[U-co] Firewall no me deja conectar ni acceder al modem
Carlos Luna
caralu74 en linuxmail.org
Vie Nov 23 00:31:16 UTC 2012
Parametros del firewall:
iptables v1.4.12:
iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- resolver2.opendns.com anywhere tcpflags:! FIN,SYN,RST,ACK/SYN
ACCEPT udp -- resolver2.opendns.com anywhere
ACCEPT tcp -- google-public-dns-a.google.com anywhere tcpflags:! FIN,SYN,RST,ACK/SYN
ACCEPT udp -- google-public-dns-a.google.com anywhere
ACCEPT tcp -- resolver1.opendns.com anywhere tcpflags:! FIN,SYN,RST,ACK/SYN
ACCEPT udp -- resolver1.opendns.com anywhere
ACCEPT all -- anywhere anywhere
LSI udp -- anywhere anywhere udp dpt:33434
LSI icmp -- anywhere anywhere
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere Dynamic-IP-186145111255.cable.net.co
DROP all -- base-address.mcast.net/8 anywhere
DROP all -- anywhere base-address.mcast.net/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Unknown Input"
Chain FORWARD (policy DROP)
target prot opt source destination
LSI udp -- anywhere anywhere udp dpt:33434
LSI icmp -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Unknown Forward"
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- Dynamic-IP-18614510***.cable.net.co resolver2.opendns.com tcp dpt:domain
ACCEPT udp -- Dynamic-IP-18614510***.cable.net.co resolver2.opendns.com udp dpt:domain
ACCEPT tcp -- Dynamic-IP-18614510***.cable.net.co google-public-dns-a.google.com tcp dpt:domain
ACCEPT udp -- Dynamic-IP-18614510***.cable.net.co google-public-dns-a.google.com udp dpt:domain
ACCEPT tcp -- Dynamic-IP-18614510***.cable.net.co resolver1.opendns.com tcp dpt:domain
ACCEPT udp -- Dynamic-IP-18614510***.cable.net.co resolver1.opendns.com udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- base-address.mcast.net/8 anywhere
DROP all -- anywhere base-address.mcast.net/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Unknown Output"
Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:4662
ACCEPT tcp -- anywhere anywhere tcp dpt:4672
ACCEPT udp -- anywhere anywhere udp dpt:4672
ACCEPT tcp -- anywhere anywhere tcp dpt:9001
ACCEPT udp -- anywhere anywhere udp dpt:9001
ACCEPT tcp -- anywhere anywhere tcp dpt:9090
ACCEPT udp -- anywhere anywhere udp dpt:9090
ACCEPT tcp -- anywhere anywhere tcp dpt:9030
ACCEPT udp -- anywhere anywhere udp dpt:9030
ACCEPT tcp -- anywhere anywhere tcp dpt:4665
ACCEPT udp -- anywhere anywhere udp dpt:4665
LSI all -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (6 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
DROP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
DROP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix "Inbound "
DROP all -- anywhere anywhere
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix "Outbound "
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
Lo unico que veo raro es que la linea que dice 255.255.255.255 que me imagino es la mascara; la
real que me da TELMEX es 255.255.248.0 en Win es 255.255.252.0 y al cambiar de SO cambia la IP, pero
al retornar a Ubuntu vuelve la misma ip.
>
> ¡Saludo cordial!
> Estos ultimos días he estado presentando el siguiente problema:
> Si tengo activo el firewall (que manejo con firestarter)no tengo
> acceso a internet, ni me deja siquiera acceder al modem; apenas lo
> desactivo desde el firestarter, tengo conexion plena a internet y
> puedo acceder al modem.
> Pero apenas logico no quiero estar conectado sin tener el firewall
> activo.
Más información sobre la lista de distribución Ubuntu-co