Bloquear tudo e liberar apenas para IP's do Brasil [RESOLVIDO]

servidorlinux
(usa Debian)

Enviado em 01/10/2018 - 22:22h

Olá LSSilva obrigado pela atenção.

O script ficou assim, vou postar também a saida para os comandos iptables -nL e iptables -t nat -nL. Por favor, o que você puder me ajudar eu agradeço:

#!/bin/bash

#vars
iflocalnet="eth0"
localnet="192.168.8.0/24"
ifwan="eth1"

start (){
#Set permissive defaults
#Policy
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#Clean
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

##############
#Filter(INPUT)
##############
#Invalid
iptables -A INPUT -m state --state INVALID -j LOG --log-prefix "Firewall: Invalid Input "
iptables -A INPUT -m state --state INVALID -j DROP
#Valid
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#Services-Accept (TCP / LAN)
for port in $(cat /etc/firewall/rules/allow-ports-input-tcp-lan | grep -v "#")
do
iptables -A INPUT -p tcp -i $iflocalnet --dport $port -s $localnet -m state --state NEW --syn -j ACCEPT
done
#Services-Accept (UDP / LAN)
for port in $(cat /etc/firewall/rules/allow-ports-input-udp-lan | grep -v "#")
do
iptables -A INPUT -p udp -i $iflocalnet --dport $port -s $localnet -m state --state NEW -j ACCEPT
done

#Services-Accept (TCP / WAN)
for port in $(cat /etc/firewall/rules/allow-ports-input-tcp-wan | grep -v "#")
do
iptables -A INPUT -p tcp -i $ifwan --dport $port -m state --state NEW --syn -j ACCEPT
done
#Services-Accept (UDP / WAN)
for port in $(cat /etc/firewall/rules/allow-ports-input-udp-wan | grep -v "#")
do
iptables -A INPUT -p udp -i $ifwan --dport $port -m state --state NEW -j ACCEPT
done

#Services-Accept (ICMP)
iptables -A INPUT -p icmp --icmp-type echo-request -s $localnet -j ACCEPT

#Loopback
iptables -A INPUT -i lo -j ACCEPT

#Default LOG
iptables -A INPUT ! -i lo -j LOG --log-prefix "Firewall: Drop Input "

###############
#Filter(OUTPUT)
###############
iptables -A OUTPUT -m state --state INVALID -j LOG --log-prefix "Firewall: Invalid Output "
iptables -A OUTPUT -m state --state INVALID -j DROP

################
#Filter(FORWARD)
################
#Invalid
iptables -A FORWARD -m state --state INVALID -j LOG --log-prefix "Firewall: Invalid Forward "
iptables -A FORWARD -m state --state INVALID -j DROP
#Valid
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

#Blocked Sites
for site in $(cat /etc/firewall/rules/blocked-sites | grep -v "#")
do
iptables -I FORWARD -p tcp -m multiport --dports 80,443 -s $localnet -i $iflocalnet -m string --algo bm --string $site -j DROP
done

#Libera algum ip na rede pra acesso total
for ip in $(cat /etc/firewall/rules/allow-ips | grep -v "#")
do
iptables -I FORWARD -i $iflocalnet -s $ip -j ACCEPT
done

#Anti-Spoof Rule
iptables -A FORWARD -i $iflocalnet ! -s $localnet -j LOG --log-prefix "Firewall: Spoofed Packet "
iptables -A FORWARD -i $iflocalnet ! -s $localnet -j DROP

#Services-Accept (TCP)
for port in $(cat /etc/firewall/rules/allow-ports-forward-tcp | grep -v "#")
do
iptables -A FORWARD -p tcp -i $iflocalnet --dport $port -s $localnet -m state --state NEW --syn -j ACCEPT
done
#Services-Accept (UDP)
for port in $(cat /etc/firewall/rules/allow-ports-forward-udp | grep -v "#")
do
iptables -A FORWARD -p udp -i $iflocalnet --dport $port -s $localnet -m state --state NEW -j ACCEPT
done

#Services-Accept (ICMP)
iptables -A FORWARD -p icmp --icmp-type echo-request -s $localnet -i $iflocalnet -j ACCEPT

#Default LOG
iptables -A FORWARD ! -i lo -j LOG --log-prefix "Firewall: Drop Forward "
##################
#Nat - PreRouting
##################
#Proxy Transparente
#iptables -t nat -A PREROUTING -p tcp --dport 80 -i $iflocalnet -s $localnet -j REDIRECT --to-port 3128

##################
#Nat - PostRouting
##################
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o $ifwan -j MASQUERADE

#Misc.
#Não precisa colocar isso aqui
#O debian tem um arquivo "/etc/sysctl.conf", que contem essa e outras configurações
#É só descomentar a linha no dito arquivo, é bom ativar
#rp_filter
#tcp_syn_cookies
#Edite o arquivo descomentando as configurações que deseja e depois digite para ativar: "sysctl -p"

# echo 1 > /proc/sys/net/ipv4/ip_forward

}
stop (){
#Set permissive defaults
#Policy
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
#Clean
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
#Masquerading
iptables -t nat -A POSTROUTING -j MASQUERADE

}
case $1 in
start) start;;
stop) stop;;
restart) stop;start;;
*) echo "Use";;
esac



Saida para o comando iptables -nL:

Chain INPUT (policy DROP)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 state INVALID LOG flags 0 level 4 prefix "Firewall: Invalid Input "
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:2222 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:3128 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:3129 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:80 flags:0x17/0x02 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:53 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:67 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:123 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:443 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:587 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 flags:0x17/0x02 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:443 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:587 state NEW
ACCEPT icmp -- 192.168.8.0/24 0.0.0.0/0 icmptype 8
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "Firewall: Drop Input "

Chain FORWARD (policy DROP)
target prot opt source destination
DROP tcp -- 192.168.8.0/24 0.0.0.0/0 multiport dports 80,443 STRING match "youtube.com" ALGO name bm TO 65535
DROP tcp -- 192.168.8.0/24 0.0.0.0/0 multiport dports 80,443 STRING match "fb.com" ALGO name bm TO 65535
DROP tcp -- 192.168.8.0/24 0.0.0.0/0 multiport dports 80,443 STRING match "facebook.com" ALGO name bm TO 65535
LOG all -- 0.0.0.0/0 0.0.0.0/0 state INVALID LOG flags 0 level 4 prefix "Firewall: Invalid Forward "
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
LOG all -- !192.168.8.0/24 0.0.0.0/0 LOG flags 0 level 4 prefix "Firewall: Spoofed Packet "
DROP all -- !192.168.8.0/24 0.0.0.0/0
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:80 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:21 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:22 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:25 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:53 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:67 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:110 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:123 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:443 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:465 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:563 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:587 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:691 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:993 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:5006 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:5222 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:5228 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:8024 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:8291 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:2222 flags:0x17/0x02 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:53 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:67 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:123 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:443 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:587 state NEW
ACCEPT icmp -- 192.168.8.0/24 0.0.0.0/0 icmptype 8
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "Firewall: Drop Forward "

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 state INVALID LOG flags 0 level 4 prefix "Firewall: Invalid Output "
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID



Saida para o comando iptables -t nat -nL:

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0

LSSilva
(usa Outra)

Enviado em 02/10/2018 - 21:21h

Cara, era pra dar certo.

Explica direitinho como está essa rede sua, exemplo:

Modem Internet (192.168.1.1) -> Router Linux (192.168.2.1) -> Router Lab (192.168.8.1), contudo; configurações e script de firewall do "Router Linux" e demais routers/modem. Menos este que estamos trabalhando, é claro.

Preciso também que me mande a saída do comando no router lab:

ip addr show
ip route show

e mesmo comando nos computadores do laboratório, se forem linux; se forem windows:

route print
ipconfig /all

Verifica também como tá a configuração de proxy dos navegadores.

servidorlinux
(usa Debian)

Enviado em 03/10/2018 - 17:33h

Olá LSSilva, obrigado pelo retorno.

Vamos lá, vou postar por partes:

Por enquanto, nesta fase do desenvolvimento do script, estou trabalhando com duas máquinas virtuais no VMware, uma com duas placas de rede e linux Debian 8 é o meu Router Lab (192.168.8.1) e a outra com Windows 8.1 que está simulando na navegação do laboratório (192.168.8.2);

- Modem Internet (192.168.1.1) -> Router Linux (192.168.2.1) -> Router Lab (192.168.8.1):
Minha rede está assim: Roteador Internet (10.67.76.1) -> Router Linux (192.168.2.1) -> Router Lab (192.168.8.1)

O Roteador Internet principal não tenho acesso, só a Vivo.

O script do Router Linux é este:
#!/bin/bash
# Interface da Internet
ifinternet="eth0"

# Rede wan
redewan="10.67.76.0/24"


# Interface de Rede Local - 192.168.2.0
iflocal="eth1"

# Rede Local
redelocal="192.168.2.0/24"

iniciar(){

# Ativa o compartilhamento
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o $ifinternet -j MASQUERADE


# Bloqueia rp filter (IP-Spoofing)
echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter

# Bloqueia ping da morte
# iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
# iptables -A INPUT -p icmp -j DROP

# Bloqueia scanner oculto
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT

# Bloqueia SYN-FLOOD
echo 0 > /proc/sys/net/ipv4/tcp_syncookies
iptables -N SYN-FLOOD
iptables -A INPUT -p tcp --syn -j SYN-FLOOD
iptables -A SYN-FLOOD -m limit --limit 1/s --limit-burst 4 -j RETURN
iptables -A SYN-FLOOD -j DROP

# Somente pacotes validos
iptables -A INPUT -m state --state INVALID -j DROP

# Libera interface de loopback
iptables -A INPUT -i lo -j ACCEPT

# Libera SSH
iptables -A INPUT -p tcp --dport 2222 -j ACCEPT

# Libera portas para a rede local 192.168.2.0/24
iptables -A INPUT -s $redelocal -p tcp -m multiport --dport 21,23,53,80,110,443,465,587,993,995,3128 -j ACCEPT

# Libera a porta 80 do Apache para a rede cabeada 192.168.2.0/24
iptables -A INPUT -i $ifinternet -s $redewan -p tcp --dport 80 -j ACCEPT

# Libera a porta 3000 do NTOP para a rede cabeada 192.168.2.0/24
iptables -A INPUT -p tcp --dport 3000 -j ACCEPT

# # Libera para conexao ao Acess Point ip 192.168.4.2
# iptables -A INPUT -s 192.168.2.37 -d 192.168.4.2 -j ACCEPT

# Redireciona para o SQUID3 fazendo proxy transparente
iptables -t nat -A PREROUTING -i $iflocal -p tcp --dport 80 -j REDIRECT --to-port 3128
# iptables -t nat -A PREROUTING -i $iflocal -p tcp --dport 443 -j REDIRECT --to-port 3129

# Libera o servidor SAMBA
# iptables -A INPUT -p udp --dport 137 -j ACCEPT
# iptables -A INPUT -p udp --dport 138 -j ACCEPT
# iptables -A INPUT -p tcp --dport 139 -j ACCEPT
# iptables -A INPUT -p tcp --dport 445 -j ACCEPT

# Libera para a rede local
iptables -A INPUT -i $iflocal -j ACCEPT

# Bloqueia conexões de fora
iptables -A INPUT -p tcp --syn -j DROP

echo ""
echo "Regras de firewall aplicadas"
}

parar(){

# Para o firewall
iptables -F
iptables -F -t nat
iptables -X SYN-FLOOD
# iptables -X LISTAIPSEXTERNO

echo ""
echo "Regras de firewall desativadas"
}

case "$1" in
"start") iniciar ;;
"stop") parar ;;
"restart") parar; iniciar ;;
*) echo "Use os parâmetros iniciar, parar ou restart"
esac


O squid.conf, neste mesmo Router Linux é este:
visible_hostname FW

acl redelocal src 192.168.2.0/24

acl ipsbancadamanut src "/etc/squid3/ips-bancada.txt"
acl winupdatebancada url_regex -i "/etc/squid3/sites-winupdatebancada.txt"
acl lab1 src "/etc/squid3/ips-lab1.txt"
acl lab2 src "/etc/squid3/ips-lab2.txt"
acl lab3 src "/etc/squid3/ips-lab3.txt"
acl patio src "/etc/squid3/ips-patio.txt"
acl sites-bloqueados url_regex -i "/etc/squid3/sites-bloqueados.txt"
# acl sites-bloqueados-lab1 url_regex -i "/etc/squid3/sites-bloqueados-lab1.txt"
# acl sites-bloqueados-lab2 url_regex -i "/etc/squid3/sites-bloqueados-lab2.txt"
# acl sites-bloqueados-lab3 url_regex -i "/etc/squid3/sites-bloqueados-lab3.txt"
# acl sites-bloqueados-patio url_regex -i "/etc/squid3/sites-bloqueados-patio.txt"
acl sites-permitidos url_regex -i "/etc/squid3/sites-permitidos.txt"
acl streaming-bloqueados rep_mime_type -i "/etc/squid3/streaming-bloqueados.txt"
acl videos-bloqueados urlpath_regex -i "/etc/squid3/videos-bloqueados.txt"

acl snmppublic snmp_community public
snmp_port 3401
snmp_access allow snmppublic localhost
snmp_access deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 0.0.0.0

acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 2222 # ssh

acl Safe_ports port 80 # http
#acl Safe_ports port 21 # ftp
acl Safe_ports port 2222 # ssh
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 161 # protocolo snmp para os graficos do mrtg
#acl Safe_ports port 3000 # NTOP

acl CONNECT method CONNECT

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_port 3128 intercept

cache_mem 512 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 64 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid3 2048 16 256
cache_access_log /var/log/squid3/access.log


# redirect_program /usr/bin/squidGuard

# url_rewrite_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf


# https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myca.pem key=/etc/squid/ssl_cert/myca.pem

# http_access deny redelocal
# http_access deny lab1
# http_access deny lab2
# http_access deny lab3
# http_access deny patio

# always_direct allow all


http_access allow ipsbancadamanut winupdatebancada
http_access deny sites-bloqueados
http_access allow sites-permitidos


# http_access deny lab1 sites-bloqueados-lab1
# http_access deny lab1 streaming-bloqueados videos-bloqueados
# http_access deny lab1 videos-bloqueados


# http_access deny lab2 sites-bloqueados-lab2
# http_access deny lab2 streaming-bloqueados videos-bloqueados
# http_access deny lab2 videos-bloqueados


# http_access deny lab3 sites-bloqueados-lab3
# http_access deny lab3 streaming-bloqueados videos-bloqueados
# http_access deny lab3 videos-bloqueados


# http_access deny patio sites-bloqueados-patio
# http_access deny patio streaming-bloqueados videos-bloqueados
# http_access deny patio videos-bloqueados


http_access allow redelocal

#ssl_bump server-first all
#sslproxy_cert_error deny all
#sslproxy_flags DONT_VERIFY_PEER
#sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
#sslcrtd_children 8 startup=1 idle=1

coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 15 20% 2280


shutdown_lifetime 1 second

http_access deny all



- Preciso também que me mande a saída dos comandos no router lab:
#ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:85:40:dd brd ff:ff:ff:ff:ff:ff
inet 192.168.2.50/24 brd 192.168.2.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe85:40dd/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:85:40:e7 brd ff:ff:ff:ff:ff:ff
inet 192.168.8.1/24 brd 192.168.8.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe85:40e7/64 scope link
valid_lft forever preferred_lft forever

#ip route show
default via 192.168.2.2 dev eth0
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.50
192.168.8.0/24 dev eth1 proto kernel scope link src 192.168.8.1


No computador Windows do lab:
c:\>route print
===========================================================================
Lista de interfaces
3...00 0c 29 6b da 9a ......Intel(R) 82574L Gigabit Network Connection
1...........................Software Loopback Interface 1
4...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP
===========================================================================

Tabela de rotas IPv4
===========================================================================
Rotas ativas:
Endere&#135;o de rede M scara Ender. gateway Interface Custo
0.0.0.0 0.0.0.0 192.168.8.1 192.168.8.2 266
127.0.0.0 255.0.0.0 No v¡nculo 127.0.0.1 306
127.0.0.1 255.255.255.255 No v¡nculo 127.0.0.1 306
127.255.255.255 255.255.255.255 No v¡nculo 127.0.0.1 306
192.168.8.0 255.255.255.0 No v¡nculo 192.168.8.2 266
192.168.8.2 255.255.255.255 No v¡nculo 192.168.8.2 266
192.168.8.255 255.255.255.255 No v¡nculo 192.168.8.2 266
224.0.0.0 240.0.0.0 No v¡nculo 127.0.0.1 306
224.0.0.0 240.0.0.0 No v¡nculo 192.168.8.2 266
255.255.255.255 255.255.255.255 No v¡nculo 127.0.0.1 306
255.255.255.255 255.255.255.255 No v¡nculo 192.168.8.2 266
===========================================================================
Rotas persistentes:
Endere&#135;o de rede M scara Ender. gateway Custo
0.0.0.0 0.0.0.0 192.168.8.1 PadrÆo
===========================================================================

Tabela de rotas IPv6
===========================================================================
Rotas ativas:
Se destino de rede de m&#130;trica Gateway
1 306 ::1/128 No v¡nculo
3 266 fe80::/64 No v¡nculo
3 266 fe80::d160:c363:6b26:2a08/128
No v¡nculo
1 306 ff00::/8 No v¡nculo
3 266 ff00::/8 No v¡nculo
===========================================================================
Rotas persistentes:
Nenhuma


c:\>ipconfig /all

Configura&#135;Æo de IP do Windows

Nome do host. . . . . . . . . . . . . . . . : WIN-SQM90D6KTJG
Sufixo DNS prim rio . . . . . . . . . . . . :
Tipo de n¢. . . . . . . . . . . . . . . . . : h¡brido
Roteamento de IP ativado. . . . . . . . . . : nÆo
Proxy WINS ativado. . . . . . . . . . . . . : nÆo

Adaptador Ethernet Ethernet0:

Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri&#135;Æo . . . . . . . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Endere&#135;o F¡sico . . . . . . . . . . . . . . : 00-0C-29-6B-DA-9A
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura&#135;Æo Autom tica Habilitada. . . . . : Sim
Endere&#135;o IPv6 de link local . . . . . . . . : fe80::d160:c363:6b26:2a08%3(Preferencial)
Endere&#135;o IPv4. . . . . . . . . . . . . . . : 192.168.8.2(Preferencial)
M scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
Gateway PadrÆo. . . . . . . . . . . . . . . : 192.168.8.1
IAID de DHCPv6. . . . . . . . . . . . . . . : 50334761
DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-23-0F-AC-72-00-0C-29-6B-DA-9A
Servidores DNS. . . . . . . . . . . . . . . : 189.38.95.95
189.38.95.96
NetBIOS em Tcpip. . . . . . . . . . . . . . : Habilitado

Adaptador de t£nel isatap.{DA91A6F7-95FF-44C7-A124-2CB1E1F5B9BB}:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri&#135;Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP
Endere&#135;o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura&#135;Æo Autom tica Habilitada. . . . . : Sim



- Verifica também como tá a configuração de proxy dos navegadores:
Firefox (está com a extensão do Browsec instalado que cria uma VPN para nevegar): Proxy: Usar as configurações de proxy do sistema;
Chrome (não está com o Browsec instalado): Detectar automaticamente as configurações.

LSSilva
(usa Outra)

Enviado em 03/10/2018 - 20:20h

Complicado tu não dizer que era VM =\
Só coloca na máquina física e testa! Não vai ter erro.

servidorlinux
(usa Debian)

Enviado em 03/10/2018 - 22:37h

Me desculpe. Para mim funcionaria igual a maquina física. A diferença entre elas seria a interface de rede?
Já estou formatando e instalando uma maquina física. Vou fazer os testes e retorno.
Obrigado pela atenção.

servidorlinux
(usa Debian)

Enviado em 04/10/2018 - 17:45h

Olá LSSilva tudo bem?

Fiz a instalação e configuração na maquina física. Agora está navegando. Precisei liberar mais algumas portas e o meus arquivos ficaram assim:

- allow-ports-forward-tcp:
#http
80
#ftp
21
#ssh
22
#smtp
25
#dns
53
953
#dhcp
67
#pop
110
#ntp
123
#https
443
#tls-smtp
465
#tls-ntp
563
#tls-smtp
587
#MS-Exchange
691
#tls-imap
993
#voice-port
5006
#whatsapp
5222
5228
#radio
8024
#winbox
8291
#ssh
2222
#wais
210
#http-mgmt
280
#gss-http
488
#multiling http
777

- allow-ports-forward-udp
#dns
53
137
138
#dhcp
67
#ntp
123
#https
443
#tls-smtp
587

Fiz o seguinte teste:
- no Firefox instalei a extensão do Browsec, que cria uma VPN, e não bloqueou o Facebook e o Youtube, mesmo estando as urls facebook.com e youtube.com no arquivo Blocked-sites;

- no Chrome não instalei a extensão e os sites facebook.com e youtube.com foram bloqueados.

O que podemos fazer para bloquear esta navegação indevida via Browsec?

LSSilva
(usa Outra)

Enviado em 04/10/2018 - 21:43h

Cara, essa questão da extensão vai ser um pouco complicada, vai te dar trabalho. Vai ter que descobrir os IP's que a extensão usa e bloquear, vai ter que testar até pegar todos. Você pode ir bloqueando redes ao invés de IP's , mais pode ocorrer de bloquear outras coisas.
Por exemplo, você notou que a extensão conecta no IP 12.131.12.11, daí já bloquearia a faixa /24, tipo: 12.131.12.0/24.

Pra ver este tráfego vai ter que "logar" o que uma maquina fizer. Por exemplo, se está fazendo testes na maquina 192.168.8.77, ira criar a regra:

iptables -A FORWARD -s 192.168.8.77 -j LOG --log-prefix "Pacote PC teste"

 

E depois com o comando:

tail /var/log/messages -n 60 | grep "Pacote PC teste"

 

Ver o que está trafegando, esse 60 específica a quantidade de linhas a serem exibidas. Muito cuidado pra não bloquear o que não deve, certifique-se que no momento esteja trafegando apenas dados da VPN.

Depois que pegar todos os IPS ou redes, vai jogar em um arquivo, exemplo: /etc/firewall/ips-vpn

E criar uma regra no firewall:

for i in $(cat /etc/firewall/ips-vpn);

do

iptables -I FORWARD -d $i -j DROP

done

 

Lembrando que o que você procura nos logs é dst-address.

servidorlinux
(usa Debian)

Enviado em 04/10/2018 - 22:54h

Olá LSSilva tudo bem?

Obrigado pelo retorno.

Cheguei a fazer isto por algum tempo, algumas semanas, e fui formando uma lista com os ips e cheguei a lista abaixo:

146.185.157.0/24
178.62.153.0/24
188.226.220.0/24
188.226.226.0/24
146.185.156.0/24
178.62.208.0/24
38.124.168.0/24
192.81.223.0/24
38.117.98.0/24
178.62.221.0/24
82.196.2.0/24
4.28.136.0/24
13.68.93.0/24
66.110.49.0/24
82.196.1.0/24
178.62.237.0/24
178.62.220.0/24
178.62.234.0/24
198.211.126.0/24
80.240.128.0/24
146.185.185.0/24
178.62.238.0/24
178.62.137.0/24
178.62.208.0/24
146.185.158.0/24
37.139.25.0/24
65.55.44.0/24
82.196.9.0/24
95.85.33.0/24

A extensão do Browsec fica fazendo Handshake até encontrar outro ip disponível e libera toda a navegação. Por isto a minha idéia inicial, liberar apenas para ips do Brasil porque verifiquei que os servidores do Browsec são todos em outros países. Mas não havia conseguido escrever o script para isto. Vou testar o seu script que você havia mandado, mas agora na máquina física.

Ou alguma outra idéia?

Tem uma forma de bloquear a extensão?

LSSilva
(usa Outra)

Enviado em 05/10/2018 - 10:39h

Você pode testar aquele script agora que dará certo, porém vários serviços estão no exterior; o que vai empedir o funcionamento correto da rede. O que vale é insistir mais um pouco nessa idéia de identificar os IP's/redes. Esses VPN's clients são complicados de lidar mesmo. É bem provável também que esta lista mude com o tempo, te forçando a atualizar. Se conhecessemos melhor o funcionamento da extensão/client talvez pudessemos encontrar um meio mais "elegante" de lidar com isto. Emergencialmente, essa alternativa é válida.

Consegue enviar o log de tráfego de pacotes desta VPN para análise?

[]'s

servidorlinux
(usa Debian)

Enviado em 05/10/2018 - 23:05h

LSSilva, a navegação está intermitente, ora navega, ora não navega, não sei porque está dando erro de dns_probe_finished_no_internet e err_connection_timed_out. Agora estou na máquina fisica.

Postei o meu script e as saídas dos comandos iptables -t nat -nL, iptables -nL, ip addr show, ip route show, route print e ipconfig /all. Mando também os meus arquivos de /etc/firewall/rules:

#!/bin/bash

#vars
iflocalnet="eth1"
localnet="192.168.8.0/24"
ifwan="eth0"

start (){
#Set permissive defaults
#Policy
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#Clean
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

##############
#Filter(INPUT)
##############
#Invalid
iptables -A INPUT -m state --state INVALID -j LOG --log-prefix "Firewall: Invalid Input "
iptables -A INPUT -m state --state INVALID -j DROP
#Valid
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#Services-Accept (TCP / LAN)
for port in $(cat /etc/firewall/rules/allow-ports-input-tcp-lan | grep -v "#")
do
iptables -A INPUT -p tcp -i $iflocalnet --dport $port -s $localnet -m state --state NEW --syn -j ACCEPT
done

#Services-Accept (UDP / LAN)
for port in $(cat /etc/firewall/rules/allow-ports-input-udp-lan | grep -v "#")
do
iptables -A INPUT -p udp -i $iflocalnet --dport $port -s $localnet -m state --state NEW -j ACCEPT
done

#Services-Accept (TCP / WAN)
for port in $(cat /etc/firewall/rules/allow-ports-input-tcp-wan | grep -v "#")
do
iptables -A INPUT -p tcp -i $ifwan --dport $port -m state --state NEW --syn -j ACCEPT
done

#Services-Accept (UDP / WAN)
for port in $(cat /etc/firewall/rules/allow-ports-input-udp-wan | grep -v "#")
do
iptables -A INPUT -p udp -i $ifwan --dport $port -m state --state NEW -j ACCEPT
done

#Services-Accept (ICMP)
iptables -A INPUT -p icmp --icmp-type echo-request -s $localnet -j ACCEPT


#Loopback
iptables -A INPUT -i lo -j ACCEPT

#Default LOG
iptables -A INPUT ! -i lo -j LOG --log-prefix "Firewall: Drop Input "

###############
#Filter(OUTPUT)
###############
iptables -A OUTPUT -m state --state INVALID -j LOG --log-prefix "Firewall: Invalid Output "
iptables -A OUTPUT -m state --state INVALID -j DROP

################
#Filter(FORWARD)
################
#Invalid
iptables -A FORWARD -m state --state INVALID -j LOG --log-prefix "Firewall: Invalid Forward "
iptables -A FORWARD -m state --state INVALID -j DROP
#Valid
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

#Blocked Sites
for site in $(cat /etc/firewall/rules/blocked-sites | grep -v "#")
do
iptables -I FORWARD -p tcp -m multiport --dports 80,443 -s $localnet -i $iflocalnet -m string --algo bm --string $site -j DROP
done

#Libera algum ip na rede pra acesso total
for ip in $(cat /etc/firewall/rules/allow-ips | grep -v "#")
do
iptables -I FORWARD -i $iflocalnet -s $ip -j ACCEPT
done

#Anti-Spoof Rule
iptables -A FORWARD -i $iflocalnet ! -s $localnet -j LOG --log-prefix "Firewall: Spoofed Packet "
iptables -A FORWARD -i $iflocalnet ! -s $localnet -j DROP

#Services-Accept (TCP)
for port in $(cat /etc/firewall/rules/allow-ports-forward-tcp | grep -v "#")
do
iptables -A FORWARD -p tcp -i $iflocalnet --dport $port -s $localnet -m state --state NEW --syn -j ACCEPT
done

#Services-Accept (UDP)
for port in $(cat /etc/firewall/rules/allow-ports-forward-udp | grep -v "#")
do
iptables -A FORWARD -p udp -i $iflocalnet --dport $port -s $localnet -m state --state NEW -j ACCEPT
done

#Services-Accept (ICMP)
iptables -A FORWARD -p icmp --icmp-type echo-request -s $localnet -i $iflocalnet -j ACCEPT

#Default LOG
iptables -A FORWARD ! -i lo -j LOG --log-prefix "Firewall: Drop Forward "

##################
#Nat - PreRouting
##################
#Proxy Transparente
#iptables -t nat -A PREROUTING -p tcp --dport 80 -i $iflocalnet -s $localnet -j REDIRECT --to-port 3128
##################
#Nat - PostRouting
##################
iptables -t nat -A POSTROUTING -o $ifwan -j MASQUERADE

#Misc.
#Não precisa colocar isso aqui
#O debian tem um arquivo "/etc/sysctl.conf", que contem essa e outras configurações
#É só descomentar a linha no dito arquivo, é bom ativar
#rp_filter
#tcp_syn_cookies
#Edite o arquivo descomentando as configurações que deseja e depois digite para ativar: "sysctl -p"
echo 1 > /proc/sys/net/ipv4/ip_forward

