Problemas con nat
Jose Miguel Vidal Lavin
jmvidal en sertotal.cl
Mie Mar 3 10:39:44 CLST 2004
Señores
Tengo una máquina que funciona com squid proxy y funciona bien,
inclusive me filtra msn, kazaa y demases. El problema es que tengo ke
usar nat para habilitar todos los servicios a ciertas máquinas y eso lo
hago desde una máquina que tengo de firewall pero de un momento a otro
dejó de funcionar el ruteo y no me puedo conectar a internet usando esa
puerta de enlace, he revisado toda la configuración y no he podido
encontrar el error.
mi configuración que me entrega iptables es la siguiente:
Tabla: mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Tabla: filter
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp
echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp spt:pop3
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds
ACCEPT udp -- anywhere anywhere udp
spt:netbios-ns
ACCEPT tcp -- anywhere anywhere tcp
spt:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp
spt:microsoft-ds
REJECT tcp -- anywhere anywhere tcp
dpt:sunrpc reject-with icmp-port-unreachable
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT udp -- anywhere anywhere udp dpt:http
ACCEPT udp -- anywhere anywhere udp spt:http
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT tcp -- anywhere anywhere tcp spt:ftp
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT tcp -- anywhere anywhere tcp spt:10000
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp spt:pop3
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds
ACCEPT udp -- anywhere anywhere udp
spt:netbios-ns
ACCEPT tcp -- anywhere anywhere tcp
spt:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp
spt:microsoft-ds
Tabla: nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--
Jose Miguel Vidal Lavin User #333809 http://couter.li.org
Departamento de Informática Fono : 6764600
Cobranzas y Servicios Afines 6764622
Bulnes 317, Oficina 612
Más información sobre la lista de distribución Linux