Gracias voy a realizar estos cambios y probar haber si funciona y comento como me fue, gracias nuevamente
César > El 07/03/2014 11:24, Francesc Guitart escribió: >> Hola César, >> >> Prueba añadiendo esta regla: >> >> $IPTABLES -I FORWARD -d 172.25.144.0/24 -i eth1 -j ACCEPT >> >> Por cierto, en cuanto a las reglas que me mandaste en el otro mail: >> $IPTABLES -A INPUT -s 192.168.0.0/24 -j ACCEPT >> $IPTABLES -A OUTPUT -d 172.25.144.0/24 -j ACCEPT >> $IPTABLES -A OUTPUT -p tcp -d 172.25.144.0/24 -j ACCEPT >> $IPTABLES -I OUTPUT -d 172.25.144.0/24 -j ACCEPT >> $IPTABLES -A POSTROUTING -t nat -o $EXTERNALIF -j MASQUERADE >> >> La primera y la cuarta son exactamente iguales. Elimina una de las dos. >> La tercera esta incluida dentro de la segunda (o la cuarta, como >> prefieras). Bórrala también. >> > Olvidé una cosa. La quita regla parece que funciona bien, pero para ser > exactos sería más bien: > > $IPTABLES -t nat -A POSTROUTING -o $EXTERNALIF -j MASQUERADE > > >> El 07/03/2014 11:04, César Martinez escribió: >>> Hola Gracias por responder, paso por le proxy porque el cable del tunel >>> de datos esta conectado ahora directo al switch que esta en el segmento >>> 192.168.0.X, el isp creo unas rutas para enviar todo el trafico de datos >>> a la ip 192.168.0.1 que es la ip de mi proxy actualmente. Como te >>> menciono si bajo el firewall momentaneamente puedo hacer ping o entrar a >>> un recurso compartido de la red 172.25.144.4 que es actualmente donde >>> debo llegar, esta ip es un servidor windows que tiene una carpeta >>> compartida. Te adjunto la salida de los comandos, muchas gracias por tu >>> ayuda >>> >>> ip route >>> 181.113.66.72/29 dev eth0 proto kernel scope link src 181.113.66.78 >>> 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.1 >>> 172.25.144.0/24 via 192.168.0.3 dev eth1 >>> 169.254.0.0/16 dev eth1 scope link >>> default via 181.113.66.73 dev eth >>> >>> ip route show table local >>> broadcast 181.113.66.79 dev eth0 proto kernel scope link src >>> 181.113.66.78 >>> broadcast 192.168.0.255 dev eth1 proto kernel scope link src 192.168.0.1 >>> local 181.113.66.78 dev eth0 proto kernel scope host src 181.113.66.78 >>> broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1 >>> broadcast 181.113.66.72 dev eth0 proto kernel scope link src >>> 181.113.66.78 >>> local 192.168.0.1 dev eth1 proto kernel scope host src 192.168.0.1 >>> broadcast 192.168.0.0 dev eth1 proto kernel scope link src 192.168.0.1 >>> broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 >>> local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 >>> local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 >>> >>> >>> ifconfig -a >>> eth0 Link encap:Ethernet HWaddr 00:26:5A:84:C3:B0 >>> inet addr:181.113.66.78 Bcast:181.113.66.79 >>> Mask:255.255.255.248 >>> inet6 addr: fe80::226:5aff:fe84:c3b0/64 Scope:Link >>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>> RX packets:322452 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:315335 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:1000 >>> RX bytes:218551617 (208.4 MiB) TX bytes:50814320 (48.4 MiB) >>> Interrupt:169 Base address:0xc000 >>> >>> eth1 Link encap:Ethernet HWaddr 3C:4A:92:B2:92:E4 >>> inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 >>> inet6 addr: fe80::3e4a:92ff:feb2:92e4/64 Scope:Link >>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>> RX packets:401472 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:326596 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:1000 >>> RX bytes:60175972 (57.3 MiB) TX bytes:235191189 (224.2 MiB) >>> Interrupt:177 Memory:fbdf0000-fbe00000 >>> >>> eth2 Link encap:Ethernet HWaddr 54:E6:FC:80:4C:C5 >>> BROADCAST MULTICAST MTU:1500 Metric:1 >>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:1000 >>> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) >>> Interrupt:90 Base address:0xa000 >>> >>> lo Link encap:Local Loopback >>> inet addr:127.0.0.1 Mask:255.0.0.0 >>> inet6 addr: ::1/128 Scope:Host >>> UP LOOPBACK RUNNING MTU:16436 Metric:1 >>> RX packets:485 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:485 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:0 >>> RX bytes:59577 (58.1 KiB) TX bytes:59577 (58.1 KiB) >>> >>> sit0 Link encap:IPv6-in-IPv4 >>> NOARP MTU:1480 Metric:1 >>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:0 >>> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b >>> >>> >>> >>> >>> iptables -L -nChain INPUT (policy ACCEPT) >>> target prot opt source destination >>> DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID >>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 >>> ACCEPT all -- 192.168.0.0/24 0.0.0.0/0 >>> ACCEPT 41 -- 0.0.0.0/0 0.0.0.0/0 >>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 >>> limit: avg 1/sec burst 5 >>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 >>> REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 >>> reject-with icmp-port-unreachable >>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state >>> RELATED,ESTABLISHED >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1976 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 >>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11200 >>> ACCEPT all -- 192.168.0.0/24 0.0.0.0/0 >>> LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1433 >>> limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: >>> MSSQL ' >>> DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1433 >>> LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6670 >>> limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: >>> Deepthrt ' >>> DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6670 >>> LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6711 >>> limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: >>> Sub7 ' >>> DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6711 >>> LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6712 >>> limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: >>> Sub7 ' >>> DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6712 >>> LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6713 >>> limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: >>> Sub7 ' >>> DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6713 >>> LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:12345 >>> limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: >>> Netbus ' >>> DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:12345 >>> LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:12346 >>> limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: >>> Netbus ' >>> DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:12346 >>> LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20034 >>> limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: >>> Netbus ' >>> DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20034 >>> LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:31337 >>> limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: BO >>> ' >>> DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:31337 >>> LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6000 >>> limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: >>> XWin ' >>> DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6000 >>> DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp >>> dpts:33434:33523 >>> REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 >>> reject-with icmp-port-unreachable >>> REJECT 2 -- 0.0.0.0/0 0.0.0.0/0 reject-with >>> icmp-port-unreachable >>> LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp >>> flags:0x17/0x02 limit: avg 5/min burst 5 LOG flags 0 level 4 prefix >>> `Firewalled packet:' >>> REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with >>> tcp-reset >>> DROP all -- 0.0.0.0/0 0.0.0.0/0 >>> >>> Chain FORWARD (policy ACCEPT) >>> target prot opt source destination >>> REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:55347 >>> reject-with icmp-port-unreachable >>> DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID >>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 >>> REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:137 >>> reject-with icmp-port-unreachable >>> REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:138 >>> reject-with icmp-port-unreachable >>> REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 >>> reject-with icmp-port-unreachable >>> REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 >>> reject-with icmp-port-unreachable >>> REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 >>> reject-with icmp-port-unreachable >>> REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:139 >>> reject-with icmp-port-unreachable >>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 >>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW >>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state >>> RELATED,ESTABLISHED >>> LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp >>> flags:0x17/0x02 limit: avg 5/min burst 5 LOG flags 0 level 4 prefix >>> `Firewalled packet:' >>> REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with >>> tcp-reset >>> DROP all -- 0.0.0.0/0 0.0.0.0/0 >>> >>> Chain OUTPUT (policy ACCEPT) >>> target prot opt source destination >>> ACCEPT all -- 0.0.0.0/0 172.25.144.0/24 >>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW >>> ACCEPT all -- 0.0.0.0/0 172.25.144.0/24 >>> ACCEPT tcp -- 0.0.0.0/0 172.25.144.0/24 >>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 >>> >>> >>> >>> >>> >>>> Hola Cesar, >>>> >>>> Por favor, envía los mails a la lista. La discusión de tu problema se >>>> estaba realizando en ese canal. ¿Porqué cambiar? >>>> >>>> Si he entendido bien después de varios mensajes, tienes la interfaz del >>>> aparato que hace el túnel conectado directamente a la red interna. >>>> Entonces ¿porqué pasas por el firewall para ir de una oficina a otra? >>>> Hay algo que no he entendido bien. ¿Puedes explicar la situación actual >>>> desde el principio sin omitir nada? >>>> >>>> Añade por favor la salida de estos comandos: >>>> >>>> ip route >>>> ip route show table local >>>> ifconfig -a >>>> iptables -L -n >>>> >>>> Gracias. >>>> >>>> >>> _______________________________________________ >>> CentOS-es mailing list >>> CentOS-es@centos.org >>> http://lists.centos.org/mailman/listinfo/centos-es >>> >> > _______________________________________________ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
