Re: [FUGSPBR] FIREWALL

Fri, 22 Nov 2002 02:24:37 -0800 

Luis,

Voc� se voc� estiver utilizando a interface tun0 para conectar com ADSL
verifique se em seu ppp.conf existe a entrada

nat enable no

se n�o existir, adicione-a e provavelmente ir� funcionar...


[]'s

Emanoel

----- Original Message -----
From: Lu�s Vit�rio Cargnini <[EMAIL PROTECTED]>
To: FUGSPBR <[EMAIL PROTECTED]>
Sent: Friday, November 22, 2002 12:52 AM
Subject: [FUGSPBR] FIREWALL


> Pessoal blz,
> colcoquei um firewall para rodar mas n�o sei porque cargas d'�gua n�o ta
> funcionando direito como deveria
> coloquei as op��es no
> rc.conf:
> gateway_enable="YES"
> natd_enable="YES"
> natd_flags="-l -f /etc/natd.conf"
> natd_interface="tun0"
> firewall_enable="YES"            # Set to YES to enable firewall
> functionality
> firewall_type="client"           # Firewall type (see /etc/rc.firewall)
>
>
> no arquivo natd.conf:
> interface tun0
> dynamic yes
> same_ports yes
> use_sockets yes
>
> e alterei o rc.firewall, por�m estou com a seguinte tabela:
> 00050 1654 718264 divert 8668 ip from any to any via tun0
> 00100 8832 469980 allow ip from any to any via lo0
> 00200    0      0 deny ip from any to 127.0.0.0/8
> 00300    0      0 deny ip from 127.0.0.0/8 to any
> 00400    0      0 allow ip from 192.168.0.2 to 192.168.0.0/24
> 00500    0      0 allow ip from 192.168.0.2 to any via tun0
> 00600    0      0 allow tcp from 192.168.0.2 to any established
> 00700    0      0 allow ip from 192.168.0.2 to any frag
> 00800    0      0 allow tcp from any to 192.168.0.2 25 setup
> 00900    0      0 allow tcp from 192.168.0.2 to any setup
> 01000    0      0 deny tcp from any to 192.168.0.2 setup
> 01100    0      0 allow udp from 192.168.0.2 to any 53 keep-state
> 01200    0      0 allow udp from 192.168.0.2 to any 123 keep-state
> 65535 1591 714146 allow ip from any to any
>
> Porem tentei abrir uma conexao ssh e consegui enquanto que n�o deveria
> ser poss�vel isso algu�m poderia me indicar algum poss�vel erro ou algo
> que eu tenha me esquecido na configura��o, sempre lembrando esse
> firewall esta em uma m�quina com conex�o discada.
>
> --
> Thanks && Regards
> Lu�s Vit�rio Cargnini

_______________________________________________________________
Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/

Responder a