}
stop (){
#Set permissive defaults
#Policy
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
#Clean
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
#Masquerading
iptables -t nat -A POSTROUTING -j MASQUERADE

}
case $1 in
start) start;;
stop) stop;;
restart) stop;start;;
*) echo "Use";;
esac

allow-ports-forward-tcp:
#http
80
#ftp
21
#ssh
22
#smtp
25
#dns
53
953
#dhcp
67
#pop
110
#ntp
123
#https
443
#tls-smtp
465
#tls-ntp
563
#tls-smtp
587
#MS-Exchange
691
#tls-imap
993
#voice-port
5006
#whatsapp
5222
5228
#radio
8024
#winbox
8291
#ssh
2222
#wais
210
#http-mgmt
280
#gss-http
488
#multiling http
777
#gopher
70
#filemaker
591
#swat
901

allow-ports-forward-udp:
#dns
53
137
138
#dhcp
67
#ntp
123
#https
443
#tls-smtp
587

allow-ports-input-tcp-lan:
#ssh
2222
#proxy
3128
3129
#http
80
#https
443
#dns
953

allow-ports-input-tcp-wan:
#ssh
2222

allow-ports-input-udp-lan:
#dns
53
137
138
#dhcp
67
#ntp
123
#https
443
#tls-smtp
587

allow-ports-input-udp-wan:
#dns
53
137
138
#dhcp
67
#ntp
123
#https
443
#tls-smtp
587

blocked-sites:
#Bloqueia facebook
facebook.com
facebook.com.br
fb.com
#Bloqueia youtube
youtube.com

A saida do comando iptables -t nat -nL é esta:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0


A saída do comando iptables -nL é esta:
Chain INPUT (policy DROP)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 state INVALID LOG flags 0 level 4 prefix "Firewall: Invalid Input "
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:2222 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:3128 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:3129 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:80 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:443 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:953 flags:0x17/0x02 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:53 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:137 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:138 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:67 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:123 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:443 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:587 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 flags:0x17/0x02 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:443 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:587 state NEW
ACCEPT icmp -- 192.168.8.0/24 0.0.0.0/0 icmptype 8
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "Firewall: Drop Input "

Chain FORWARD (policy DROP)
target prot opt source destination
DROP tcp -- 192.168.8.0/24 0.0.0.0/0 multiport dports 80,443 STRING match "youtube.com" ALGO name bm TO 65535
DROP tcp -- 192.168.8.0/24 0.0.0.0/0 multiport dports 80,443 STRING match "fb.com" ALGO name bm TO 65535
DROP tcp -- 192.168.8.0/24 0.0.0.0/0 multiport dports 80,443 STRING match "facebook.com.br" ALGO name bm TO 65535
DROP tcp -- 192.168.8.0/24 0.0.0.0/0 multiport dports 80,443 STRING match "facebook.com" ALGO name bm TO 65535
LOG all -- 0.0.0.0/0 0.0.0.0/0 state INVALID LOG flags 0 level 4 prefix "Firewall: Invalid Forward "
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
LOG all -- !192.168.8.0/24 0.0.0.0/0 LOG flags 0 level 4 prefix "Firewall: Spoofed Packet "
DROP all -- !192.168.8.0/24 0.0.0.0/0
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:80 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:21 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:22 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:25 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:53 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:953 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:67 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:110 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:123 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:443 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:465 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:563 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:587 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:691 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:993 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:5006 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:5222 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:5228 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:8024 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:8291 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:2222 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:210 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:280 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:488 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:777 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:70 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:591 flags:0x17/0x02 state NEW
ACCEPT tcp -- 192.168.8.0/24 0.0.0.0/0 tcp dpt:901 flags:0x17/0x02 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:53 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:137 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:138 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:67 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:123 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:443 state NEW
ACCEPT udp -- 192.168.8.0/24 0.0.0.0/0 udp dpt:587 state NEW
ACCEPT icmp -- 192.168.8.0/24 0.0.0.0/0 icmptype 8
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "Firewall: Drop Forward "

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 state INVALID LOG flags 0 level 4 prefix "Firewall: Invalid Output "
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID

ip addr show:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:08:54:28:c7:64 brd ff:ff:ff:ff:ff:ff
inet 192.168.8.1/24 brd 192.168.8.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::208:54ff:fe28:c764/64 scope link
valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0f:ea:d7:a8:0f brd ff:ff:ff:ff:ff:ff
inet 192.168.2.50/24 brd 192.168.2.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20f:eaff:fed7:a80f/64 scope link
valid_lft forever preferred_lft forever

ip route show:
default via 192.168.2.1 dev eth0
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.50
192.168.8.0/24 dev eth1 proto kernel scope link src 192.168.8.1

route print:
===========================================================================
Lista de interfaces
11...00 40 a7 13 53 cb ......NIC Gigabit Ethernet PCI-E Realtek Fam¡lia RTL8168B/8111B (NDIS 6.20)
14...0a 00 27 00 00 0e ......VirtualBox Host-Only Ethernet Adapter
20...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
21...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP #2
18...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP #3
19...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP #4
===========================================================================

Tabela de rotas IPv4
===========================================================================
Rotas ativas:
Endere&#135;o de rede M scara Ender. gateway Interface Custo
0.0.0.0 0.0.0.0 192.168.8.1 192.168.8.2 276
127.0.0.0 255.0.0.0 No v¡nculo 127.0.0.1 306
127.0.0.1 255.255.255.255 No v¡nculo 127.0.0.1 306
127.255.255.255 255.255.255.255 No v¡nculo 127.0.0.1 306
192.168.8.0 255.255.255.0 No v¡nculo 192.168.8.2 276
192.168.8.2 255.255.255.255 No v¡nculo 192.168.8.2 276
192.168.8.255 255.255.255.255 No v¡nculo 192.168.8.2 276
192.168.56.0 255.255.255.0 No v¡nculo 192.168.56.1 266
192.168.56.1 255.255.255.255 No v¡nculo 192.168.56.1 266
192.168.56.255 255.255.255.255 No v¡nculo 192.168.56.1 266
192.168.92.0 255.255.255.0 No v¡nculo 192.168.92.1 276
192.168.92.1 255.255.255.255 No v¡nculo 192.168.92.1 276
192.168.92.255 255.255.255.255 No v¡nculo 192.168.92.1 276
192.168.161.0 255.255.255.0 No v¡nculo 192.168.161.1 276
192.168.161.1 255.255.255.255 No v¡nculo 192.168.161.1 276
192.168.161.255 255.255.255.255 No v¡nculo 192.168.161.1 276
224.0.0.0 240.0.0.0 No v¡nculo 127.0.0.1 306
224.0.0.0 240.0.0.0 No v¡nculo 192.168.56.1 266
224.0.0.0 240.0.0.0 No v¡nculo 192.168.8.2 276
224.0.0.0 240.0.0.0 No v¡nculo 192.168.92.1 276
224.0.0.0 240.0.0.0 No v¡nculo 192.168.161.1 276
255.255.255.255 255.255.255.255 No v¡nculo 127.0.0.1 306
255.255.255.255 255.255.255.255 No v¡nculo 192.168.56.1 266
255.255.255.255 255.255.255.255 No v¡nculo 192.168.8.2 276
255.255.255.255 255.255.255.255 No v¡nculo 192.168.92.1 276
255.255.255.255 255.255.255.255 No v¡nculo 192.168.161.1 276
===========================================================================
Rotas persistentes:
Endere&#135;o de rede M scara Ender. gateway Custo
0.0.0.0 0.0.0.0 192.168.8.1 PadrÆo
===========================================================================

Tabela de rotas IPv6
===========================================================================
Rotas ativas:
Se destino de rede de m&#130;trica Gateway
1 306 ::1/128 No v¡nculo
14 266 fe80::/64 No v¡nculo
11 276 fe80::/64 No v¡nculo
20 276 fe80::/64 No v¡nculo
21 276 fe80::/64 No v¡nculo
21 276 fe80::347c:2f93:52a9:ef38/128
No v¡nculo
20 276 fe80::81ad:3715:a9f4:f5ff/128
No v¡nculo
14 266 fe80::c88f:ccd3:1853:3052/128
No v¡nculo
11 276 fe80::ccf3:5d39:2d98:a200/128
No v¡nculo
1 306 ff00::/8 No v¡nculo
14 266 ff00::/8 No v¡nculo
11 276 ff00::/8 No v¡nculo
20 276 ff00::/8 No v¡nculo
21 276 ff00::/8 No v¡nculo
===========================================================================
Rotas persistentes:
Nenhuma


ipconfig /all:

Configura&#135;Æo de IP do Windows

Nome do host. . . . . . . . . . . . . . . . : manutencaobancada
Sufixo DNS prim rio . . . . . . . . . . . . :
Tipo de n¢. . . . . . . . . . . . . . . . . : h¡brido
Roteamento de IP ativado. . . . . . . . . . : nÆo
Proxy WINS ativado. . . . . . . . . . . . . : nÆo

Adaptador Ethernet ConexÆo local:

Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri&#135;Æo . . . . . . . . . . . . . . . . . : NIC Gigabit Ethernet PCI-E Realtek Fam¡lia RTL8168B/8111B (NDIS 6.20)
Endere&#135;o F¡sico . . . . . . . . . . . . . . : 00-40-A7-13-53-CB
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura&#135;Æo Autom tica Habilitada. . . . . : Sim
Endere&#135;o IPv6 de link local . . . . . . . . : fe80::ccf3:5d39:2d98:a200%11(Preferencial)
Endere&#135;o IPv4. . . . . . . . . . . . . . . : 192.168.8.2(Preferencial)
M scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
Gateway PadrÆo. . . . . . . . . . . . . . . : 192.168.8.1
IAID de DHCPv6. . . . . . . . . . . . . . . : 234897575
DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-21-1F-8F-A8-00-40-A7-13-53-CB
Servidores DNS. . . . . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS em Tcpip. . . . . . . . . . . . . . : Habilitado

Adaptador Ethernet VirtualBox Host-Only Network:

Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri&#135;Æo . . . . . . . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Endere&#135;o F¡sico . . . . . . . . . . . . . . : 0A-00-27-00-00-0E
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura&#135;Æo Autom tica Habilitada. . . . . : Sim
Endere&#135;o IPv6 de link local . . . . . . . . : fe80::c88f:ccd3:1853:3052%14(Preferencial)
Endere&#135;o IPv4. . . . . . . . . . . . . . . : 192.168.56.1(Preferencial)
M scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
Gateway PadrÆo. . . . . . . . . . . . . . . :
IAID de DHCPv6. . . . . . . . . . . . . . . : 319422503
DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-21-1F-8F-A8-00-40-A7-13-53-CB
Servidores DNS. . . . . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS em Tcpip. . . . . . . . . . . . . . : Habilitado

Adaptador Ethernet VMware Network Adapter VMnet1:

Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri&#135;Æo . . . . . . . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Endere&#135;o F¡sico . . . . . . . . . . . . . . : 00-50-56-C0-00-01
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura&#135;Æo Autom tica Habilitada. . . . . : Sim
Endere&#135;o IPv6 de link local . . . . . . . . : fe80::81ad:3715:a9f4:f5ff%20(Preferencial)
Endere&#135;o IPv4. . . . . . . . . . . . . . . : 192.168.92.1(Preferencial)
M scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
Gateway PadrÆo. . . . . . . . . . . . . . . :
IAID de DHCPv6. . . . . . . . . . . . . . . : 453005398
DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-21-1F-8F-A8-00-40-A7-13-53-CB
Servidores DNS. . . . . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS em Tcpip. . . . . . . . . . . . . . : Habilitado

Adaptador Ethernet VMware Network Adapter VMnet8:

Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri&#135;Æo . . . . . . . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Endere&#135;o F¡sico . . . . . . . . . . . . . . : 00-50-56-C0-00-08
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura&#135;Æo Autom tica Habilitada. . . . . : Sim
Endere&#135;o IPv6 de link local . . . . . . . . : fe80::347c:2f93:52a9:ef38%21(Preferencial)
Endere&#135;o IPv4. . . . . . . . . . . . . . . : 192.168.161.1(Preferencial)
M scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
Gateway PadrÆo. . . . . . . . . . . . . . . :
IAID de DHCPv6. . . . . . . . . . . . . . . : 486559830
DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-21-1F-8F-A8-00-40-A7-13-53-CB
Servidores DNS. . . . . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS em Tcpip. . . . . . . . . . . . . . : Habilitado

Adaptador de t£nel isatap.{09C21422-F4BD-454D-AC8C-649689CB9542}:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri&#135;Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP
Endere&#135;o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura&#135;Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri&#135;Æo . . . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Endere&#135;o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura&#135;Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel isatap.{A228B3AE-17BA-4261-8A7D-5DE53469BE2C}:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri&#135;Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP #2
Endere&#135;o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura&#135;Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel isatap.{4524335E-9333-4DF5-A55D-71594040FEF0}:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri&#135;Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP #3
Endere&#135;o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura&#135;Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel isatap.{613F099D-B263-425C-8AE8-85062772DBF5}:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri&#135;Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP #4
Endere&#135;o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura&#135;Æo Autom tica Habilitada. . . . . : Sim

LSSilva
(usa Outra)

Enviado em 06/10/2018 - 10:58h

Acredito que seja algum erro de hardware, tente substituir a placa de rede offboard, se houver.

servidorlinux
(usa Debian)

Enviado em 08/10/2018 - 19:57h

Olá LSSilva. Muito bem era isto mesmo. Troquei a placa de rede e ficou normal. Troquei também o slot pci que estava espetada.

Abaixo estou postando o log da VPN Browsec para análise. Executei o comando tail /var/log/messages -n 100 | grep "Pacote PC teste"

Este log é somete da maquina de teste que estava navegando pelo Browsec:

Oct 8 19:50:50 fwlab kernel: [ 9886.717990] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10399 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.718257] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10400 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.720741] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10401 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=58400 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.720813] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10402 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.735242] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10403 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.735464] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10404 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.763060] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10405 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=62780 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.763146] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10406 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.779654] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=1500 TOS=0x00 PREC=0x00 TTL=127 ID=10407 DF PROTO=TCP SPT=51686 DPT=443 WINDOW=63139 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.779705] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=697 TOS=0x00 PREC=0x00 TTL=127 ID=10408 DF PROTO=TCP SPT=51686 DPT=443 WINDOW=63139 RES=0x00 ACK PSH URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.793024] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10409 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.793187] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10410 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.793461] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10411 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.793707] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10412 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.793951] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10413 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.794371] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10414 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.800013] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10415 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.800276] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10416 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.800539] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10417 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.800788] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10418 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.801019] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10419 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.805126] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10420 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.805301] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10421 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.805546] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10422 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.805795] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10423 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.806075] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10424 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.806324] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10425 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.857095] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10426 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.861162] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10427 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=58400 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.861263] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10428 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.861418] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10429 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=58400 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.861443] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10430 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=62152 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.862831] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10431 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.870948] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10432 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.871742] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10433 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.871994] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10434 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.872241] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10435 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.872732] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10436 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.894291] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10437 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=62780 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.894385] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10438 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.914015] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=1312 TOS=0x00 PREC=0x00 TTL=127 ID=10439 DF PROTO=TCP SPT=51844 DPT=443 WINDOW=63552 RES=0x00 ACK PSH URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.915427] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10440 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.915681] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10441 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.916054] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10442 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.916248] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10443 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.924738] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=104.88.113.238 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=10444 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=16376
Oct 8 19:50:50 fwlab kernel: [ 9886.945465] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10445 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.945607] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10446 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.945900] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10447 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.946120] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10448 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.951994] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10449 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.952444] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10450 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.952472] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10451 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.952647] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10452 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.952881] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10453 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.953125] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10454 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.953375] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10455 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.953621] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10456 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=61320 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.953867] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10457 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=58400 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.954186] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10458 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.954819] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10459 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9886.964634] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=52.84.179.10 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=10460 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=16377
Oct 8 19:50:50 fwlab kernel: [ 9887.009504] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10461 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.009655] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10462 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.009915] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10463 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.010145] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10464 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.010385] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10465 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=61320 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.010628] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10466 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=58400 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.010946] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10467 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.013778] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10468 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.014379] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10469 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.014546] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10470 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=62780 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.014802] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10471 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=59860 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.015044] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10472 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=56940 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.015156] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10473 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.015288] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10474 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.016147] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10475 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.023331] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10476 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.023552] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10477 DF PROTO=TCP SPT=51931 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.042886] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10478 DF PROTO=TCP SPT=51928 DPT=443 WINDOW=0 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.046735] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10479 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.046890] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10480 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.047220] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10481 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.047389] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10482 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.068152] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10483 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.068379] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10484 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.068637] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10485 DF PROTO=TCP SPT=51934 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.097604] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10486 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.097841] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10487 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.098104] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10488 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.098346] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10489 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.098586] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10490 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.098855] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10491 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.099227] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10492 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.099473] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10493 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.099996] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10494 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.103958] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10495 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.104197] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10496 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.105951] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10497 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=58400 RES=0x00 ACK URGP=0
Oct 8 19:50:50 fwlab kernel: [ 9887.106006] Pacote PC testeIN=eth1 OUT=eth0 MAC=00:02:2a:da:73:65:00:40:a7:13:53:cb:08:00 SRC=192.168.8.2 DST=162.243.246.160 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=10498 DF PROTO=TCP SPT=51933 DPT=443 WINDOW=64240 RES=0x00 ACK URGP=0