Firewall (iptables)

Deixe um comentário Ir para os comentários

*******************************************************************************
Configurar e Gerenciar o Firewall (iptables)
Criado por: Alessandro C. M. Kuramoto
Data: 19/09/2008
Modificado em: 03/08/2010-18:00
v.20100803-1800
Palavras-chaves: iptables, firewall
keywords: iptables, firewall

If you want to know something about this file, send an e-mail to me at the
sancmk@gmail.com or post a comment here (at the Word Press)

moshi kono fairu no koto wo shiteitakatara, boku ni email wo okutte kudasai,
matawa kono Word Press ni chuushaku mo shitte ii desu.
boku no email wa sancmk@gmail.com desu

Por favor, matenham o nome do autor deste arquivo.
*******************************************************************************

###############################################################################
# Avisos!!!
###############################################################################

http://memovirtual.worpress.com

## Atenção no site memovirtual:
## As opções passadas com – – (menos,menos) no site podem ter ficado
## com um — (travessão), assim use o “man” para confirmar a opção utilizada

## Desculpem-me pelos erros de português, mas vocês sabem…
## nossa lingua é fácil… e às vezes ao escrever o pensamento está
## lá na frente, enquanto que a digitação…

http://spamcleaner.org/en/misc/iptables-comment.html

http://ipset.netfilter.org/iptables.man.html

http://www.gentoo.org/doc/en/home-router-howto.xml

Iptables trabalhando com Layer7:

http://cdom.wordpress.com/2008/02/02/iptables-trabalhando-com-layer7/

http://cdom.wordpress.com/category/software-livre/

http://wiki.joyrex.net/wiki/Gentoo,_Relakks_VPN,_NAT_and_Firewall

<M> “comment” match suppor

|##########^ Avisos!!! #######################################################|

###############################################################################
# Temp:
###############################################################################

|##########^ Temp ############################################################|

###############################################################################
# Ambiente:
###############################################################################

Hardware: VMWare de teste

SO: Debian 4.0 (Etch) e 5.0 (Lenny)

|##########^ Ambiente ########################################################|

###############################################################################
# Conceitos:
###############################################################################
>Conceitos

Firewall:

http://pt.wikipedia.org/wiki/Firewall

Capítulo 7. Firewalls

http://web.mit.edu/rhel-doc/4/RH-DOCS/rhel-sg-pt_br-4/ch-fw.html

===============================================================================
Vantagens em utilizar um Firewall:
===============================================================================

http://www.microsoft.com/brasil/athome/security/viruses/fwbenefits.mspx

|==========^ Vantagens em utilizar um Firewall ===============================|

The State Match

The most useful match criterion is supplied by the `state’ extension, which interprets the connection-tracking analysis of the `ip_conntrack’ module. This is highly recommended.

Specifying `-m state’ allows an additional `–state’ option, which is a comma-separated list of states to match (the `!’ flag indicates not to match those states). These states are:

—
NEW
A packet which creates a new connection.

—
ESTABLISHED
A packet which belongs to an existing connection (i.e., a reply packet, or outgoing packet on a connection which has seen replies).

—
RELATED
A packet which is related to, but not part of, an existing connection, such as an ICMP error, or (with the FTP module inserted), a packet establishing an ftp data connection.

|##########^ Conceitos #######################################################|

###############################################################################
# Instalando: ( ~10 min <depende da taxa de Download>)
###############################################################################

## Normalmente o iptables já vem instalado no Linux

===============================================================================
Instalando o iptables no Debian 4.0 Etch e 5.0 (Lenny):
===============================================================================

|<<<<<<<<<<<<<< #### Instalando ####
|<<<<<<<<<<<<<< ==== Instalando o iptables no Debian ====

## Instalar também o iproute (caso necessário):
apt-get install iptables

|==========^ Instalando o iptables no Debian 4.0 Etch e 5.0 (Lenny) ==========|

===============================================================================
Instalando/Compilando o iptables no Gentoo:
===============================================================================

|<<<<<<<<<<<<<< #### Instalando ####
|<<<<<<<<<<<<<< ==== Instalando/Compilando o iptables no Gentoo ====

## Instalar também o iptables (caso necessário):
emerge iptables

|==========^ Instalando/Compilando o iptables no Gentoo ======================|

|##########^ Instalando ######################################################|

###############################################################################
# Configurando um Firewall no Linux:
###############################################################################

### Habilitar o roteamento:
## Editar o arquivo: /etc/sysctl.conf
vim /etc/sysctl.conf
_______________________________________________________________________________
Arquivo: /etc/sysctl.conf (Permissões: -rw-r–r– 1 root root)
SO: Debian 5.0
—————————————————————–

.
..
…

### Descomentar a linha net.ipv4.ip_forward=1 para habilitar o roteamento
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

…
..
.

|———-^ Arquivo: /etc/sysctl.conf —————————————|

### Para habilitar o roteamento on-line:
echo ’1′ > /proc/sys/net/ipv4/ip_forward

(Fonte: http://netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html)

|##########^ Configurando um Firewall no Linux ###############################|

###############################################################################
# Comandos de iptables:
###############################################################################

## Para visualizar a tabela de filtragem (filter):
iptables -nL

### Para listar todas as regras com o número da linha e pacotes trafegados:
iptables –line-number -v -nL

## Para visualizar a tabela de NAT (conversão de endereço):
iptables -t nat -nL

## Para limpar a tabela de filtragem (filter):
iptables -F

## Para limpar a tabela de NAT (conversão de endereço):
iptables -t nat -F

iptables -t nat -A PREROUTING -p tcp -d 200.200.200.9 –dport 445 -j DNAT –to 10.10.10.9

iptables -t nat -A PREROUTING -d 200.200.200.9 -p tcp –dport 445 -i eth0 -j DNAT –to 10.10.10.9:445

iptables -t nat -A POSTROUTING -s 10.10.10.9 -p tcp –dport 445 -j SNAT –to 192.168.0.199:445
iptables -t nat -A POSTROUTING -s 10.10.10.9 -p tcp –dport 445 -j SNAT –to 192.168.0.199:445

|##########^ Comandos de iptables ############################################|

###############################################################################
# Criando Regras de Firewall no iptables:
###############################################################################

===============================================================================
NAT
===============================================================================

### NAT MASQUERADE:
## Faz NAT para o IP da eth0 para todos os pacotes saindo pela eth0:
iptables -t nat -A POSTROUTING -s 0/0 -d 0/0 -o eth0 -j MASQUERADE

## Faz NAT de uma rede específica saindo pela eth0:
iptables -t nat -A POSTROUTING -s 10.161.1.0/24 -d 0/0 -o eth0 -j MASQUERADE

### Opções:
# -A – CHAIN
# -d – Destino
# -j – Ação (Alvo)
# -o – Interface de saída
# -s – Rede ou Host de origem
# -t – Usado para especificar a tabela. Exemplo: filter, nat

### NAT de saída:
iptables -t nat -A POSTROUTING -o eth0 -s 10.161.1.2 -d 0/0 -j SNAT –to 10.10.10.217

### NAT 1:1 de entrada:
## Configurar um IP virtual em uma inteface:
ifconfig eth0:0 10.10.10.217 netmask 255.255.255.0

## Criar o NAT entrando pela Interface eth0
iptables -t nat -A PREROUTING -i eth0 -s 0/0 -d 10.10.10.217 -j DNAT –to 10.161.1.2

### Opções:
# -A – CHAIN
# -d – Destino
# -j – Ação (Alvo)
# -o – Interface de saída
# -s – Rede ou Host de origem
# -t – Usado para especificar a tabela. Exemplo: filter, nat

|<<<<<<<<<<<<<< #### Criando Regras de Firewall no iptables ####
### Opções Geral:
# -A – CHAINs. Exemplo: POSTROUTING, PREROUTING
# -d – Destino
# -i – Interface de entrada
# -j – Ação (Alvo). Exemplo: MASQUERADE, DNAT
# -o – Interface de saída
# -s – Rede ou Host de origem
# -t – Usado para especificar a tabela. Exemplo: filter, nat

|==========^ NAT =============================================================|

|##########^ Criando Regras de Firewall no iptables ##########################|

###############################################################################
# Vários Exemplos de Regras no iptables:
###############################################################################
>Exemplos de Regras

### Para permitir que o host 192.168.56.1 acesse o firewall usando o SSH:
iptables -A INPUT -s 192.168.56.1 -p tcp –dport 22 -j ACCEPT

### Para bloquear todo o tráfego entrando no firewall:
iptables -A INPUT -j DROP

## Exemplo de bloqueio de tráfego de um host local para um servidor de LDAP:
iptables -A OUTPUT -d 10.161.1.14 -p tcp –dport 389 -j DROP

### Libera a port UDP/53 para o trafego de DNS:
# INTLAN é uma variável definida anteriormente como Interface da Rede Local
# INTEXT é uma variável definida anteriormente como Interface Externa
iptables -A FORWARD -i $INTLAN -s 10.161.1.0/16 -d 10.10.10.10 -p udp –dport 53 -j ACCEPT
iptables -A FORWARD -i $INTEXT -s 10.10.10.10 -p udp –sport 53 -j ACCEPT

### Para inserir a regra a abaixo na primeira linha:
iptables -I INPUT 1 -m state –state RELATED,ESTABLISHED -j ACCEPT

## Regras de acesso a um servidor de SSH na própria máquina:
iptables -t filter -A INPUT -i eth0 -s 10.10.10.212 -p tcp –dport 22 -j ACCEPT
iptables -t filter -A OUTPUT -o eth0 -m state –state ESTABLISHED -j ACCEPT

### Para apagar a primeira regra da chain INPUT:
iptables -D INPUT 1

|##########^ Vários Exemplos de Regras no iptables ###########################|

###############################################################################
# Criando Regras de Firewall Liberando o Acesso ao FTP:
###############################################################################
>FTP

===============================================================================
Geral (Aproveitando Regras Existentes):
===============================================================================

(Fonte: http://www.dicas-l.com.br/dicas-l/20060322.php)
(Fonte: http://www.guiadohardware.net/comunidade/v-t/924032/)
(Fonte: http://www.cyberciti.biz/faq/iptables-passive-ftp-is-not-working/)

### Carregar os módulos necessários:
modprobe -v ip_conntrack
modprobe -v ip_conntrack_ftp
modprobe -v ip_nat_ftp

### Libera as conexoes estabelecidas e relacionadas:
iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT

### Libera conexões novas, estabelecidas e relacionadas na porta TCP/21:
## -i eth0 – é a interface interna;
iptables -A FORWARD -i eth0 -p tcp –dport 21 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT

|==========^ Geral (Aproveitando Regras Existentes) ==========================|

|<<<<<<<<<<<<<< #### Criando Regras de Firewall Liberando o Acesso ao FTP ####

===============================================================================
Regras Específicas para o FTP (Somente Linhas para o FTP):
===============================================================================

### Carregar os módulos necessários:
modprobe -v ip_conntrack
modprobe -v ip_conntrack_ftp
modprobe -v ip_nat_ftp

### Libera conexoes novas, estabelecidas e relacionadas na porta TCP/21:
## -i eth0 – é a interface interna;
iptables -A FORWARD -i eth0 -p tcp –dport 21 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT

### Permite o retorno das conexoes FTP TCP/21 pela interface externa
### eth1 (-i eth1):
iptables -A FORWARD -i eth1 -p tcp –sport 21 -m state –state ESTABLISHED, RELATED -j ACCEPT

#### Para habilitar o trafego para o FTP Passivo
### Libera conexoes estabelecidas e relacionadas com portas origens maiores
### que 1024 com portas destinos maires que 1024:
## OBS.: somente conexoes ESTABELECIDAS e RELACIONAS passam por esta regra
## conexoes NOVAS nao passam;
iptables -A FORWARD -p tcp –sport 1024: –dport 1024: -m state –state ESTABLISHED,RELATED -j ACCEPT

#### Para habilitar o trafego para o FTP Ativo
### Libera conexoes estabelecidas e relacionadas como porta origem FTP-DATA TCP/20
iptables -A FORWARD -p tcp –sport 20 -m state –state ESTABLISHED,RELATED -j ACCEPT

|==========^ Geral Regras Específicas para o FTP (Somente Linhas para o FTP)==|

|<<<<<<<<<<<<<< #### Criando Regras de Firewall Liberando o Acesso ao FTP ####

|##########^ Criando Regras de Firewall Liberando o Acesso ao FTP ############|

###############################################################################
# Gentoo – iptables com Características Especiais:
###############################################################################
>Gentoo
>iptables

cat /var/lib/iptables/rules-save

|##########^ iptables com Características Especiais ##########################|

###############################################################################
# iptables-save:
###############################################################################
>iptables-save

Tags: entendendo o arquivo rules-save

#### Descrição: (Description)
- Salva as regras do firewall;

(Fonte: http://fixunix.com/redhat/139093-iptables-file-format.html)
#### Formato do arquivo salvo pelo comando:
*filter
:INPUT DROP [6:1406]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [198:27624]
[5:100] -A INPUT -i lo -j ACCEPT

:INPUT DROP —> é a chain INPUT
*filter —> é a tabela filter
[5:100] —> Significa que a regra recebeu 5 pacotes, totalizando 100 bytes

|##########^ iptables-save ###################################################|

###############################################################################
# Itens Relacionados:
###############################################################################
>Itens Relacionados

fwbuilder (Firewall Builder ) – (http://www.fwbuilder.org/)

|##########^ Itens Relacionados ##############################################|

###############################################################################
# Referências:
###############################################################################
>Referências

Linux 2.4 stateful firewall design:

http://www.gentoo.org/doc/en/articles/linux-24-stateful-fw-design.xml

|<<<<<<<<<<<<<< #### Referências ####

http://www.gentoo.org/doc/pt_br/security/shb-firewalls.xml

## 7.3 Filtering Specifications:

http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-7.html#ss7.3

## Saying How To Mangle The Packets:

http://netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html

|<<<<<<<<<<<<<< #### Referências ####
Balanceamento de links – Iptables e Iproute2:

http://www.gulbf.com.br/?q=node/26

3.8.5.2. Prerouting (Pré-roteamento):

http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/pt-BR/Deployment_Guide/prerouting.html

Limitando o tráfego P2P com Layer7 e Connlimit:

http://linuxadm.blogspot.com/2007/05/limitando-o-trfego-p2p-com-layer7-e.html

Guia Foca GNU/Linux – Capítulo 10 – Firewall iptables

http://focalinux.cipsga.org.br/guia/avancado/ch-fw-iptables.html#s-fw-iptables-nat

Saying How To Mangle The Packets – Source NAT – Destination NAT:

http://netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html

|<<<<<<<<<<<<<< #### Referências ####

VER:

http://www.vivaolinux.com.br/topico/Squid-Iptables/FTP-pelo-firewall

http://www.gdhpress.com.br/redeseservidores/leia/index.php?p=cap11-6

http://www.linuxquestions.org/blog/alinux-81180/2006/2/12/failover-script-for-connection-back-up-182/

http://eng.registro.br/pipermail/gter/2006-July/011043.html

http://lartc.org/howto/lartc.rpdb.multiple-links.html

http://jaccon.com.br/2004/10/fazendo-redirecionamento-de-portas-com-dnat/

http://www.vivenciaemtecnologia.com/nat-dnat-pat-usas-definicoes/

http://under-linux.org/f80956-redirecionamento-de-portas-no-iptables

iptables -t nat -A PREROUTING -p tcp -d 20.0.0.73 –dport 1521 -j DNAT –to 10.0.0.4
iptables -t nat -A POSTROUTING -p tcp -s 10.0.0.4 –sport 1521 -j SNAT –to 20.0.0.73

iptables -t nat -A PREROUTING -p tcp –dport 1234 -j DNAT –to-destination :5678

|##########^ Referências #####################################################|

###############################################################################
# Scripts de Exemplos:
###############################################################################

cat /etc/rc.d/Liberados |cut -d “#” -f1 | while read IP; do
$fw -t nat -A PREROUTING -s $IP -j RETURN
$fw -A FORWARD -s $IP -j ACCEPT
$fw -t nat -A POSTROUTING -s $IP -j MASQUERADE
$fw -t mangle -A PREROUTING -s $IP -j RETURN
done

echo Destinos Totalmente Liberados …. [OK]
cat /etc/rc.d/destlib|cut -d “#” -f1 | while read destliberado; do
$fw -t nat -A PREROUTING -d $destliberado -j RETURN
$fw -A FORWARD -d $destliberado -j ACCEPT
$fw -t nat -A POSTROUTING -d $destliberado -j MASQUERADE
$fw -t mangle -A PREROUTING -d $destliberado -j RETURN
done

|##########^ Scripts de Exemplos #############################################|

###############################################################################
# Análises de Redes:
###############################################################################
>
>

Análise de tráfego
===============================================================================
Exemplo de autenticação OpenLDAP:
===============================================================================

Autenticação de um cliente Linux em um servidor OpenLDAP:

10.10.10.204 – Cliente
10.161.1.14 – Servidor

tcpdump -nnn -vvv -i eth0 host 10.161.1.14

07:29:06.506364 IP (tos 0×0, ttl 64, id 43963, offset 0, flags [DF], proto: TCP (6), length: 60) 10.10.10.204.4809 > 10.161.1.14.389: S, cksum 0xf08d (correct), 3361947571:3361947571(0) win 5840 <mss 1460,sackOK,timestamp 903582728 0,nop,wscale 2>
07:29:06.507312 IP (tos 0×0, ttl 62, id 0, offset 0, flags [DF], proto: TCP (6), length: 60) 10.161.1.14.389 > 10.10.10.204.4809: S, cksum 0x74f3 (correct), 4218829593:4218829593(0) ack 3361947572 win 5792 <mss 1460,sackOK,timestamp 1746525451 903582728,nop,wscale 6>
07:29:06.507338 IP (tos 0×0, ttl 64, id 43964, offset 0, flags [DF], proto: TCP (6), length: 52) 10.10.10.204.4809 > 10.161.1.14.389: ., cksum 0xb4aa (correct), 1:1(0) ack 1 win 1460 <nop,nop,timestamp 903582728 1746525451>
07:29:06.507427 IP (tos 0×0, ttl 64, id 43965, offset 0, flags [DF], proto: TCP (6), length: 66) 10.10.10.204.4809 > 10.161.1.14.389: P, cksum 0xf521 (correct), 1:15(14) ack 1 win 1460 <nop,nop,timestamp 903582728 1746525451>
07:29:06.508131 IP (tos 0×0, ttl 62, id 10119, offset 0, flags [DF], proto: TCP (6), length: 52) 10.161.1.14.389 > 10.10.10.204.4809: ., cksum 0xb9f5 (correct), 1:1(0) ack 15 win 91 <nop,nop,timestamp 1746525451 903582728>
07:29:06.508938 IP (tos 0×0, ttl 62, id 10120, offset 0, flags [DF], proto: TCP (6), length: 66) 10.161.1.14.389 > 10.10.10.204.4809: P, cksum 0×7666 (correct), 1:15(14) ack 15 win 91 <nop,nop,timestamp 1746525452 903582728>
07:29:06.508946 IP (tos 0×0, ttl 64, id 43966, offset 0, flags [DF], proto: TCP (6), length: 52) 10.10.10.204.4809 > 10.161.1.14.389: ., cksum 0xb48d (correct), 15:15(0) ack 15 win 1460 <nop,nop,timestamp 903582728 1746525452>
07:29:06.509062 IP (tos 0×0, ttl 64, id 43967, offset 0, flags [DF], proto: TCP (6), length: 181) 10.10.10.204.4809 > 10.161.1.14.389: P 15:144(129) ack 15 win 1460 <nop,nop,timestamp 903582728 1746525452>
07:29:06.510341 IP (tos 0×0, ttl 62, id 10121, offset 0, flags [DF], proto: TCP (6), length: 1015) 10.161.1.14.389 > 10.10.10.204.4809: P 15:978(963) ack 144 win 108 <nop,nop,timestamp 1746525452 903582728>
07:29:06.510436 IP (tos 0×0, ttl 62, id 10122, offset 0, flags [DF], proto: TCP (6), length: 66) 10.161.1.14.389 > 10.10.10.204.4809: P, cksum 0x70ff (correct), 978:992(14) ack 144 win 108 <nop,nop,timestamp 1746525452 903582728>
07:29:06.510442 IP (tos 0×0, ttl 64, id 43968, offset 0, flags [DF], proto: TCP (6), length: 52) 10.10.10.204.4809 > 10.161.1.14.389: ., cksum 0xae58 (correct), 144:144(0) ack 992 win 1942 <nop,nop,timestamp 903582729 1746525452>
07:29:06.510662 IP (tos 0×0, ttl 64, id 43969, offset 0, flags [DF], proto: TCP (6), length: 172) 10.10.10.204.4809 > 10.161.1.14.389: P 144:264(120) ack 992 win 1942 <nop,nop,timestamp 903582729 1746525452>
07:29:06.511764 IP (tos 0×0, ttl 62, id 10123, offset 0, flags [DF], proto: TCP (6), length: 66) 10.161.1.14.389 > 10.10.10.204.4809: P, cksum 0x6f7c (correct), 992:1006(14) ack 264 win 108 <nop,nop,timestamp 1746525452 903582729>
07:29:06.511810 IP (tos 0×0, ttl 64, id 43970, offset 0, flags [DF], proto: TCP (6), length: 66) 10.10.10.204.4809 > 10.161.1.14.389: P, cksum 0xeb49 (correct), 264:278(14) ack 1006 win 1942 <nop,nop,timestamp 903582729 1746525452>
07:29:06.512300 IP (tos 0×0, ttl 62, id 10124, offset 0, flags [DF], proto: TCP (6), length: 66) 10.161.1.14.389 > 10.10.10.204.4809: P, cksum 0x6e60 (correct), 1006:1020(14) ack 278 win 108 <nop,nop,timestamp 1746525452 903582729>
