dae pessoal!!
estou c/ problema em dois servicos de rede.....amule e rede interna c/ firestarter e guarddog.....
vou explicar:
estou utilizando o kde atualmente, antes estava no gnome.....me conecto a internet via router c/ as devidas portas do amule abertas.....
pois bem, tenho os dois firewalls instalados aki, apesar de os dois serem interface grafica do iptables, ambos configurados p/ o acesso aos serviços do amule e da rede interna....
meu sistema está habilitado p/ inicializar automaticamente o firestarter, c/ ele eu consigo acessar o amule corretamente porem nao acesso a minha rede interna porém qndo eu paro ele e aplico as configuraçoes do guarddog eu acesso a rede mas o amule nao conecta......
p/ o firestarter eu achei uma dica aki:
http://ubuntuforum-br.org/index.php/topic,1730.0.html q diz p/ desabilitar a opcao "Block broadcasts from external network" porem nao funcionou.....
peguei as configuraçoes do iptables d cada um dos "firewalls":
GUARDDOG
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 10.1.1.2 10.1.1.255
logaborted tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp flags:RST/RST
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
nicfilt all -- anywhere anywhere
srcfilt all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
srcfilt all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
s1 all -- anywhere anywhere
Chain f0to1 (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:6891 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:28009
ACCEPT udp -- anywhere anywhere udp dpt:16280
ACCEPT udp -- anywhere anywhere udp dpt:6891
ACCEPT tcp -- anywhere anywhere tcp dpt:28006 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:17327
ACCEPT udp -- anywhere anywhere udp dpt:7404
ACCEPT tcp -- anywhere anywhere tcp dpt:7404 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:6881:6889 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:4662 state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:4666
ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:5999
ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere udp dpts:6970:7170
logdrop all -- anywhere anywhere
Chain f1to0 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:1755 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:1755
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:ipp state NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:https state NEW
ACCEPT udp -- anywhere anywhere udp dpt:28009
ACCEPT tcp -- anywhere anywhere tcp dpt:6891 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:msnp state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:888 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:16280
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpts:6881:6889 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:dict state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:time
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:time state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds state NEW
ACCEPT udp -- anywhere anywhere udp dpt:6891
ACCEPT tcp -- anywhere anywhere tcp dpt:28006 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:4661 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:4662 state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:4665
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:4666
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:6969 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:ftp state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:hkp state NEW
ACCEPT udp -- anywhere anywhere udp dpt:17327
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:www state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:webcache state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8008 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8000 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8888 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ns state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere udp dpt:7404
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8880 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:ntp
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:ntp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:rtsp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:7070 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:7404 state NEW
logdrop all -- anywhere anywhere
Chain logaborted (1 references)
target prot opt source destination
logaborted2 all -- anywhere anywhere limit: avg 1/sec burst 10
LOG all -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED '
Chain logaborted2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `ABORTED '
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain logdrop (4 references)
target prot opt source destination
logdrop2 all -- anywhere anywhere limit: avg 1/sec burst 10
LOG all -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED '
DROP all -- anywhere anywhere
Chain logdrop2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `DROPPED '
DROP all -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
logreject2 all -- anywhere anywhere limit: avg 1/sec burst 10
LOG all -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED '
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
DROP all -- anywhere anywhere
Chain logreject2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `REJECTED '
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
DROP all -- anywhere anywhere
Chain nicfilt (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
logdrop all -- anywhere anywhere
Chain s0 (1 references)
target prot opt source destination
f0to1 all -- anywhere 10.1.1.2
f0to1 all -- anywhere 10.1.1.255
f0to1 all -- anywhere localhost
logdrop all -- anywhere anywhere
Chain s1 (1 references)
target prot opt source destination
f1to0 all -- anywhere anywhere
Chain srcfilt (2 references)
target prot opt source destination
s0 all -- anywhere anywhere
FIRESTARTER
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 10.1.1.1 anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- 10.1.1.1 anywhere
ACCEPT all -- anywhere anywhere
LSI udp -- anywhere anywhere udp dpt:33434
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
LSI icmp -- anywhere anywhere
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 10.1.1.255
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
LSI udp -- anywhere anywhere udp dpt:33434
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
LSI icmp -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'
Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:7404
ACCEPT udp -- anywhere anywhere udp dpt:7404
ACCEPT tcp -- anywhere anywhere tcp dpt:28006
ACCEPT udp -- anywhere anywhere udp dpt:28006
ACCEPT tcp -- anywhere anywhere tcp dpt:msnp
ACCEPT udp -- anywhere anywhere udp dpt:msnp
ACCEPT tcp -- anywhere anywhere tcp dpt:6891
ACCEPT udp -- anywhere anywhere udp dpt:6891
ACCEPT tcp -- anywhere anywhere tcp dpt:28009
ACCEPT udp -- anywhere anywhere udp dpt:28009
ACCEPT tcp -- anywhere anywhere tcp dpt:17327
ACCEPT udp -- anywhere anywhere udp dpt:17327
ACCEPT tcp -- 10.1.1.1 anywhere tcp dpts:netbios-ns:netbios-ssn
ACCEPT udp -- 10.1.1.1 anywhere udp dpts:netbios-ns:netbios-ssn
ACCEPT tcp -- 10.1.1.1 anywhere tcp dpt:microsoft-ds
ACCEPT udp -- 10.1.1.1 anywhere udp dpt:microsoft-ds
LSI all -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (6 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
se alguem tiver a solucao p/ utilizar apenas um dos "firewalls" ajuda-ae....
Tópico: [RESOLVIDO] Guarddog x Firestarter diferenças nos bloqueios (Lida 1855 vezes)