Buen dia nuevamente, definitivamente sigo con problemas con el firehol,
saben que no me considero un usuario avanzado de linux, asi que les pido
me perdonen si les importuno de cierta manera, ya algunos colegas como
sandy napolez y alejando me habia cedido algunas sugerencias con respcto
a esto una de ellas era generar mediante el firehol el config que
necesitaba el server, lo hize y aun asi el problema persiste dejo de ver
los routers mediante snmp, claro esta de mis otras dependencias, por lo
que el mrtg que esta en ese server pasa solo a medirle el trafico a el
router de mi lan..
probe
firehol helpme > /media/ntfs/Firewall/sugerido/firehol.conf
Generandome asi este config que es mucho mas especifico que el otro que
les habia pasado antes quisiera lo chequearan y me dijera si notan que
le falta algo, segun estuve leyendo este comando genera el config solo
teniendo que modificarle algunas cosas de parte de el administrador de
el server a conveniencia
De nuevo suplicandoles paciencia y desde ya agradeciendoles cualquier ayuda
angel
PD: aqui les dejo el config a continuacion
----------------
#!/sbin/firehol
#
------------------------------------------------------------------------------
# This feature is under construction -- use it with care.
# *** NEVER USE THIS CONFIG AS-IS ***
#
# : firehol.sh,v 1.256 2007/05/22 22:52:53 ktsaou Exp $
# (C) Copyright 2003, Costa Tsaousis <co...@tsaousis.gr>
# FireHOL is distributed under GPL.
# Home Page: http://firehol.sourceforge.net
#
#
------------------------------------------------------------------------------
# FireHOL controls your firewall. You should want to get updates quickly.
# Subscribe (at the home page) to get notified of new releases.
#
------------------------------------------------------------------------------
#
# This config will have the same effect as NO PROTECTION!
# Everything that found to be running, is allowed.
#
# Date: jue ago 18 09:02:33 UCT 2011 on host sysmail.ssp.ecc.cu
#
# The TODOs bellow, are YOUR to-dos!
### DEBUG: Processing interface 'eth0'
### DEBUG: Processing IP 10.6.0.7 of interface 'eth0'
### DEBUG: Is 10.6.0.7 part of network 10.6.0.0/24? yes
# Interface No 1.
# The purpose of this interface is to control the traffic
# on the eth0 interface with IP 10.6.0.7 (net: "10.6.0.0/24").
# TODO: Change "interface1" to something with meaning to you.
# TODO: Check the optional rule parameters (src/dst).
# TODO: Remove 'dst 10.6.0.7' if this is dynamically assigned.
interface eth0 interface1 src "10.6.0.0/24" dst 10.6.0.7
# The default policy is DROP. You can be more polite with REJECT.
# Prefer to be polite on your own clients to prevent timeouts.
policy drop
# If you don't trust the clients behind eth0 (net "10.6.0.0/24"),
# add something like this.
# > protection strong
# Here are the services listening on eth0.
# TODO: Normally, you will have to remove those not needed.
server dns accept
server ICMP accept
server imap accept
server imaps accept
server ldap accept
server mysql accept
server pop3 accept
server smtp accept
server ssh accept
server sunrpc accept
server webmin accept
# The following eth0 server ports are not known by FireHOL:
# tcp/106 tcp/2000 tcp/36873 udp/10000 udp/48442 udp/712
# TODO: If you need any of them, you should define new services.
# (see Adding Services at the web site - http://firehol.sf.net).
# The following means that this machine can REQUEST anything via eth0.
# TODO: On production servers, avoid this and allow only the
# client services you really need.
client all accept
### DEBUG: Is 10.6.0.1 part of network 10.6.0.0/24? yes
### DEBUG: Default gateway 10.6.0.1 is part of network 10.6.0.0/24
# Interface No 2.
# The purpose of this interface is to control the traffic
# from/to unknown networks behind the default gateway 10.6.0.1 .
# TODO: Change "interface2" to something with meaning to you.
# TODO: Check the optional rule parameters (src/dst).
# TODO: Remove 'dst 10.6.0.7' if this is dynamically assigned.
interface eth0 interface2 src not "${UNROUTABLE_IPS} 10.6.0.0/24" dst
10.6.0.7
# The default policy is DROP. You can be more polite with REJECT.
# Prefer to be polite on your own clients to prevent timeouts.
policy drop
# If you don't trust the clients behind eth0 (net not
"${UNROUTABLE_IPS} 10.6.0.0/24"),
# add something like this.
# > protection strong
# Here are the services listening on eth0.
# TODO: Normally, you will have to remove those not needed.
server dns accept
server ICMP accept
server imap accept
server imaps accept
server ldap accept
server mysql accept
server pop3 accept
server smtp accept
server ssh accept
server sunrpc accept
server webmin accept
# The following eth0 server ports are not known by FireHOL:
# tcp/106 tcp/2000 tcp/36873 udp/10000 udp/48442 udp/712
# TODO: If you need any of them, you should define new services.
# (see Adding Services at the web site - http://firehol.sf.net).
# The following means that this machine can REQUEST anything via eth0.
# TODO: On production servers, avoid this and allow only the
# client services you really need.
client all accept
# The above 2 interfaces were found active at this moment.
# Add more interfaces that can potentially be activated in the future.
# FireHOL will not complain if you setup a firewall on an interface that is
# not active when you activate the firewall.
# If you don't setup an interface, FireHOL will drop all traffic from or to
# this interface, if and when it becomes available.
# Also, if an interface name dynamically changes (i.e. ppp0 may become ppp1)
# you can use the plus (+) character to match all of them (i.e. ppp+).
# No router statements have been produced, because your server
# is not configured for forwarding traffic.
-----------------------------------------------------------------
-------------
Servicios Telematicos de la Red ssp.ecc.cu
Empresa Correos de Cuba. (MIC). Sancti SpĂritus
Contactenos por el Mail ad...@ssp.ecc.cu
---------------------------------------
______________________________________________________________________
Lista de correos del Grupo de Usuarios de TecnologĂas Libres de Cuba.
Gutl-l@jovenclub.cu
https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l
