RE: OT Consulta sobre mi bridge con shorewall...! Por favor..!
El lun, 08-05-2006 a las 14:26 -0500, German Jimenez Leal escribió:
>[root@localhost shorewall]# shorewall check
>Loading /usr/share/shorewall/functions...
>Processing /etc/shorewall/params ...
>Processing /etc/shorewall/shorewall.conf...
>Loading Modules...
>Shorewall has detected the following iptables/netfilter capabilities:
> NAT: Available
> Packet Mangling: Available
> Multi-port Match: Available
> Extended Multi-port Match: Not available
> Connection Tracking Match: Available
> Packet Type Match: Available
> Policy Match: Not available
> Physdev Match: Available
> IP range Match: Available
> Recent Match: Available
> Owner Match: Available
> Ipset Match: Not available
> CONNMARK Target: Not available
> Connmark Match: Not available
> Raw Table: Available
> CLASSIFY Target: Available
>Verifying Configuration...
>Determining Zones...
> IPv4_Zones: net loc
> Firewall Zone: fw
>Setting up IPSEC...
>Validating interfaces file...
>Validating hosts file...
>Determining Hosts in Zones...
> net Zone: vdpf0:eth0
> loc Zone: vdpf0:eth1
>Validating policy file...
> Policy for loc to net is ACCEPT using chain loc2net
> Policy for net to loc is DROP using chain net2all
> Policy for net to fw is DROP using chain net2all
> Policy for loc to fw is REJECT using chain all2all
> Policy for fw to net is REJECT using chain all2all
> Policy for fw to loc is REJECT using chain all2all
>Checking Black List...
>Validating Proxy ARP
>Validating NAT...
>Pre-validating Actions...
> Pre-processing /usr/share/shorewall/action.Drop...
> ..Expanding Macro /usr/share/shorewall/macro.Auth...
> ..End Macro
> ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
> ..End Macro
> ..Expanding Macro /usr/share/shorewall/macro.SMB...
> ..End Macro
> ..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
> ..End Macro
> ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
> ..End Macro
> Pre-processing /usr/share/shorewall/action.Reject...
> Pre-processing /usr/share/shorewall/action.Limit...
>Validating rules file...
> Rule "ACCEPT net fw TCP 20,21,22,25,80,110,143,443,995,465 "
>checked.
> Rule "ACCEPT loc net TCP 20,21,22,25,80,110,143,443,995,465 "
>checked.
> Rule "ACCEPT loc net UDP 20,21,22,25,80,110,143,443,995,465 "
>checked.
>Validating Actions...
> Generating Transitive Closure of Used-action List...
>Processing /usr/share/shorewall/action.Drop for Chain Drop...
>..Expanding Macro /usr/share/shorewall/macro.Auth...
> Rule "REJECT - - tcp 113 - -" checked.
>..End Macro
> Rule "dropBcast " checked.
>..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
> Rule "ACCEPT - - icmp fragmentation-needed - -" checked.
> Rule "ACCEPT - - icmp time-exceeded - -" checked.
>..End Macro
> Rule "dropInvalid " checked.
>..Expanding Macro /usr/share/shorewall/macro.SMB...
> Rule "DROP - - udp 135,445 - -" checked.
> Rule "DROP - - udp 137:139 - -" checked.
> Rule "DROP - - udp 1024: 137 -" checked.
> Rule "DROP - - tcp 135,139,445 - -" checked.
>..End Macro
>..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
> Rule "DROP - - udp 1900 - -" checked.
>..End Macro
> Rule "dropNotSyn - - tcp " checked.
>..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
> Rule "DROP - - udp - 53 -" checked.
>..End Macro
>Processing /usr/share/shorewall/action.Reject for Chain Reject...
>..Expanding Macro /usr/share/shorewall/macro.Auth...
> Rule "REJECT - - tcp 113 - -" checked.
>..End Macro
> Rule "dropBcast " checked.
>..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
> Rule "ACCEPT - - icmp fragmentation-needed - -" checked.
> Rule "ACCEPT - - icmp time-exceeded - -" checked.
>..End Macro
> Rule "dropInvalid " checked.
>..Expanding Macro /usr/share/shorewall/macro.SMB...
> Rule "REJECT - - udp 135,445 - -" checked.
> Rule "REJECT - - udp 137:139 - -" checked.
> Rule "REJECT - - udp 1024: 137 -" checked.
> Rule "REJECT - - tcp 135,139,445 - -" checked.
>..End Macro
>..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
> Rule "DROP - - udp 1900 - -" checked.
>..End Macro
> Rule "dropNotSyn - - tcp " checked.
>..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
> Rule "DROP - - udp - 53 -" checked.
>..End Macro
>Masqueraded Networks and Hosts:
> ERROR: Unknown interface eth0
>[root@localhost shorewall]#
parece que el error esta que como masquerade pusiste eth0 y la unica
interfaz que tienes es vdpf0, podrías probar vdpf0:eth0 o algo del tipo
vdpf0:0.0.0.0/0
Reply to: