(linux-br) Firewall (levando uma surra)

Thu, 18 Oct 2001 12:26:43 -0700 

Caros amigos,

Instalei CL 7.0 com 2 placas de redes, uma pra internet (ADSL) e outra para
intranet, configurei o squid para os usu�rios da intranet (win98) acessarem
a Internet, at� a� tudo funcionando bem, o problema agora � configurar um
firewall (estou levando uma surra).

N�o consigo definir os m�dulos que dar�o suporte aos m�dulos filtrados
atrav�s do comando

 depmod -a
 modprobe ip_masq_ftp
 modprobe ip_masq_irc
 modprobe ip_masq_cuseeme
 modprobe ip_masq_raudio
 modprobe ip_masq_user
 modprobe ip_masq_quake

mensagem de erro " Can�t locate module....."

Se algu�m puder ajudar... Segue abaixo as regras e as mensagens de erro...

---- regras ---

echo 1 > /proc/sys/net/ipv4/ip_forward
ipchains -A input -j DENY
ipchains -A output -j ACCEPT
ipchains -A forward -j DENY
ipchains -A input -p tcp -s 0/0 -d 127.0.0.1 -p tcp -j ACCEPT
ipchains -A input -p tcp -s 0/0 -d 192.168.1.2 -j ACCEPT
ipchains -A input -p tcp -s 192.168.1.0/24 -d 0/0 -j ACCEPT
ipchains -A input -i eth0 -s 0/0 -d 0/0 -j ACCEPT
ipchains -A output -i eth0 -s 0/0 -d 0/0 -j ACCEPT
ipchains -A forward -s 0.0.0.0/0 -d 192.168.1.0/0 -j ACCEPT
ipchains -A forward -s 192.168.1.0 -d 0/0 -i eth0 -j MASQ
ipchains -A input -i eth1 -p tcp -s 0/0 -d 0/0 137:139 -I -j DENY
ipchains -A input -i eth1 -p udp -s 0/0 -d 0/0 137:139 -I -j DENY
ipchains -A input -i eth1 -p tcp -s 0/0 -d 0/0 1080 -j DENY
ipchains -A input -i eth1 -p udp -s 0/0 -d 0/0 1080 -j DENY
ipchains -A input -i eth1 -p tcp -s 0/0 -d 0/0 3128 -d DENY
ipchains -A input -i eth1 -p udp -s 0/0 -d 0/0 3128 -j DENY
ipchains -A input -p tcp -s 0/0 -d 0/0 1023:65535 -j ACCEPT
ipchains -A input -p udp -s 0/0 -d 0/0 1023:65535 -j ACCEPT
ipchains -A input -p icmp -s 0/0 -d 0/0 -j DENY -I
ipchains -A input -p tcp -s 0/0 -d 0/0 20 -j ACCEPT
ipchains -A input -p tcp -s 0/0 -d 0/0 21 -j ACCEPT
ipchains -A input -p tcp -s 0/0 -d 0/0 22 -j ACCEPT
ipchains -A input -p tcp -s 0/0 -d 0/0 23 -j ACCEPT
ipchains -A input -p tcp -s 0/0 -d 0/0 25 -j ACCEPT
ipchains -A input -p tcp -s 0/0 -d 0/0 53 -j ACCEPT
ipchains -A input -p udp -s 0/0 -d 0/0 53 -j ACCEPT
ipchains -A input -p tcp -s 0/0 -d 0/0 80 -j ACCEPT
ipchains -A input -p tcp -s 0/0 -d 0/0 110 -j ACCEPT
ipchains -A input -p tcp -s 0/0 -d 0/0 113 -j ACCEPT
ipchains -A input -p tcp -s 192.168.1.0 -d 0/0 137:139 -j ACCEPT
ipchains -A input -p udp -s 192.168.1.0 -d 0/0 137 -j ACCEPT
ipchains -A input -p tcp -s 0/0 -d 0/0 443 -j ACCEPT
ipchains -A input -p tcp -s 0/0 -d 192.168.1.3 80 -j ACCEPT
ipchains -A input -p tcp -s 0/0 -d 192.168.1.0 80 -j ACCEPT
ipchains -A input -s 0/0 -d 0/0 138:138 -p udp -j DENY
ipchains -A input -s 0/0 -d 0/0 137:137 -p udp -j DENY
ipchains -A input -s 0/0 -d 0/0 119:119 -p tcp -j DENY
ipchains -A input -s 0/0 -d 0/0 -i eth0 -p tcp -j DENY -I
ipchains -A input -s 0/0 -d 192.168.1.2 1023:65535 -i eth0 -p tcp -j ACCEPT
! -y
ipchains -A input -s 0/0 20:20 -d 192.168.1.2 1024:65535 -p tcp -i eth0
ipchains -A input -s 0/0 -d 0/0 -j ACCEPT -f
ipchains -F
ipchains -P input -j DENY
ipchains -P output -j DENY
ipchains -P forward -j DENY

----- erros -----

Oct 15 09:53:29 lxluana cortafogo: ipchains: Protocol not available
Oct 15 09:53:29 lxluana last message repeated 2 times
Oct 15 09:53:29 lxluana cortafogo: ipchains: multiple -p flags not allowed
Oct 15 09:53:29 lxluana cortafogo:
Oct 15 09:53:29 lxluana cortafogo: Try `ipchains -h' or 'ipchains --help'
for more information.
Oct 15 09:53:29 lxluana cortafogo: ipchains: Protocol not available
Oct 15 09:53:29 lxluana last message repeated 5 times
Oct 15 09:53:29 lxluana cortafogo: ipchains: Can't use -I with -A
Oct 15 09:53:29 lxluana cortafogo:
Oct 15 09:53:29 lxluana cortafogo: Try `ipchains -h' or 'ipchains --help'
for more information.
Oct 15 09:53:29 lxluana cortafogo: ipchains: Can't use -I with -A
Oct 15 09:53:29 lxluana cortafogo:
Oct 15 09:53:29 lxluana cortafogo: Try `ipchains -h' or 'ipchains --help'
for more information.
Oct 15 09:53:29 lxluana cortafogo: ipchains: Protocol not available
Oct 15 09:53:29 lxluana cortafogo: ipchains: Protocol not available
Oct 15 09:53:29 lxluana cortafogo: ipchains: multiple -d flags not allowed
Oct 15 09:53:29 lxluana cortafogo:
Oct 15 09:53:29 lxluana cortafogo: Try `ipchains -h' or 'ipchains --help'
for more information.
Oct 15 09:53:29 lxluana cortafogo: ipchains: Protocol not available
Oct 15 09:53:29 lxluana last message repeated 2 times
Oct 15 09:53:29 lxluana cortafogo: ipchains: option requires an argument --
I
Oct 15 09:53:29 lxluana cortafogo: Try `ipchains -h' or 'ipchains --help'
for more information.
Oct 15 09:53:29 lxluana cortafogo: ipchains: Protocol not available
Oct 15 09:53:29 lxluana last message repeated 17 times
Oct 15 09:53:29 lxluana cortafogo: ipchains: option requires an argument --
I
Oct 15 09:53:29 lxluana cortafogo: Try `ipchains -h' or 'ipchains --help'
for more information.
Oct 15 09:53:29 lxluana cortafogo: ipchains: Protocol not available
Oct 15 09:53:29 lxluana last message repeated 2 times
Oct 15 09:53:29 lxluana cortafogo: ipchains: Incompatible with this kernel
Oct 15 09:53:29 lxluana cortafogo: ipchains: -P requires a chain and a
policy
Oct 15 09:53:29 lxluana cortafogo: Try `ipchains -h' or 'ipchains --help'
for more information.
Oct 15 09:53:29 lxluana cortafogo: ipchains: -P requires a chain and a
policy
Oct 15 09:53:29 lxluana cortafogo: Try `ipchains -h' or 'ipchains --help'
for more information.
Oct 15 09:53:29 lxluana cortafogo: ipchains: -P requires a chain and a
policy
Oct 15 09:53:29 lxluana cortafogo: Try `ipchains -h' or 'ipchains --help'
for more information.
Oct 15 09:53:29 lxluana rc: Iniciando cortafogo:  failed








Assinantes em 18/10/2001: 2389
Mensagens recebidas desde 07/01/1999: 137438
Historico e [des]cadastramento: http://linux-br.conectiva.com.br
Assuntos administrativos e problemas com a lista: 
            mailto:[EMAIL PROTECTED]

Responder a