vasmarinho

Prezados, Sou iniciante em desenvolvimento em C, tendo minha base de conhecimento em infra estrutura e administracao de servidores (Linux, AS400, HP-UX) Gostaria das opinioes de voces a respeito do tópico. Hoje, é viavel desenvolver aplicacoes comerciais em C ou C++ ou C#? Imaginei desenvolver algo nessas linguagens visto que acredito que o desempenho da aplicacao seria melhor (Aplicacoes para ambiente Windows acessando Base de Dados) Outro detalhe é: Qual seria a IDE mais indicada para esse tipo de desenvolvimento? Vi algo sobre a Dev C++, no entanto não vi como criar as "janelas" como existia no Visual Studio para quem programou com VB. Existe alguma IDE que tenha isso para o C++? Li tambem alguns topicos sobre o Borland C++ Builder e o Visual Studio C++, mas ainda não consegui baixar para ver como funciona. Bom, fico na expectativa de suas opiniões a respeito do tópico e de qualquer outra informacao que possa ser util para quem esta iniciando nessa area. Abraco a todos Vitor

Prezados amigos, estou com o seguinte problema. No meu firewall se eu boto a seguinte regra: iptables -A FORWARD -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT a internet funciona normalmente pelo proxy. No entanto, todos os meus usuarios conseguem navegar sem usar proxy. Quando eu boto um DROP no FORWARD, todos param de navegar, inclusive pelo proxy. O que preciso e que todos naveguem, porem, somente passando pelo proxy. Estou anexando a minha regra do iptables pra ver se alguém tem alguma dica. Qualquer ajuda e bem vinda. Abraco Vitor RULES.SH #!/bin/bash . /etc/firewall/functions.sh INT_IF="eth1" EXT_IF="eth0" DMZ_IF1="eth2" FWIP_INT=`get_ip_int $INT_IF` FWIP_EXT1=`get_ip_int $EXT_IF` FWIP_DMZ1=`get_ip_int $DMZ_IF1` #REDE_INTERNA=`get_network $INT_IF` #REDE_DMZ=`get_network $DMZ_IF1` REDE_INTERNA="10.0.0.0/25" REDE_DMZ="50.0.0.0/24" #Don't respond to broadcast pings echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts #Enable forwarding echo 1 >/proc/sys/net/ipv4/ip_forward #Block source routing echo 0 >/proc/sys/net/ipv4/conf/all/accept_source_route #Kill timestamps. These have been the subject of a recent bugtraq thread echo 0 > /proc/sys/net/ipv4/tcp_timestamps #Kill redirects echo 0 >/proc/sys/net/ipv4/conf/all/accept_redirects #Enable bad error message protection echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses #Allow dynamic ip addresses echo "1" > /proc/sys/net/ipv4/ip_dynaddr # Disable ICMP redirects for IPSEC echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects echo 0 > /proc/sys/net/ipv4/conf/eth2/send_redirects echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects echo 0 > /proc/sys/net/ipv4/conf/lo/send_redirects echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects echo 0 > /proc/sys/net/ipv4/conf/eth1/accept_redirects echo 0 > /proc/sys/net/ipv4/conf/eth2/accept_redirects echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects echo 0 > /proc/sys/net/ipv4/conf/default/accept_redirects echo 0 > /proc/sys/net/ipv4/conf/lo/accept_redirects if [ "$1" == "stop" ]; then stop_fw stop exit 0 elif [ "$1" == "clean" ]; then stop_fw stop exit 0 else stop_fw stop load_modules fi iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP # INICIO das Regras de INPUT (Destinadas ao FW) # Aceita conexoes estabilizadas, originadas do firewall iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT #Redireciona conexao para Go-Global iptables -t nat -A PREROUTING -d $FWIP_EXT1 -p tcp -m state --state NEW --dport 8087 -j DNAT --to-destination 10.0.0.60 iptables -t nat -A PREROUTING -d $FWIP_EXT1 -p tcp -m state --state NEW --dport 491 -j DNAT --to-destination 10.0.0.60 iptables -A FORWARD -p tcp -m state --state NEW -d 10.0.0.60 -m multiport --dport 491,8087 -j ACCEPT # Libera acesso SSH vindo da xxxx destinado ao firewall #iptables -A INPUT -p tcp -s x.x.x.x -i $EXT_IF -m state --state NEW --dport 22 -j ACCEPT # Libera acesso de SP para o RJ iptables -A INPUT -s x.x.x.x -j ACCEPT iptables -A OUTPUT -s x.x.x.x -j ACCEPT # Libera SSH vindo da rede interna destinado ao firewall iptables -A INPUT -p tcp -s $REDE_INTERNA -i $INT_IF -m state --state NEW --dport 22 -j ACCEPT # Libera SSH para Internet iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT #Libera FTP iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Libera acesso ao Proxy iptables -A INPUT -p tcp -s $REDE_INTERNA -i $INT_IF -m state --state NEW --dport 3128 -j ACCEPT # Libera VPN(IPSEC) para o Firewall iptables -A INPUT -p icmp -i ipsec0 -j ACCEPT iptables -A INPUT -s x.x.x.x -i $EXT_IF -p tcp --dport 500 -j ACCEPT iptables -A INPUT -s x.x.x.x -i $EXT_IF -p udp --dport 500 -j ACCEPT iptables -A INPUT -s x.x.x.x -i $EXT_IF -p 50 -j ACCEPT # Libera VPN(IPSEC) SP para o Firewall iptables -A INPUT -p icmp -i ipsec0 -j ACCEPT iptables -A INPUT -s x.x.x.x -i $EXT_IF -p tcp --dport 500 -j ACCEPT iptables -A INPUT -s x.x.x.x -i $EXT_IF -p udp --dport 500 -j ACCEPT iptables -A INPUT -s x.x.x.x -i $EXT_IF -p 50 -j ACCEPT # Libera trafego VPN xxxx iptables -A FORWARD -s $REDE_INTERNA -d 10.0.0.0/8 -j ACCEPT iptables -A FORWARD -d $REDE_INTERNA -s 10.0.0.0/8 -j ACCEPT # Permite toda a rede interna acessar FTP,SSH,TS,SMTP,POP3,AIM,IPSEC na internet #iptables -A FORWARD -s $REDE_INTERNA -p tcp -i $INT_IF -m state --state NEW -m multiport --dport 20,21,22,25,110,119,443,1111,1723,3389,4343,5190,8080,32768,32769 -j ACCEPT iptables -A FORWARD -s $REDE_INTERNA -p tcp -i $INT_IF -m state --state NEW -m multiport --dport 20,21,22,25,110,119,443,809 -j ACCEPT iptables -A FORWARD -s $REDE_INTERNA -p tcp -i $INT_IF -m state --state NEW -m multiport --dport 1111,1723,3389,4343,5190,8080,32768,32769 -j ACCEPT #iptables -A FORWARD -s $REDE_INTERNA -p udp -i $INT_IF -m state --state NEW -m multiport --dport 20,21,22,25,110,500,1111,3389,4343,4500,5190,8080 -j ACCEPT iptables -A FORWARD -s $REDE_INTERNA -p udp -i $INT_IF -m state --state NEW -m multiport --dport 20,21,22,25,110,500,809,1111 -j ACCEPT iptables -A FORWARD -s $REDE_INTERNA -p udp -i $INT_IF -m state --state NEW -m multiport --dport 3389,4343,4500,5190,8080 -j ACCEPT iptables -A FORWARD -s $REDE_INTERNA -p 50 -i $INT_IF -m state --state NEW -j ACCEPT iptables -A FORWARD -s $REDE_INTERNA -p 51 -i $INT_IF -m state --state NEW -j ACCEPT iptables -A FORWARD -s $REDE_INTERNA -i $INT_IF -m state --state NEW -d x.x.x.x -j ACCEPT # Libera acesso a VPN da xxx iptables -A FORWARD -s $REDE_INTERNA -p tcp -i $INT_IF -m state --state NEW -d x.x.x.x -j ACCEPT # Permite toda a rede interna pingar para fora iptables -A FORWARD -p icmp -s $REDE_INTERNA -i $INT_IF -m icmp --icmp-type echo-request -j ACCEPT # Permite Servidor na DMZ Acessar Oracle Interno # change iptables -A FORWARD -s 50.0.0.7 -p tcp -i $DMZ_IF1 -m state --state NEW --dport 1024:65535 -j ACCEPT iptables -A FORWARD -s 50.0.0.8 -p tcp -i $DMZ_IF1 -m state --state NEW --dport 1024:65535 -j ACCEPT # Servidor DNS INTERNO 1(AD) e 2(FS) Acessa DNS iptables -A FORWARD -s 10.0.0.110 -p udp -i $INT_IF -m state --state NEW --dport 53 -j ACCEPT iptables -A FORWARD -s 10.0.0.110 -p tcp -i $INT_IF -m state --state NEW --dport 53 -j ACCEPT # liberando acesso para ao Servidor Data Center iptables -A FORWARD -d x.x.x.x -j ACCEPT # Servidor AD Acessa xxx iptables -A FORWARD -s 10.0.0.110 -p udp -i $INT_IF -m state --state NEW --dport 123 -j ACCEPT # Executa NAT para rede interna acessar os protocolos discriminados anteriormente iptables -t nat -A POSTROUTING -s $REDE_INTERNA -o $EXT_IF ! -d 10.0.0.138/25 -j SNAT --to $FWIP_EXT1 iptables -t nat -A POSTROUTING -s $REDE_DMZ -o $EXT_IF ! -d 10.0.0.138/25 -j SNAT --to $FWIP_EXT1 # Inicios das regras de PREROUTING (redirecionamentos) # Acesso aos servidores CITRIX na DMZ # Servidor 1 (Inclui Tomcat) #iptables -t nat -A PREROUTING -d $FWIP_EXT1 -p tcp -m state --state NEW --dport 8084 -j DNAT --to-destination 50.0.0.6 iptables -t nat -A PREROUTING -d $FWIP_EXT1 -p tcp -m state --state NEW --dport 1494 -j DNAT --to-destination 50.0.0.6 iptables -t nat -A PREROUTING -d $FWIP_EXT1 -p tcp -m state --state NEW --dport 8080 -j DNAT --to-destination 50.0.0.6 iptables -t nat -A PREROUTING -d $FWIP_EXT1 -p tcp -m state --state NEW --dport 80 -j DNAT --to-destination 50.0.0.7 iptables -t nat -A PREROUTING -d $FWIP_INT -p tcp -m state --state NEW --dport 80 -j DNAT --to-destination 50.0.0.7 #iptables -A FORWARD -p tcp -m state --state NEW -d 50.0.0.6 -m multiport --dport 1494,1495,8084,8080 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -d 50.0.0.6 --dport 100:8100 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -d 50.0.0.7 --dport 80:8100 -j ACCEPT # Servidor 2 #iptables -t nat -A PREROUTING -d $FWIP_EXT1 -p tcp -m state --state NEW --dport 8088 -j DNAT --to-destination 10.0.0.8 #iptables -t nat -A PREROUTING -d $FWIP_EXT1 -p tcp -m state --state NEW --dport 1495 -j DNAT --to-destination 10.0.0.8 #iptables -t nat -A PREROUTING -d $FWIP_EXT1 -p tcp -m state --state NEW --dport 8084 -j DNAT --to-destination 10.0.0.8 #iptables -A FORWARD -p tcp -m state --state NEW -d 10.0.0.8 -m multiport --dport 1495,8088 -j ACCEPT iptables -t nat -A PREROUTING -d $FWIP_EXT1 -p tcp -m state --state NEW --dport 8088 -j DNAT --to-destination 10.0.0.156 iptables -t nat -A PREROUTING -d $FWIP_EXT1 -p tcp -m state --state NEW --dport 1495 -j DNAT --to-destination 10.0.0.156 iptables -t nat -A PREROUTING -d $FWIP_EXT1 -p tcp -m state --state NEW --dport 8084 -j DNAT --to-destination 10.0.0.156 iptables -A FORWARD -p tcp -m state --state NEW -d 10.0.0.156 -m multiport --dport 1495,8088 -j ACCEPT functions.sh get_ip_int() { ifconfig | grep "^$1" -A1 | grep "inet" | cut -d: -f2 | cut -d\ -f1 | head -n 1 } get_network(){ for INTERFACE in $1; do STROKE="0" MASK=`ifconfig | grep "^$INTERFACE\ " -A1 | awk '{ gsub(/\ /,"\n"); print }' | grep "Mask" | cut -d: -f2` for OCTET in 1 2 3 4; do BINARY=`echo "$MASK" | cut -d. -f$OCTET` for SUBTRACT in 128 64 32 16 8 4 2 1; do if [ "$((BINARY - SUBTRACT))" -ge "0" ]; then BINARY=$((BINARY - SUBTRACT)) STROKE=$((STROKE + 1)) fi done done ADDRESS=`ifconfig | grep "^$INTERFACE\ " -A1 | grep "inet" | cut -d: -f2 | cut -d\ -f1 | head -n 1` INTERNAL_ADDRESSES="$INTERNAL_ADDRESSES $ADDRESS" INTERNAL_NETWORKS="$INTERNAL_NETWORKS $ADDRESS/$STROKE" done INTERNAL_ADDRESSES=`echo $INTERNAL_ADDRESSES` echo $INTERNAL_NETWORKS } stop_fw(){ iptables -t filter -F > /dev/null 2>&1 iptables -t filter -X > /dev/null 2>&1 iptables -t nat -F > /dev/null 2>&1 iptables -t nat -X > /dev/null 2>&1 iptables -t mangle -F > /dev/null 2>&1 iptables -t mangle -X > /dev/null 2>&1 iptables -t filter -P INPUT ACCEPT > /dev/null 2>&1 iptables -t filter -P OUTPUT ACCEPT > /dev/null 2>&1 iptables -t filter -P FORWARD ACCEPT > /dev/null 2>&1 iptables -t nat -P PREROUTING ACCEPT > /dev/null 2>&1 iptables -t nat -P POSTROUTING ACCEPT > /dev/null 2>&1 iptables -t nat -P OUTPUT ACCEPT > /dev/null 2>&1 iptables -t mangle -P POSTROUTING ACCEPT > /dev/null 2>&1 iptables -t mangle -P OUTPUT ACCEPT > /dev/null 2>&1 iptables -t mangle -P PREROUTING ACCEPT > /dev/null 2>&1 iptables -t mangle -P INPUT ACCEPT > /dev/null 2>&1 iptables -t mangle -P FORWARD ACCEPT > /dev/null 2>&1 if !(( `which modprobe 2>&1 | grep -c "which: no modprobe in"` )) && [ -a "/proc/modules" ]; then for MODULE in ipt_TTL iptable_mangle xt_mark ipt_MARK ipt_MASQUERADE \ ip_nat_irc ip_nat_ftp ipt_LOG ipt_limit ipt_REJECT \ ip_conntrack_irc ip_conntrack_ftp xt_state iptable_nat \ iptable_filter ip_tables nf_conntrack_pptp nf_nat_pptp ipt_layer7 \ xt_tcpudp xt_multiport ip_set_ipmap ipt_SET ip_set_nethash ip_set_portmap \ ip_set_ipporthash ip_set_macipmap ipt_set ip_set ip_set_iphash ip_set_iptree; do if (( `lsmod | grep -c "$MODULE"` )); then rmmod $MODULE > /dev/null 2>&1 fi done fi } load_modules(){ for MODULE in ipt_TTL iptable_mangle xt_mark ipt_MARK ipt_MASQUERADE \ ip_nat_irc ip_nat_ftp ipt_LOG ipt_limit ipt_REJECT \ ip_conntrack_irc ip_conntrack_ftp xt_state iptable_nat \ iptable_filter ip_tables nf_conntrack_pptp nf_nat_pptp ipt_layer7 \ xt_tcpudp xt_multiport ip_set_ipmap ipt_SET ip_set_nethash ip_set_portmap \ ip_set_ipporthash ip_set_macipmap ipt_set ip_set ip_set_iphash ip_set_iptree; do modprobe $MODULE > /dev/null 2>&1 done } exit_failure() { echo " [ FAILED ]" echo "-> FATAL: $FAILURE" 1>&2 if [ "$1" != "check" ]; then echo "-> Firewall configuration aborted." 1>&2 fi exit 1 } firewall.sh #!/bin/bash case "$1" in start) echo -n "Applying Firewall rules..." /etc/firewall/rules.sh echo "OK" ;; stop) echo -n "Disabling Firewall..." /etc/firewall/rules.sh stop echo "OK" ;; clean) echo -n "Cleaning Firewall rules..." /etc/firewall/rules.sh stop echo "OK" ;; restart | reload) echo -n "Restarting Firewall rules..." /etc/firewall/rules.sh stop sleep 1 /etc/firewall/rules.sh echo "OK" ;; *) echo "Usage: `basename $0` {start|stop|clean|restart|reload}" exit 1 esac exit 0