[U-co] Firewall no me deja conectar ni acceder al modem
Carlos Luna
caralu74 en linuxmail.org
Vie Nov 23 01:12:33 UTC 2012
Actualización:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
>
> Parametros del firewall:
> iptables v1.4.12:
> iptables --list
> Chain INPUT (policy DROP)
> target prot opt source destination
> ACCEPT tcp -- resolver2.opendns.com anywhere tcpflags:! FIN,SYN,RST,ACK/SYN
> ACCEPT udp -- resolver2.opendns.com anywhere
> ACCEPT tcp -- google-public-dns-a.google.com anywhere tcpflags:! FIN,SYN,RST,ACK/SYN
> ACCEPT udp -- google-public-dns-a.google.com anywhere
> ACCEPT tcp -- resolver1.opendns.com anywhere tcpflags:! FIN,SYN,RST,ACK/SYN
> ACCEPT udp -- resolver1.opendns.com anywhere
> ACCEPT all -- anywhere anywhere
> LSI udp -- anywhere anywhere udp dpt:33434
> LSI icmp -- anywhere anywhere
> DROP all -- anywhere 255.255.255.255
> DROP all -- anywhere Dynamic-IP-186145111255.cable.net.co
> DROP all -- base-address.mcast.net/8 anywhere
> DROP all -- anywhere base-address.mcast.net/8
> DROP all -- 255.255.255.255 anywhere
> DROP all -- anywhere 0.0.0.0
> DROP all -- anywhere anywhere state INVALID
> LSI all -f anywhere anywhere limit: avg 10/min burst 5
> INBOUND all -- anywhere anywhere
> LOG_FILTER all -- anywhere anywhere
> LOG all -- anywhere anywhere LOG level info prefix "Unknown Input"
>
> Chain FORWARD (policy DROP)
> target prot opt source destination
> LSI udp -- anywhere anywhere udp dpt:33434
> LSI icmp -- anywhere anywhere
> LOG_FILTER all -- anywhere anywhere
> LOG all -- anywhere anywhere LOG level info prefix "Unknown Forward"
>
> Chain OUTPUT (policy DROP)
> target prot opt source destination
> ACCEPT tcp -- Dynamic-IP-18614510***.cable.net.co resolver2.opendns.com tcp dpt:domain
> ACCEPT udp -- Dynamic-IP-18614510***.cable.net.co resolver2.opendns.com udp dpt:domain
> ACCEPT tcp -- Dynamic-IP-18614510***.cable.net.co google-public-dns-a.google.com tcp dpt:domain
> ACCEPT udp -- Dynamic-IP-18614510***.cable.net.co google-public-dns-a.google.com udp dpt:domain
> ACCEPT tcp -- Dynamic-IP-18614510***.cable.net.co resolver1.opendns.com tcp dpt:domain
> ACCEPT udp -- Dynamic-IP-18614510***.cable.net.co resolver1.opendns.com udp dpt:domain
> ACCEPT all -- anywhere anywhere
> DROP all -- base-address.mcast.net/8 anywhere
> DROP all -- anywhere base-address.mcast.net/8
> DROP all -- 255.255.255.255 anywhere
> DROP all -- anywhere 0.0.0.0
> DROP all -- anywhere anywhere state INVALID
> OUTBOUND all -- anywhere anywhere
> LOG_FILTER all -- anywhere anywhere
> LOG all -- anywhere anywhere LOG level info prefix "Unknown Output"
>
> Chain INBOUND (1 references)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
> ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
> ACCEPT tcp -- anywhere anywhere tcp dpt:4662
> ACCEPT udp -- anywhere anywhere udp dpt:4662
> ACCEPT tcp -- anywhere anywhere tcp dpt:4672
> ACCEPT udp -- anywhere anywhere udp dpt:4672
> ACCEPT tcp -- anywhere anywhere tcp dpt:9001
> ACCEPT udp -- anywhere anywhere udp dpt:9001
> ACCEPT tcp -- anywhere anywhere tcp dpt:9090
> ACCEPT udp -- anywhere anywhere udp dpt:9090
> ACCEPT tcp -- anywhere anywhere tcp dpt:9030
> ACCEPT udp -- anywhere anywhere udp dpt:9030
> ACCEPT tcp -- anywhere anywhere tcp dpt:4665
> ACCEPT udp -- anywhere anywhere udp dpt:4665
> LSI all -- anywhere anywhere
>
> Chain LOG_FILTER (5 references)
> target prot opt source destination
>
> Chain LSI (6 references)
> target prot opt source destination
> LOG_FILTER all -- anywhere anywhere
> LOG tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
> DROP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN
> LOG tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
> DROP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/RST
> LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
> DROP icmp -- anywhere anywhere icmp echo-request
> LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix "Inbound "
> DROP all -- anywhere anywhere
>
> Chain LSO (0 references)
> target prot opt source destination
> LOG_FILTER all -- anywhere anywhere
> LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix "Outbound "
> REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
>
> Chain OUTBOUND (1 references)
> target prot opt source destination
> ACCEPT icmp -- anywhere anywhere
> ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
> ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
>
> Lo unico que veo raro es que la linea que dice 255.255.255.255 que me imagino es la mascara; la
> real que me da TELMEX es 255.255.248.0 en Win es 255.255.252.0 y al cambiar de SO cambia la IP, pero
> al retornar a Ubuntu vuelve la misma ip.
>
>
> >
> > ¡Saludo cordial!
> > Estos ultimos días he estado presentando el siguiente problema:
> > Si tengo activo el firewall (que manejo con firestarter)no tengo
> > acceso a internet, ni me deja siquiera acceder al modem; apenas lo
> > desactivo desde el firestarter, tengo conexion plena a internet y
> > puedo acceder al modem.
> > Pero apenas logico no quiero estar conectado sin tener el firewall
> > activo.
>
> --
> Al escribir recuerde observar la etiqueta (normas) de esta lista: http://goo.gl/Pu0ke
> Para cambiar su inscripción, vaya a "Cambio de opciones" en http://goo.gl/Nevnx
Más información sobre la lista de distribución Ubuntu-co