[FUG-BR] duvidas

Alessandro de Souza Rocha etherlinkii em gmail.com
Quarta Janeiro 23 09:03:32 BRST 2008


Em 23/01/08, enochian em dunkelheit.org<enochian em dunkelheit.org> escreveu:
> ROUTER ----> xl0 - FreeBSD - rl0 ------> switch ---> rede interna
> Nao percebi nada que possa estar afetando. talvez o erro esteja em sua
> infra ou configuracoes de clientes.
> Obs: esse script de firewall pode ser muito melhorado.
>
> Alessandro Fortuna escreveu:
> > 00001   0     0 allow ip from any to any via lo0
> > 00001   0     0 deny ip from any to 127.0.0.0/8
> > 00001   0     0 deny ip from 127.0.0.0/8 to any
> > 00001  33  3148 deny log logamount 100 ip from any to any not verrevpath in
> > 00002   0     0 deny ip from any to any in frag
> > 00002   0     0 deny tcp from any to any dst-port 137-139
> > 00002   0     0 deny tcp from any 137-139 to any
> > 00002   7  1123 deny udp from any to any dst-port 137-139
> > 00002   0     0 deny udp from any 137-139 to any
> > 00002   0     0 deny tcp from any to any dst-port 445
> > 00002   0     0 deny tcp from any 445 to any
> > 00002   0     0 deny udp from any to any dst-port 445
> > 00002   0     0 deny udp from any 445 to any
> > 00002   0     0 deny tcp from any to any dst-port 1512
> > 00002   0     0 deny tcp from any 1512 to any
> > 00002   0     0 deny udp from any to any dst-port 1512
> > 00002   0     0 deny udp from any 1512 to any
> > 00002   0     0 deny icmp from any to any icmptypes 3
> > 00002   0     0 deny icmp from any to any icmptypes 4
> > 00002   0     0 deny icmp from any to any icmptypes 9
> > 00002   0     0 deny icmp from any to any icmptypes 11
> > 00002   0     0 deny icmp from any to any icmptypes 12
> > 00090   0     0 skipto 65000 tcp from any to 200.141.128.76
> > 00090   0     0 skipto 65000 tcp from any to 200.201.174.0/24
> > 00100   0     0 fwd 127.0.0.1,3128 tcp from 192.168.1.0/24 to any dst-port
> > 80 via rl0
> > 00112   0     0 pipe 112 ip from 192.168.1.3 to any in via rl0
> > 00113   0     0 pipe 113 ip from any to 192.168.1.3 out via rl0
> > 01001   0     0 pipe 1001 ip from 192.168.1.2 to any in via rl0
> > 01002   0     0 pipe 1002 ip from any to 192.168.1.2 out via rl0
> > 01005   0     0 pipe 1005 ip from 192.168.1.4 to any in via xl0
> > 01006   0     0 pipe 1006 ip from any to 192.168.1.4 out via xl0
> > 01007   0     0 pipe 1007 ip from 192.168.1.10 to any in via xl0
> > 01008   0     0 pipe 1008 ip from any to 192.168.1.10 out via xl0
> > 01009   0     0 pipe 1009 ip from 192.168.1.11 to any in via xl0
> > 01010   0     0 pipe 1010 ip from any to 192.168.1.11 out via xl0
> > 01011   0     0 pipe 1011 ip from 192.168.1.12 to any in via xl0
> > 01012   0     0 pipe 1012 ip from any to 192.168.1.12 out via xl0
> > 01013   0     0 pipe 1013 ip from 192.168.1.13 to any in via xl0
> > 01014   0     0 pipe 1014 ip from any to 192.168.1.13 out via xl0
> > 01015   0     0 pipe 1015 ip from 192.168.1.14 to any in via xl0
> > 01016   0     0 pipe 1016 ip from any to 192.168.1.14 out via xl0
> > 01017   0     0 pipe 1017 ip from 192.168.1.15 to any in via xl0
> > 01018   0     0 pipe 1018 ip from any to 192.168.1.15 out via xl0
> > 01019   0     0 pipe 1019 ip from 192.168.1.35 to any in via xl0
> > 01020   0     0 pipe 1020 ip from any to 192.168.1.35 out via xl0
> > 01021   0     0 pipe 1021 ip from 192.168.1.36 to any in via xl0
> > 01022   0     0 pipe 1022 ip from any to 192.168.1.36 out via xl0
> > 01023   0     0 pipe 1023 ip from 192.168.1.37 to any in via xl0
> > 01024   0     0 pipe 1024 ip from any to 192.168.1.37 out via xl0
> > 01025   0     0 pipe 1025 ip from 192.168.1.38 to any in via xl0
> > 01026   0     0 pipe 1026 ip from any to 192.168.1.38 out via xl0
> > 01027   0     0 pipe 1027 ip from 192.168.1.39 to any in via xl0
> > 01028   0     0 pipe 1028 ip from any to 192.168.1.39 out via xl0
> > 01029   0     0 pipe 1029 ip from 192.168.1.40 to any in via xl0
> > 01030   0     0 pipe 1030 ip from any to 192.168.1.40 out via xl0
> > 01031   0     0 pipe 1031 ip from 192.168.1.41 to any in via xl0
> > 01032   0     0 pipe 1032 ip from any to 192.168.1.41 out via xl0
> > 01033   0     0 pipe 1033 ip from 192.168.1.43 to any in via xl0
> > 01034   0     0 pipe 1034 ip from any to 192.168.1.43 out via xl0
> > 01035   0     0 pipe 1035 ip from 192.168.1.44 to any in via xl0
> > 01036   0     0 pipe 1036 ip from any to 192.168.1.44 out via xl0
> > 01037   0     0 pipe 1037 ip from 192.168.1.45 to any in via xl0
> > 01038   0     0 pipe 1038 ip from any to 192.168.1.45 out via xl0
> > 01039   0     0 pipe 1039 ip from 192.168.1.46 to any in via xl0
> > 01040   0     0 pipe 1040 ip from any to 192.168.1.46 out via xl0
> > 01041   0     0 pipe 1041 ip from 192.168.1.47 to any in via xl0
> > 01042   0     0 pipe 1042 ip from any to 192.168.1.47 out via xl0
> > 01043   0     0 pipe 1043 ip from 192.168.1.48 to any in via xl0
> > 01044   0     0 pipe 1044 ip from any to 192.168.1.48 out via xl0
> > 01045   0     0 pipe 1045 ip from 192.168.1.50 to any in via xl0
> > 01046   0     0 pipe 1046 ip from any to 192.168.1.50 out via xl0
> > 01047   0     0 pipe 1047 ip from 192.168.1.52 to any in via xl0
> > 01048   0     0 pipe 1048 ip from any to 192.168.1.52 out via xl0
> > 01049   0     0 pipe 1049 ip from 192.168.1.53 to any in via xl0
> > 01050   0     0 pipe 1050 ip from any to 192.168.1.53 out via xl0
> > 01051   0     0 pipe 1051 ip from 192.168.1.55 to any in via xl0
> > 01052   0     0 pipe 1052 ip from any to 192.168.1.55 out via xl0-
> > 01053   0     0 pipe 1053 ip from 192.168.1.56 to any in via xl0
> > 01054   0     0 pipe 1054 ip from any to 192.168.1.56 out via xl0
> > 01055   0     0 pipe 1055 ip from 192.168.1.57 to any in via xl0
> > 01056   0     0 pipe 1056 ip from any to 192.168.1.57 out via xl0
> > 01059   0     0 pipe 1059 ip from 192.168.1.59 to any in via xl0
> > 01060   0     0 pipe 1060 ip from any to 192.168.1.59 out via xl0
> > 01061   0     0 pipe 1061 ip from 192.168.1.60 to any in via xl0
> > 01062   0     0 pipe 1062 ip from any to 192.168.1.60 out via xl0
> > 01063   0     0 pipe 1063 ip from 192.168.1.61 to any in via xl0
> > 01064   0     0 pipe 1064 ip from any to 192.168.1.61 out via xl0
> > 65000 222 40016 divert 8668 ip from any to any via xl0
> > 65500   1    44 deny log logamount 100 ip from any to any { src-ip
> > 10.0.0.0/8 or dst-ip 10.0.0.0/8 } out via xl0
> > 65500   0     0 deny log logamount 100 ip from any to any { src-ip
> > 172.16.0.0/12 or dst-ip 172.16.0.0/12 } out via xl0
> > 65500   0     0 deny log logamount 100 ip from any to any { src-ip
> > 192.168.0.0/16 or dst-ip 192.168.0.0/16 } out via xl0
> > 65535 237 41575 allow ip from any to any
> >
> > ----- Original Message -----
> > From: <enochian em dunkelheit.org>
> > To: ""Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)""
> > <freebsd em fug.com.br>
> > Sent: Wednesday, January 23, 2008 12:47 AM
> > Subject: Re: [FUG-BR] duvidas
> >
> >
> > opa melhorando :)
> >
> > Digite ai:
> > ipfw show
> > e cole as regras de firewall.
> >
> > Alessandro Fortuna escreveu:
> >
> >> Amigo aqui eu tenho um switch 3Com que nele vao todos os meus cabos de
> >> rede
> >> tanto servidores como radios e cisco router, antigamente eu tinha um
> >> servidor FreeBSD que ´até então antes de apresentar problemas de Hardware
> >> nunca havia dado nenhum problema na rede, agora acabei de montar um
> >> servidor
> >> FreeBSD 6.2, quando coloco eu diretamente na placa de rede interna dele eu
> >> navego normalmente mas quando eu coloco ele no switch que no caso todos os
> >> clientes iram começar passar pelo meu servidor que ele faz nat para meus
> >> clientes, ninguem consegue ping ele inclusive eu.
> >>
> >> xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >>         options=9<RXCSUM,VLAN_MTU>
> >>         inet 201.91.x.60 netmask 0xffffff00 broadcast 201.91.x.255
> >>         ether 00:0a:0d:d4:5f:c5
> >>         media: Ethernet autoselect (100baseTX <full-duplex>)
> >>         status: active
> >> rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >>         options=8<VLAN_MTU>
> >>         inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255
> >>         ether 00:40:f4:61:66:2e
> >>         media: Ethernet autoselect (100baseTX <full-duplex>)
> >>         status: active
> >> plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
> >> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> >>         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
> >>         inet6 ::1 prefixlen 128
> >>         inet 127.0.0.1 netmask 0xff000000
> >>
> >>
> >>
> >> 2008/1/22, enochian em dunkelheit.org <enochian em dunkelheit.org>:
> >>
> >>
> >>> Seja mais objetivo, mostre os erros por completo... nao tem como
> >>> adivinhar sua duvida...
> >>>
> >>> T+
> >>>
> >>> Alessandro Fortuna escreveu:
> >>>
> >>>
> >>>> Boa noite pessoal, monte um servidor FreeBSD com duas placas de rede uma
> >>>>
> >>>>
> >>> com ip real e outra com ip de rede interna, vem um cabo de rede direto
> >>> que
> >>> liga na placa de IP Real e outra placa de rede liga em um hub  que ficam
> >>> ligadas duas maquinas clientes, entao com nos dois o servidores o
> >>> servidor
> >>> funciona tranquilamente e quando eu coloco ele na rede para meus clientes
> >>> navegarem eu nao consigo ping meu gateway que no caso eh ele e fica dando
> >>> erros Kernel: arp: ....
> >>>
> >>>
> >>>> alguém pode me ajudar, meu controle de banda eh feito por ipfw e squid
> >>>>
> >>>>
> >>> para cache de paginas.
> >>>
> >>>
> >>>> -------------------------
> >>>> Histórico: http://www.fug.com.br/historico/html/freebsd/
> >>>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >>>>
> >>>>
> >>>>
> >>> -------------------------
> >>> Histórico: http://www.fug.com.br/historico/html/freebsd/
> >>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >>>
> >>>
> >>>
> >> -------------------------
> >> Histórico: http://www.fug.com.br/historico/html/freebsd/
> >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >>
> >>
> >
> > -------------------------
> > Histórico: http://www.fug.com.br/historico/html/freebsd/
> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >
> > -------------------------
> > Histórico: http://www.fug.com.br/historico/html/freebsd/
> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >
>
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>

Ola chara, vc nao esta ligando a xl0 no mesmo switch qye esta a outra
placa porque isso vai da esta msg mesmo.
-- 
Alessandro de Souza Rocha
Administrador de Redes e Sistemas
Freebsd-BR User #117


Mais detalhes sobre a lista de discussão freebsd