07:29:06.514669 IP (tos 0×0, ttl 64, id 11607, offset 0, flags [DF], proto: TCP (6), length: 60) 10.10.10.204.4810 > 10.161.1.14.389: S, cksum 0x772c (correct), 3356997981:3356997981(0) win 5840 <mss 1460,sackOK,timestamp 903582730 0,nop,wscale 2>
07:29:06.515669 IP (tos 0×0, ttl 62, id 0, offset 0, flags [DF], proto: TCP (6), length: 60) 10.161.1.14.389 > 10.10.10.204.4810: S, cksum 0x8e3d (correct), 3617377349:3617377349(0) ack 3356997982 win 5792 <mss 1460,sackOK,timestamp 1746525453 903582730,nop,wscale 6>
07:29:06.515679 IP (tos 0×0, ttl 64, id 11608, offset 0, flags [DF], proto: TCP (6), length: 52) 10.10.10.204.4810 > 10.161.1.14.389: ., cksum 0xcdf4 (correct), 1:1(0) ack 1 win 1460 <nop,nop,timestamp 903582730 1746525453>
07:29:06.515747 IP (tos 0×0, ttl 64, id 11609, offset 0, flags [DF], proto: TCP (6), length: 66) 10.10.10.204.4810 > 10.161.1.14.389: P, cksum 0x0e6c (correct), 1:15(14) ack 1 win 1460 <nop,nop,timestamp 903582730 1746525453>
07:29:06.517738 IP (tos 0×0, ttl 62, id 26129, offset 0, flags [DF], proto: TCP (6), length: 52) 10.161.1.14.389 > 10.10.10.204.4810: ., cksum 0xd33e (correct), 1:1(0) ack 15 win 91 <nop,nop,timestamp 1746525454 903582730>
07:29:06.518561 IP (tos 0×0, ttl 62, id 26130, offset 0, flags [DF], proto: TCP (6), length: 66) 10.161.1.14.389 > 10.10.10.204.4810: P, cksum 0x8fb0 (correct), 1:15(14) ack 15 win 91 <nop,nop,timestamp 1746525454 903582730>
07:29:06.518569 IP (tos 0×0, ttl 64, id 11610, offset 0, flags [DF], proto: TCP (6), length: 52) 10.10.10.204.4810 > 10.161.1.14.389: ., cksum 0xcdd6 (correct), 15:15(0) ack 15 win 1460 <nop,nop,timestamp 903582731 1746525454>
07:29:06.518692 IP (tos 0×0, ttl 64, id 11611, offset 0, flags [DF], proto: TCP (6), length: 271) 10.10.10.204.4810 > 10.161.1.14.389: P 15:234(219) ack 15 win 1460 <nop,nop,timestamp 903582731 1746525454>
07:29:06.519898 IP (tos 0×0, ttl 62, id 26131, offset 0, flags [DF], proto: TCP (6), length: 154) 10.161.1.14.389 > 10.10.10.204.4810: P 15:117(102) ack 234 win 108 <nop,nop,timestamp 1746525454 903582731>
07:29:06.520047 IP (tos 0×0, ttl 62, id 26132, offset 0, flags [DF], proto: TCP (6), length: 66) 10.161.1.14.389 > 10.10.10.204.4810: P, cksum 0x8d4b (correct), 117:131(14) ack 234 win 108 <nop,nop,timestamp 1746525454 903582731>
07:29:06.549370 IP (tos 0×0, ttl 64, id 43971, offset 0, flags [DF], proto: TCP (6), length: 52) 10.10.10.204.4809 > 10.161.1.14.389: ., cksum 0xadac (correct), 278:278(0) ack 1020 win 1942 <nop,nop,timestamp 903582739 1746525452>
07:29:06.557388 IP (tos 0×0, ttl 64, id 11612, offset 0, flags [DF], proto: TCP (6), length: 52) 10.10.10.204.4810 > 10.161.1.14.389: ., cksum 0xcc7d (correct), 234:234(0) ack 131 win 1460 <nop,nop,timestamp 903582741 1746525454>

27 packets captured
29 packets received by filter
0 packets dropped by kernel

|==========^ Exemplo de autenticação OpenLDAP ================================|

|##########^ Scripts de Exemplos #############################################|

Gostar disso:

Seja o primeiro a gostar disso página.

Comentários (0) Trackbacks (0) Deixe um comentário Trackback

Nenhum comentário ainda.

Nenhum trackbacks ainda.

Deixe uma resposta Cancelar resposta

Escreva o seu comentário aqui...

Preencha os seus dados abaixo ou clique em um ícone para log in:

Email (obrigatório) (Address never made public)

Nome (obrigatório)

Site

You are commenting using your WordPress.com account. ( Sair / Alterar )

You are commenting using your Twitter account. ( Sair / Alterar )

You are commenting using your Facebook account. ( Sair / Alterar )

Cancelar

Connecting to %s

Memo Virtual