[U-co] Reenviar Firewall no me deja conectar ni acceder al modem
Carlos Luna
caralu74 en linuxmail.org
Vie Nov 23 01:25:26 UTC 2012
> Actualización:
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
Reintale el Firestarter y vuelve el problema.
> > Parametros del firewall:
> > iptables v1.4.12:
> > iptables --list
> > Chain INPUT (policy DROP)
> > target prot opt source destination
> > ACCEPT tcp -- resolver2.opendns.com anywhere tcpflags:! FIN,SYN,RST,ACK/SYN
> > ACCEPT udp -- resolver2.opendns.com anywhere
> > ACCEPT tcp -- google-public-dns-a.google.com anywhere tcpflags:! FIN,SYN,RST,ACK/SYN
> > ACCEPT udp -- google-public-dns-a.google.com anywhere
> > ACCEPT tcp -- resolver1.opendns.com anywhere tcpflags:! FIN,SYN,RST,ACK/SYN
> > ACCEPT udp -- resolver1.opendns.com anywhere
> > ACCEPT all -- anywhere anywhere
> > LSI udp -- anywhere anywhere udp dpt:33434
> > LSI icmp -- anywhere anywhere
> > DROP all -- anywhere 255.255.255.255
> > DROP all -- anywhere Dynamic-IP-186145111255.cable.net.co
> > DROP all -- base-address.mcast.net/8 anywhere
> > DROP all -- anywhere base-address.mcast.net/8
> > DROP all -- 255.255.255.255 anywhere
> > DROP all -- anywhere 0.0.0.0
> > DROP all -- anywhere anywhere state INVALID
> > LSI all -f anywhere anywhere limit: avg 10/min burst 5
> > INBOUND all -- anywhere anywhere
> > LOG_FILTER all -- anywhere anywhere
> > LOG all -- anywhere anywhere LOG level info prefix "Unknown Input"
> >
> > Chain FORWARD (policy DROP)
> > target prot opt source destination
> > LSI udp -- anywhere anywhere udp dpt:33434
> > LSI icmp -- anywhere anywhere
> > LOG_FILTER all -- anywhere anywhere
> > LOG all -- anywhere anywhere LOG level info prefix "Unknown Forward"
> >
> > Chain OUTPUT (policy DROP)
> > target prot opt source destination
> > ACCEPT tcp -- Dynamic-IP-18614510***.cable.net.co resolver2.opendns.com tcp dpt:domain
> > ACCEPT udp -- Dynamic-IP-18614510***.cable.net.co resolver2.opendns.com udp dpt:domain
> > ACCEPT tcp -- Dynamic-IP-18614510***.cable.net.co google-public-dns-a.google.com tcp dpt:domain
> > ACCEPT udp -- Dynamic-IP-18614510***.cable.net.co google-public-dns-a.google.com udp dpt:domain
> > ACCEPT tcp -- Dynamic-IP-18614510***.cable.net.co resolver1.opendns.com tcp dpt:domain
> > ACCEPT udp -- Dynamic-IP-18614510***.cable.net.co resolver1.opendns.com udp dpt:domain
> > ACCEPT all -- anywhere anywhere
> > DROP all -- base-address.mcast.net/8 anywhere
> > DROP all -- anywhere base-address.mcast.net/8
> > DROP all -- 255.255.255.255 anywhere
> > DROP all -- anywhere 0.0.0.0
> > DROP all -- anywhere anywhere state INVALID
> > OUTBOUND all -- anywhere anywhere
> > LOG_FILTER all -- anywhere anywhere
> > LOG all -- anywhere anywhere LOG level info prefix "Unknown Output"
> >
> > Chain INBOUND (1 references)
> > target prot opt source destination
> > ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
> > ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
> > ACCEPT tcp -- anywhere anywhere tcp dpt:4662
> > ACCEPT udp -- anywhere anywhere udp dpt:4662
> > ACCEPT tcp -- anywhere anywhere tcp dpt:4672
> > ACCEPT udp -- anywhere anywhere udp dpt:4672
> > ACCEPT tcp -- anywhere anywhere tcp dpt:9001
> > ACCEPT udp -- anywhere anywhere udp dpt:9001
> > ACCEPT tcp -- anywhere anywhere tcp dpt:9090
> > ACCEPT udp -- anywhere anywhere udp dpt:9090
> > ACCEPT tcp -- anywhere anywhere tcp dpt:9030
> > ACCEPT udp -- anywhere anywhere udp dpt:9030
> > ACCEPT tcp -- anywhere anywhere tcp dpt:4665
> > ACCEPT udp -- anywhere anywhere udp dpt:4665
> > LSI all -- anywhere anywhere
> >
> > Chain LOG_FILTER (5 references)
> > target prot opt source destination
> >
> > Chain LSI (6 references)
> > target prot opt source destination
> > LOG_FILTER all -- anywhere anywhere
> > LOG tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
> > DROP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN
> > LOG tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
> > DROP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/RST
> > LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
> > DROP icmp -- anywhere anywhere icmp echo-request
> > LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix "Inbound "
> > DROP all -- anywhere anywhere
> >
> > Chain LSO (0 references)
> > target prot opt source destination
> > LOG_FILTER all -- anywhere anywhere
> > LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix "Outbound "
> > REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
> >
> > Chain OUTBOUND (1 references)
> > target prot opt source destination
> > ACCEPT icmp -- anywhere anywhere
> > ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
> > ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
> >
> > Lo unico que veo raro es que la linea que dice 255.255.255.255 que me imagino es la mascara; la
> > real que me da TELMEX es 255.255.248.0 en Win es 255.255.252.0 y al cambiar de SO cambia la IP, pero
> > al retornar a Ubuntu vuelve la misma ip.
> >
> >
> > >
> > > ¡Saludo cordial!
> > > Estos ultimos días he estado presentando el siguiente problema:
> > > Si tengo activo el firewall (que manejo con firestarter)no tengo
> > > acceso a internet, ni me deja siquiera acceder al modem; apenas lo
> > > desactivo desde el firestarter, tengo conexion plena a internet y
> > > puedo acceder al modem.
> > > Pero apenas logico no quiero estar conectado sin tener el firewall
> > > activo.
> >
> > --
> > Al escribir recuerde observar la etiqueta (normas) de esta lista: http://goo.gl/Pu0ke
> > Para cambiar su inscripción, vaya a "Cambio de opciones" en http://goo.gl/Nevnx
Más información sobre la lista de distribución Ubuntu-co