40 Final (3)

    Quais Shell Scripts vocês usam? (9)

    Clamav e suas atualizações (24)

    SENHA ADM (2)

    Desenvolvimento de um driver (17)

    Top 10 do mês

    Scripts

    [Shell Script] Script para desinstalar pacotes desnecessários no OpenSuse

    [Shell Script] Script para criar certificados de forma automatizada no OpenVpn

    [Shell Script] Conversor de vídeo com opção de legenda

    [C/C++] BRT - Bulk Renaming Tool

    [Shell Script] Criação de Usuarios , Grupo e instalação do servidor de arquivos samba

    A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.

    Site hospedado por: