Re: Consulta sobre mi bridge con shorewall...! Por favor..!

To: German Jimenez Leal <gjimenezl@villagroup.com>
Cc: debian-user-es <debian-user-spanish@lists.debian.org>
Subject: Re: Consulta sobre mi bridge con shorewall...! Por favor..!
From: Antonio Trujillo Carmona <trujo@dti2.net>
Date: Mon, 08 May 2006 19:11:53 +0200
Message-id: <[🔎] 1147108313.8314.15.camel@abajo>
In-reply-to: <012a01c672b3$87d259e0$0b40a8c0@gjimenez>
References: <012a01c672b3$87d259e0$0b40a8c0@gjimenez>
El lun, 08-05-2006 a las 10:24 -0500, German Jimenez Leal escribió:
> Hola buenos dias, mi nombre es German Jimenez Leal soy de México. 
> Espero te encuentres bien en salud…!
> 
> Sabes mi intención es ver si me puedes ayudar con mi Bridge
> +Firewall(shorewall). 
> Instale y configure mi bridge como sigue:
> 
> Cree mi Bridge llamado: vdpf0 a este le asigne una IP, Netmask,
> gateway. 
> Las tarjetas eth0 y eth1 entran en modo promiscuo y pierden sus ips
> osea no tienen IP asignada.
> 
> Deje corriendo mi puente por unos dos meses y todo bien. 
> Instalo Shorewall y creo las zonas, politicas, hosts, rules. 
> Finalmente: service shorewall restart y me manda un error de FALLO. 
> El resultado es el siguiente:
> 
> [root@localhost network-scripts]# service network reload 
> Interrupción de la interfaz eth0:                          [  OK  ] 
> Interrupción de la interfaz eth1:                          [  OK  ] 
> Interrupción de la interfaz vdpf0:                         [  OK  ] 
> Interrupción de la interfaz de loopback:                   [  OK  ] 
> Deshabilitando el reenvio de paquetes IPv4:                [  OK  ] 
> Configurando parámetros de red:                            [  OK  ] 
> Activación de la interfaz de loopback:                     [  OK  ] 
> Activando interfaz vdpf0:                                  [  OK  ] 
> Activando interfaz eth0:                                   [  OK  ] 
> Activando interfaz eth1:                                   [  OK  ] 
> [root@localhost network-scripts]# tail -80 /var/log/messages 
> May  7 16:02:22 localhost shorewall: ..End Macro 
> May  7 16:02:22 localhost shorewall:
> Processing /etc/shorewall/policy... 
> May  7 16:02:22 localhost shorewall:    Policy DROP for net to fw
> using chain net2all 
> May  7 16:02:22 localhost shorewall:    Policy ACCEPT for loc to net
> using chain loc2net 
> May  7 16:02:22 localhost shorewall: Masqueraded Networks and Hosts: 
> May  7 16:02:22 localhost shorewall: Processing /etc/shorewall/tos... 
> May  7 16:02:22 localhost shorewall: Processing /etc/shorewall/ecn... 
> May  7 16:02:22 localhost shorewall: Setting up Traffic Control
> Rules... 
> May  7 16:02:22 localhost shorewall:
> Validating /etc/shorewall/tcdevices... 
> May  7 16:02:22 localhost shorewall:
> Validating /etc/shorewall/tcclasses... 
> May  7 16:02:22 localhost shorewall: Activating Rules... 
> May  7 16:02:22 localhost shorewall: iptables v1.2.11: host/network
> `eth0' not found 
> May  7 16:02:22 localhost shorewall: Try `iptables -h' or 'iptables
> --help' for more information. 
> May  7 16:02:22 localhost shorewall:    ERROR: Command "/sbin/iptables
> -A OUTPUT -o vdpf0 -d eth0 -j all2all" Failed 
> May  7 16:02:22 localhost shorewall:
> Processing /etc/shorewall/stop ... 
> May  7 16:02:22 localhost shorewall: IP Forwarding Enabled 
> May  7 16:02:22 localhost shorewall:
> Processing /etc/shorewall/stopped ... 
> May  7 16:02:22 localhost root: Shorewall Stopped 
> May  7 16:02:22 localhost shorewall: Iniciación de shorewall failed 
> May  7 16:45:27 localhost kernel: usb 1-6: new high speed USB device
> using address 10 
> May  7 16:45:27 localhost kernel: scsi8 : SCSI emulation for USB Mass
> Storage devices 
> May  7 16:45:27 localhost kernel:   Vendor: JetFlash  Model:
> TS256MJF2B        Rev: 2.00 
> May  7 16:45:27 localhost kernel:   Type:   Direct-Access
> ANSI SCSI revision: 02 
> May  7 16:45:27 localhost kernel: sda: Unit Not Ready, sense: 
> May  7 16:45:27 localhost kernel: Current : sense key Unit Attention 
> May  7 16:45:27 localhost kernel: Additional sense: Not ready to ready
> change, medium may have changed 
> May  7 16:45:27 localhost kernel: sda : READ CAPACITY failed. 
> May  7 16:45:27 localhost kernel: sda : status=1, message=00, host=0,
> driver=08 
> May  7 16:45:27 localhost kernel: Current sd: sense key Unit
> Attention 
> May  7 16:45:27 localhost kernel: Additional sense: Not ready to ready
> change, medium may have changed 
> May  7 16:45:27 localhost kernel: sda: Write Protect is off 
> May  7 16:45:27 localhost kernel: sda: assuming drive cache: write
> through 
> May  7 16:45:27 localhost kernel: SCSI device sda: 512000 512-byte
> hdwr sectors (262 MB) 
> May  7 16:45:27 localhost kernel: sda: Write Protect is off 
> May  7 16:45:27 localhost kernel: sda: assuming drive cache: write
> through 
> May  7 16:45:27 localhost kernel:  sda: unknown partition table 
> May  7 16:45:27 localhost kernel: Attached scsi removable disk sda at
> scsi8, channel 0, id 0, lun 0 
> May  7 16:45:27 localhost scsi.agent[14389]: disk
> at /devices/pci0000:00/0000:00:1d.7/usb1/1-6/1-6:1.0/host8/target8:0:0/8:0:0:0
> 
> May  7 16:45:29 localhost hald[4328]: Timed out waiting for hotplug
> event 395. Rebasing to 396 
> May  7 16:45:37 localhost fstab-sync[14459]: added mount
> point /media/usbdisk1 for /dev/sda 
> May  7 16:45:37 localhost kernel: FAT: utf8 is not a recommended IO
> charset for FAT filesystems, filesystem will be case sensitive!
> 
> May  7 16:45:44 localhost kernel: vdpf0: port 1(eth0) entering
> disabled state 
> May  7 16:45:44 localhost kernel: device eth0 left promiscuous mode 
> May  7 16:45:44 localhost kernel: vdpf0: port 1(eth0) entering
> disabled state 
> May  7 16:45:44 localhost network: Interrupción de la interfaz eth0:
> succeeded 
> May  7 16:45:44 localhost kernel: eth1: network connection down 
> May  7 16:45:44 localhost kernel: vdpf0: port 2(eth1) entering
> disabled state 
> May  7 16:45:44 localhost kernel: device eth1 left promiscuous mode 
> May  7 16:45:44 localhost kernel: vdpf0: port 2(eth1) entering
> disabled state 
> May  7 16:45:44 localhost network: Interrupción de la interfaz eth1:
> succeeded 
> May  7 16:45:45 localhost network: Interrupción de la interfaz vdpf0:
> succeeded 
> May  7 16:45:45 localhost net.agent[14596]: remove event not handled 
> May  7 16:45:45 localhost net.agent[14595]: remove event not handled 
> May  7 16:45:45 localhost network: Interrupción de la interfaz de
> loopback: succeeded 
> May  7 16:45:45 localhost sysctl: net.ipv4.ip_forward = 0 
> May  7 16:45:45 localhost network: Deshabilitando el reenvio de
> paquetes IPv4:  succeeded 
> May  7 16:45:45 localhost sysctl: net.ipv4.ip_forward = 1 
> May  7 16:45:45 localhost sysctl: net.ipv4.conf.default.rp_filter = 1 
> May  7 16:45:45 localhost sysctl:
> net.ipv4.conf.default.accept_source_route = 0 
> May  7 16:45:45 localhost sysctl: kernel.sysrq = 0 
> May  7 16:45:45 localhost sysctl: kernel.core_uses_pid = 1 
> May  7 16:45:45 localhost network: Configurando parámetros de red:
> succeeded 
> May  7 16:45:45 localhost network: Activación de la interfaz de
> loopback:  succeeded 
> May  7 16:45:47 localhost network: Activando interfaz vdpf0:
> succeeded 
> May  7 16:45:48 localhost kernel: device eth0 entered promiscuous
> mode 
> May  7 16:45:48 localhost network: Activando interfaz eth0:
> succeeded 
> May  7 16:45:48 localhost kernel: device eth1 entered promiscuous
> mode 
> May  7 16:45:48 localhost kernel: vdpf0: port 2(eth1) entering
> learning state 
> May  7 16:45:48 localhost network: Activando interfaz eth1:
> succeeded 
> May  7 16:45:49 localhost kernel: tg3: eth0: Link is up at 100 Mbps,
> full duplex. 
> May  7 16:45:49 localhost kernel: tg3: eth0: Flow control is off for
> TX and off for RX. 
> May  7 16:45:49 localhost kernel: vdpf0: port 1(eth0) entering
> learning state 
> May  7 16:45:50 localhost kernel: eth1: network connection up using
> port A 
> May  7 16:45:50 localhost kernel:     speed:           1000 
> May  7 16:45:50 localhost kernel:     autonegotiation: yes 
> May  7 16:45:50 localhost kernel:     duplex mode:     full 
> May  7 16:45:50 localhost kernel:     flowctrl:        symmetric 
> May  7 16:45:50 localhost kernel:     role:            slave 
> May  7 16:45:50 localhost kernel:     irq moderation:  disabled 
> May  7 16:45:50 localhost kernel:     scatter-gather:  enabled 
> [root@localhost network-scripts]#
> 
> Te agradeceria infinitamente puedas ayudarme….! 
> De antemano agradezco la ayuda que puedas brindarme….! 
> Saludos cordiales..!
Imagino que habrás encontrado mi dirección buscando en google y te habrá
llevado a la lista de debian-users-es, lo que te puede dar una visión de
la utilidad de las listas, por lo que te aconsejaría que te
subscribieras, además con la cantidad de spam que hay suelo filtrar casi
todo el correo, (de hecho este lo tenía en una carpeta temporal que
reviso por encima antes de marcar como spam).
Bueno a lo que te interesa, con esa información es imposible decirte
nada manda copia del fichero zones, hosts e interfaces, asi como el
resultado de la orden "shorewall check".
Y casi como pone al final de los coreos de la lista:
To SUBSCRIBE, email to debian-user-spanish-REQUEST@lists.debian.org
with a subject of "subscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to:
Prev by Date: Re: Informacion
Next by Date: xen
Previous by thread: Re: RADIUS
Next by thread: [OT] Nuevo buscador
Index(es):
- Date
- Thread