[U-co] Firewall no me deja conectar ni acceder al modem (Cerrado)
Carlos Luna
caralu74 en linuxmail.org
Vie Nov 23 02:01:44 UTC 2012
Casi no doy con el problema, el asunto era que tenia seleccionado en "Normativa-Normativa para el
trafico saliente-Restricitvo por omisión, tráfico en lista blanca" lo cambie a "permisivo por omi
sión, trafico en lista negra" y ahora si me puedo conectar al modem y navegar normalmente, mante
niendo los puertos en stealth y bla bla bla.
¡Gracias!
> > Actualización:
> >
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> norma
>
> Reintale el Firestarter y vuelve el problema.
>
>
>
> > > Parametros del firewall:
> > > iptables v1.4.12:
> > > iptables --list
> > > Chain INPUT (policy DROP)
> > > target prot opt source destination
> > > ACCEPT tcp -- resolver2.opendns.com anywhere tcpflags:! FIN,SYN,RST,ACK/SYN
> > > ACCEPT udp -- resolver2.opendns.com anywhere
> > > ACCEPT tcp -- google-public-dns-a.google.com anywhere tcpflags:! FIN,SYN,RST,ACK/SYN
> > > ACCEPT udp -- google-public-dns-a.google.com anywhere
> > > ACCEPT tcp -- resolver1.opendns.com anywhere tcpflags:! FIN,SYN,RST,ACK/SYN
> > > ACCEPT udp -- resolver1.opendns.com anywhere
> > > ACCEPT all -- anywhere anywhere
> > > LSI udp -- anywhere anywhere udp dpt:33434
> > > LSI icmp -- anywhere anywhere
> > > DROP all -- anywhere 255.255.255.255
> > > DROP all -- anywhere Dynamic-IP-186145111255.cable.net.co
> > > DROP all -- base-address.mcast.net/8 anywhere
> > > DROP all -- anywhere base-address.mcast.net/8
> > > DROP all -- 255.255.255.255 anywhere
> > > DROP all -- anywhere 0.0.0.0
> > > DROP all -- anywhere anywhere state INVALID
> > > LSI all -f anywhere anywhere limit: avg 10/min burst 5
> > > INBOUND all -- anywhere anywhere
> > > LOG_FILTER all -- anywhere anywhere
> > > LOG all -- anywhere anywhere LOG level info prefix "Unknown Input"
> > >
> > > Chain FORWARD (policy DROP)
> > > target prot opt source destination
> > > LSI udp -- anywhere anywhere udp dpt:33434
> > > LSI icmp -- anywhere anywhere
> > > LOG_FILTER all -- anywhere anywhere
> > > LOG all -- anywhere anywhere LOG level info prefix "Unknown Forward"
> > >
> > > Chain OUTPUT (policy DROP)
> > > target prot opt source destination
> > > ACCEPT tcp -- Dynamic-IP-18614510***.cable.net.co resolver2.opendns.com tcp dpt:domain
> > > ACCEPT udp -- Dynamic-IP-18614510***.cable.net.co resolver2.opendns.com udp dpt:domain
> > > ACCEPT tcp -- Dynamic-IP-18614510***.cable.net.co google-public-dns-a.google.com tcp dpt:domain
> > > ACCEPT udp -- Dynamic-IP-18614510***.cable.net.co google-public-dns-a.google.com udp dpt:domain
> > > ACCEPT tcp -- Dynamic-IP-18614510***.cable.net.co resolver1.opendns.com tcp dpt:domain
> > > ACCEPT udp -- Dynamic-IP-18614510***.cable.net.co resolver1.opendns.com udp dpt:domain
> > > ACCEPT all -- anywhere anywhere
> > > DROP all -- base-address.mcast.net/8 anywhere
> > > DROP all -- anywhere base-address.mcast.net/8
> > > DROP all -- 255.255.255.255 anywhere
> > > DROP all -- anywhere 0.0.0.0
> > > DROP all -- anywhere anywhere state INVALID
> > > OUTBOUND all -- anywhere anywhere
> > > LOG_FILTER all -- anywhere anywhere
> > > LOG all -- anywhere anywhere LOG level info prefix "Unknown Output"
> > >
> > > Chain INBOUND (1 references)
> > > target prot opt source destination
> > > ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
> > > ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
> > > ACCEPT tcp -- anywhere anywhere tcp dpt:4662
> > > ACCEPT udp -- anywhere anywhere udp dpt:4662
> > > ACCEPT tcp -- anywhere anywhere tcp dpt:4672
> > > ACCEPT udp -- anywhere anywhere udp dpt:4672
> > > ACCEPT tcp -- anywhere anywhere tcp dpt:9001
> > > ACCEPT udp -- anywhere anywhere udp dpt:9001
> > > ACCEPT tcp -- anywhere anywhere tcp dpt:9090
> > > ACCEPT udp -- anywhere anywhere udp dpt:9090
> > > ACCEPT tcp -- anywhere anywhere tcp dpt:9030
> > > ACCEPT udp -- anywhere anywhere udp dpt:9030
> > > ACCEPT tcp -- anywhere anywhere tcp dpt:4665
> > > ACCEPT udp -- anywhere anywhere udp dpt:4665
> > > LSI all -- anywhere anywhere
> > >
> > > Chain LOG_FILTER (5 references)
> > > target prot opt source destination
> > >
> > > Chain LSI (6 references)
> > > target prot opt source destination
> > > LOG_FILTER all -- anywhere anywhere
> > > LOG tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
> > > DROP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN
> > > LOG tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
> > > DROP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/RST
> > > LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
> > > DROP icmp -- anywhere anywhere icmp echo-request
> > > LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix "Inbound "
> > > DROP all -- anywhere anywhere
> > >
> > > Chain LSO (0 references)
> > > target prot opt source destination
> > > LOG_FILTER all -- anywhere anywhere
> > > LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix "Outbound "
> > > REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
> > >
> > > Chain OUTBOUND (1 references)
> > > target prot opt source destination
> > > ACCEPT icmp -- anywhere anywhere
> > > ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
> > > ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
> > >
> > > Lo unico que veo raro es que la linea que dice 255.255.255.255 que me imagino es la mascara; la
> > > real que me da TELMEX es 255.255.248.0 en Win es 255.255.252.0 y al cambiar de SO cambia la IP, pero
> > > al retornar a Ubuntu vuelve la misma ip.
> > >
> > >
> > > >
> > > > ¡Saludo cordial!
> > > > Estos ultimos días he estado presentando el siguiente problema:
> > > > Si tengo activo el firewall (que manejo con firestarter)no tengo
> > > > acceso a internet, ni me deja siquiera acceder al modem; apenas lo
> > > > desactivo desde el firestarter, tengo conexion plena a internet y
> > > > puedo acceder al modem.
> > > > Pero apenas logico no quiero estar conectado sin tener el firewall
> > > > activo.
> > >
> > > --
> > > Al escribir recuerde observar la etiqueta (normas) de esta lista: http://goo.gl/Pu0ke
> > > Para cambiar su inscripción, vaya a "Cambio de opciones" en http://goo.gl/Nevnx
Más información sobre la lista de distribución Ubuntu-co