RE: OT Consulta sobre mi bridge con shorewall...! Por favor..!

To: German Jimenez Leal <gjimenezl@villagroup.com>
Cc: debian-user-es <debian-user-spanish@lists.debian.org>
Subject: RE: OT Consulta sobre mi bridge con shorewall...! Por favor..!
From: Antonio Trujillo Carmona <trujo@dti2.net>
Date: Mon, 08 May 2006 21:47:33 +0200
Message-id: <[🔎] 1147117654.8314.32.camel@abajo>
In-reply-to: <016c01c672d5$5d3235d0$0b40a8c0@gjimenez>
References: <016c01c672d5$5d3235d0$0b40a8c0@gjimenez>

El lun, 08-05-2006 a las 14:26 -0500, German Jimenez Leal escribió:
>[root@localhost shorewall]# shorewall check
>Loading /usr/share/shorewall/functions...
>Processing /etc/shorewall/params ...
>Processing /etc/shorewall/shorewall.conf...
>Loading Modules...
>Shorewall has detected the following iptables/netfilter capabilities:
>   NAT: Available
>   Packet Mangling: Available
>   Multi-port Match: Available
>   Extended Multi-port Match: Not available
>   Connection Tracking Match: Available
>   Packet Type Match: Available
>   Policy Match: Not available
>   Physdev Match: Available
>   IP range Match: Available
>   Recent Match: Available
>   Owner Match: Available
>   Ipset Match: Not available
>   CONNMARK Target: Not available
>   Connmark Match: Not available
>   Raw Table: Available
>   CLASSIFY Target: Available
>Verifying Configuration...
>Determining Zones...
>   IPv4_Zones: net loc
>   Firewall Zone: fw
>Setting up IPSEC...
>Validating interfaces file...
>Validating hosts file...
>Determining Hosts in Zones...
>   net Zone: vdpf0:eth0
>   loc Zone: vdpf0:eth1
>Validating policy file...
>   Policy for loc to net is ACCEPT using chain loc2net
>   Policy for net to loc is DROP using chain net2all
>   Policy for net to fw is DROP using chain net2all
>   Policy for loc to fw is REJECT using chain all2all
>   Policy for fw to net is REJECT using chain all2all
>   Policy for fw to loc is REJECT using chain all2all
>Checking Black List...
>Validating Proxy ARP
>Validating NAT...
>Pre-validating Actions...
>   Pre-processing /usr/share/shorewall/action.Drop...
>   ..Expanding Macro /usr/share/shorewall/macro.Auth...
>   ..End Macro
>   ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
>   ..End Macro
>   ..Expanding Macro /usr/share/shorewall/macro.SMB...
>   ..End Macro
>   ..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
>   ..End Macro
>   ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
>   ..End Macro
>   Pre-processing /usr/share/shorewall/action.Reject...
>   Pre-processing /usr/share/shorewall/action.Limit...
>Validating rules file...
>   Rule "ACCEPT net fw TCP 20,21,22,25,80,110,143,443,995,465    "
>checked.
>   Rule "ACCEPT loc net TCP 20,21,22,25,80,110,143,443,995,465    "
>checked.
>   Rule "ACCEPT loc net UDP 20,21,22,25,80,110,143,443,995,465    "
>checked.
>Validating Actions...
>   Generating Transitive Closure of Used-action List...
>Processing /usr/share/shorewall/action.Drop for Chain Drop...
>..Expanding Macro /usr/share/shorewall/macro.Auth...
>   Rule "REJECT - - tcp 113 -  -" checked.
>..End Macro
>   Rule "dropBcast       " checked.
>..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
>   Rule "ACCEPT - - icmp fragmentation-needed -  -" checked.
>   Rule "ACCEPT - - icmp time-exceeded -  -" checked.
>..End Macro
>   Rule "dropInvalid       " checked.
>..Expanding Macro /usr/share/shorewall/macro.SMB...
>   Rule "DROP - - udp 135,445 -  -" checked.
>   Rule "DROP - - udp 137:139 -  -" checked.
>   Rule "DROP - - udp 1024: 137  -" checked.
>   Rule "DROP - - tcp 135,139,445 -  -" checked.
>..End Macro
>..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
>   Rule "DROP - - udp 1900 -  -" checked.
>..End Macro
>   Rule "dropNotSyn - - tcp    " checked.
>..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
>   Rule "DROP - - udp - 53  -" checked.
>..End Macro
>Processing /usr/share/shorewall/action.Reject for Chain Reject...
>..Expanding Macro /usr/share/shorewall/macro.Auth...
>   Rule "REJECT - - tcp 113 -  -" checked.
>..End Macro
>   Rule "dropBcast       " checked.
>..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
>   Rule "ACCEPT - - icmp fragmentation-needed -  -" checked.
>   Rule "ACCEPT - - icmp time-exceeded -  -" checked.
>..End Macro
>   Rule "dropInvalid       " checked.
>..Expanding Macro /usr/share/shorewall/macro.SMB...
>   Rule "REJECT - - udp 135,445 -  -" checked.
>   Rule "REJECT - - udp 137:139 -  -" checked.
>   Rule "REJECT - - udp 1024: 137  -" checked.
>   Rule "REJECT - - tcp 135,139,445 -  -" checked.
>..End Macro
>..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
>   Rule "DROP - - udp 1900 -  -" checked.
>..End Macro
>   Rule "dropNotSyn - - tcp    " checked.
>..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
>   Rule "DROP - - udp - 53  -" checked.
>..End Macro
>Masqueraded Networks and Hosts:
>   ERROR: Unknown interface eth0
>[root@localhost shorewall]#
parece que el error esta que como masquerade pusiste eth0 y la unica
interfaz que tienes es vdpf0, podrías probar vdpf0:eth0 o algo del tipo
vdpf0:0.0.0.0/0

Reply to:

Prev by Date: Re: Frecuencia de CPU fija en Intel Centrino.
Next by Date: Re: [OT] Canonical mala malísima (por ser una empresa y ganar dinero)
Previous by thread: Re: can't open /dev/dsp
Next by thread: Inexplicable comportamiento de APT
Index(es):
- Date
- Thread