Firestater
Amigos,
tengo en una PC 3 tarjetas de red. eth0 (esta recibo ip por dhcp) es
la que tiene salida a internet y le comparte el internet a eth1 que
esta conectada a un red local. esto lo hago con NAT no soy muy ducho
con eso pero usando el wizard de firestarter siempre lo he
solucionado. Y funciona bien, ahora quiero usar otra interfaz eth2
para que por medio de squid compartir internet a otra red local pero
por medio de proxy. Hasta ahí no se si se pueda. Además he intentado
hacer un ping a una ip en el segmento de la red eth2 y me devuelve:
# ping 172.34.1.1
PING 172.34.1.1 (172.34.1.1) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
y de otra PC a esta simplemente no responde.
Lei por ahí que el problema es firestarter, asi que lo detuve volví
hacer ping y ya no tuvo problema. Pero esto no soluciona mis
necesidades.
¿Alguna sugerencia?
Saludos y gracias
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Anexo
#ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:04:d8:78:3f
inet addr:172.16.1.34 Bcast:172.16.255.255 Mask:255.255.0.0
inet6 addr: fe80::250:4ff:fed8:783f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:241072 errors:0 dropped:0 overruns:17 frame:0
TX packets:145992 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:309148180 (294.8 MiB) TX bytes:14833906 (14.1 MiB)
Interrupt:9 Base address:0xcf00
eth1 Link encap:Ethernet HWaddr 00:60:97:9c:90:6c
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::260:97ff:fe9c:906c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:157493 errors:0 dropped:0 overruns:0 frame:0
TX packets:231600 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:16306168 (15.5 MiB) TX bytes:308060169 (293.7 MiB)
Interrupt:10 Base address:0x70c0
eth2 Link encap:Ethernet HWaddr 00:50:da:bb:3d:62
inet addr:172.34.1.88 Bcast:172.34.255.255 Mask:255.255.0.0
inet6 addr: fe80::250:daff:febb:3d62/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18466 errors:0 dropped:0 overruns:1 frame:0
TX packets:2990 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1460440 (1.3 MiB) TX bytes:252579 (246.6 KiB)
Interrupt:5 Base address:0x2f80
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# iptables -nL
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 172.16.0.1 0.0.0.0/0 tcp
flags:!0x17/0x02
ACCEPT udp -- 172.16.0.1 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit:
avg 10/sec burst 5
DROP all -- 0.0.0.0/0 255.255.255.255
DROP all -- 0.0.0.0/0 172.16.255.255
DROP all -- 224.0.0.0/8 0.0.0.0/0
DROP all -- 0.0.0.0/0 224.0.0.0/8
DROP all -- 255.255.255.255 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
LSI all -f 0.0.0.0/0 0.0.0.0/0 limit:
avg 10/min burst 5
INBOUND all -- 0.0.0.0/0 0.0.0.0/0
INBOUND all -- 0.0.0.0/0 192.168.1.1
INBOUND all -- 0.0.0.0/0 172.16.1.34
INBOUND all -- 0.0.0.0/0 192.168.1.255
LOG_FILTER all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags
0 level 6 prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit:
avg 10/sec burst 5
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x02 TCPMSS clamp to PMTU
OUTBOUND all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 192.168.1.0/24 state
RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 192.168.1.0/24 state
RELATED,ESTABLISHED
LOG_FILTER all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags
0 level 6 prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 172.16.1.34 172.16.0.1 tcp dpt:53
ACCEPT udp -- 172.16.1.34 172.16.0.1 udp dpt:53
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 224.0.0.0/8 0.0.0.0/0
DROP all -- 0.0.0.0/0 224.0.0.0/8
DROP all -- 255.255.255.255 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
OUTBOUND all -- 0.0.0.0/0 0.0.0.0/0
OUTBOUND all -- 0.0.0.0/0 0.0.0.0/0
LOG_FILTER all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags
0 level 6 prefix `Unknown Output'
Chain INBOUND (4 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT all -- 172.34.1.64 0.0.0.0/0
ACCEPT all -- 172.16.1.35 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
ACCEPT tcp -- 172.34.1.0 0.0.0.0/0 tcp dpt:22
ACCEPT udp -- 172.34.1.0 0.0.0.0/0 udp dpt:22
ACCEPT tcp -- 172.16.1.0 0.0.0.0/0 tcp dpt:22
ACCEPT udp -- 172.16.1.0 0.0.0.0/0 udp dpt:22
ACCEPT tcp -- 172.16.1.35 0.0.0.0/0 tcp dpts:6000:6015
ACCEPT udp -- 172.16.1.35 0.0.0.0/0 udp dpts:6000:6015
LSI all -- 0.0.0.0/0 0.0.0.0/0
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- 0.0.0.0/0 0.0.0.0/0
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix
`Inbound '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x17/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix
`Inbound '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x17/0x04
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit:
avg 5/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit:
avg 5/sec burst 5 LOG flags 0 level 6 prefix `Outbound '
REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
Chain OUTBOUND (3 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
172.34.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 172.16.0.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 172.34.1.1 0.0.0.0 UG 0 0 0 eth2
Reply to: