Buenos dias necesito una manito por favor, tengo instalado el shorewall que aparece en la seccion de manuales, pero no puedo navegar en internet, lo que he podido observar extraño es que el los mensages de log me da un error que dice dhcliente: failed to create default route: 190.199.96.1 dev eth0. Luego shorewall me emieza a decir: shorewall:net2allROP:IN=eth0 out=MAC:00:40:a3:1e:5a:00:90:1a:a0:56:e3:08:00 SRC=190.21.136.2 DST=190.199.117.12:LEN=48 TOS=0x00 PREC=0x00 TTL=115 id=415 DF PROTO=TCP SPT=61965 DPT=63304 WINDOW=65535 RES=0x00 SYN URGP=0 permanentemente; he leido en otros sitios que para poder tener acceso a internet esta ruta tiene que estar activa BUENO eso creo les agradeceria en lo que me puedan ayudar.

Hola raymozo:

Te voy a contestar con una Pregunta, ¿quieres navegar en internet o quieres tener seguridad?

te comento esto porque

Shorewall es un firewall y para poder navegar en internet tienes que tener configurado tu proxy(squid) siempre y cuando tu terminales esten configurados

por otro lado, si estas tratrando de nevegar en la misma maquina donde esto tu shorewall debes de checar tu modem o el dispositivo por el cual estas tratando de conectarte

te sugiero que seas mas explicito para no estar especulando en configuraciones que a lo mejor ya estan trabajando bien


saludos

---

Sabio no es aquel que dedica su vida a aprender sino el que la dedica a enseñar.

Buenos dias, gracias por responder te explico.

1.- Tengo un cyber con 15 pc, el cual quiero colocar un proxy, firewall (shorewall 3.04), dhcp, dansguardian, ADSL, CentOs 4.3, ahora bien, el proxy funciona bien cuando intento buscar xxx.com me muestra la informacion de bloqueada, tambien cuando busco una direccion http://google, me indica que la direccion no ha sido encontrada el proxy, por tal motivo digo que esta funcionando bien, de hecho este post lo he realizado desde la maquina que sirve de firewall y proxy.
2.- El problema se me presenta en mi red local ninguna de las maquinas tiene acceso a internet, pero desde el mismo servidor puedo navegar, anexo mi configuracion de shorewall:

Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Not available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Not available
Physdev Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Not available
Connmark Match: Not available
Raw Table: Available
CLASSIFY Target: Available
Verifying Configuration...
Determining Zones...
IPv4_Zones: net loc dmz
Firewall Zone: fw
Setting up IPSEC...
Validating interfaces file...
Validating hosts file...
Determining Hosts in Zones...
net Zone: eth2:0.0.0.0/0
loc Zone: eth1:0.0.0.0/0
dmz Zone: eth0:0.0.0.0/0
Validating policy file...
Policy for fw to net is ACCEPT using chain fw2net
Policy for net to loc is DROP using chain net2all
Policy for net to dmz is DROP using chain net2all
Policy for net to fw is DROP using chain net2all
Policy for loc to net is REJECT using chain all2all
Policy for loc to dmz is REJECT using chain all2all
Policy for loc to fw is REJECT using chain all2all
Policy for dmz to net is REJECT using chain all2all
Policy for dmz to loc is REJECT using chain all2all
Policy for dmz to fw is REJECT using chain all2all
Policy for fw to loc is REJECT using chain all2all
Policy for fw to dmz is REJECT using chain all2all
Policy for loc to net is ACCEPT using chain loc2net
Checking Black List...
Validating Proxy ARP
Validating NAT...
Pre-validating Actions...
Pre-processing /usr/share/shorewall/action.Drop...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro
Pre-processing /usr/share/shorewall/action.Reject...
Pre-processing /usr/share/shorewall/action.Limit...
Validating rules file...
..Expanding Macro /usr/share/shorewall/macro.DNS...
Rule "ACCEPT dmz net udp 53 - - - -" checked.
Rule "ACCEPT dmz net tcp 53 - - - -" checked.
..End Macro
..Expanding Macro /usr/share/shorewall/macro.Ping...
Rule "REJECT net fw icmp 8 - - - -" checked.
..End Macro
..Expanding Macro /usr/share/shorewall/macro.Ping...
Rule "ACCEPT loc fw icmp 8 - - - -" checked.
..End Macro
..Expanding Macro /usr/share/shorewall/macro.Ping...
Rule "ACCEPT dmz fw icmp 8 - - - -" checked.
..End Macro
..Expanding Macro /usr/share/shorewall/macro.Ping...
Rule "ACCEPT loc dmz icmp 8 - - - -" checked.
..End Macro
..Expanding Macro /usr/share/shorewall/macro.Ping...
Rule "ACCEPT dmz loc icmp 8 - - - -" checked.
..End Macro
..Expanding Macro /usr/share/shorewall/macro.Ping...
Rule "ACCEPT dmz net icmp 8 - - - -" checked.
..End Macro
Rule "ACCEPT fw net icmp " checked.
Rule "ACCEPT fw loc icmp " checked.
Rule "ACCEPT fw dmz icmp " checked.
Rule "ACCEPT fw net tcp 20,21,22,43,53,80,443,1024:65535 " checked.
Rule "ACCEPT fw net udp 43,53,123,443,1024:65535 " checked.
Rule "ACCEPT loc net tcp 20,21,22,43,53,80,443,1024:65535 " checked.
Rule "ACCEPT loc net udp 43,53,123,443,1024:65535 " checked.
Rule "ACCEPT net fw udp 67,68 " checked.
Rule "ACCEPT loc fw udp 67,68 " checked.
Rule "ACCEPT loc fw tcp 3128 " checked.
Rule "REDIRECT loc 8080 tcp 80 " checked.
Rule "REDIRECT dmz 8080 tcp 80 " checked.
Rule "REDIRECT loc 3128 tcp 80 " checked.
Validating Actions...
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Drop for Chain Drop...
..Expanding Macro /usr/share/shorewall/macro.Auth...
Rule "REJECT - - tcp 113 - -" checked.
..End Macro
Rule "dropBcast " checked.
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
Rule "ACCEPT - - icmp fragmentation-needed - -" checked.
Rule "ACCEPT - - icmp time-exceeded - -" checked.
..End Macro
Rule "dropInvalid " checked.
..Expanding Macro /usr/share/shorewall/macro.SMB...
Rule "DROP - - udp 135,445 - -" checked.
Rule "DROP - - udp 137:139 - -" checked.
Rule "DROP - - udp 1024: 137 -" checked.
Rule "DROP - - tcp 135,139,445 - -" checked.
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
Rule "DROP - - udp 1900 - -" checked.
..End Macro
Rule "dropNotSyn - - tcp " checked.
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
Rule "DROP - - udp - 53 -" checked.
..End Macro
Processing /usr/share/shorewall/action.Reject for Chain Reject...
..Expanding Macro /usr/share/shorewall/macro.Auth...
Rule "REJECT - - tcp 113 - -" checked.
..End Macro
Rule "dropBcast " checked.
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
Rule "ACCEPT - - icmp fragmentation-needed - -" checked.
Rule "ACCEPT - - icmp time-exceeded - -" checked.
..End Macro
Rule "dropInvalid " checked.
..Expanding Macro /usr/share/shorewall/macro.SMB...
Rule "REJECT - - udp 135,445 - -" checked.
Rule "REJECT - - udp 137:139 - -" checked.
Rule "REJECT - - udp 1024: 137 -" checked.
Rule "REJECT - - tcp 135,139,445 - -" checked.
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
Rule "DROP - - udp 1900 - -" checked.
..End Macro
Rule "dropNotSyn - - tcp " checked.
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
Rule "DROP - - udp - 53 -" checked.
..End Macro
Masqueraded Networks and Hosts:
To 0.0.0.0/0 (all) from 192.168.0.0/24 through eth2
Validating /etc/shorewall/tcdevices...
Validating /etc/shorewall/tcclasses...
Configuration Validated

Notice: The 'check' command is provided to catch
obvious errors in a Shorewall configuration.
It is not designed to catch all possible errors
so please don't submit problem reports about
error conditions that 'check' doesn't find

he podido ver cuando estoy navegando que al hacer route que me aparece la siguiente informacion: pero cuando intento hacerlo desde mi red local me aparece eth1 como gateway y nada de eth2 (la cambie por eth0) pero originalmente es con eth0 o sea

eth0 net dhcp ISP
eth1 loc 192.168.0.0/24 asignadas por DHCP
eth dmz 192.168.1.2/24

Destination Gateway Genmask Flags Metric Ref Use Iface
190.199.96.0 * 255.255.224.0 U 0 0 0 eth2
169.254.0.0 * 255.255.0.0 U 0 0 0 eth2
default dyn-1.rbe.bras- 0.0.0.0 UG 0 0 0 eth2

ahora lo que he visto es cuando hago service hetwork restart eth1 no se añade a la route, por otro lado me dice que dhclient no ha podido añadir a la route el dev eth0.

los cambios que se ven en eth0 por eth2 fuero hechos a proposito para verificar si era problemas con la tarjeta de red de resto todo es igual a como se publica en el como de este site.

si neceita mas informacion para poder ayudarme a resolver ete problemita se la sabria agradecer gracias de antemano.

raymozo
Guanare-Portuguesa-Venezuela.

Veo que tienes conceptos confusos , que tienes definido en la seccion de interfaces ? dentro del shorewall , cual es tu politica dentro del shorewll ?

Interfaz Publica cua es ?
Interfaz Privada cual es?

tienes squid configurado , porque si no lo tienes , tienes que activar el reenvio de paquetes y NAT

saludoss