BFW Firewall & Router

por **jlduarte** » Ter Fev 24, 2015 12:12 pm

Hola, buenas a todos.
Estoy instalando el segundo Brazilfw. (el primero anda joya).
La cosa es que es la primera vez que tengo los modems ruteados (voy a tener 4 al final, ahora solo 2) de distintos proveedores. Fibertel y Express, ambos cablemodem, la maquina que tengo tiene solo 3 nic, o sea que mi única opción era rutearlos, conectar a un switch y del switch un solo patchcord ala eth1. Leí los tutoriales que había al respecto. La cuestión es que configure la interfases físicas, virtuales y lógicas. Logre que levantaran ambos enlaces, solo que la veth1 me muestra trafico, la ip publica pero la leyenda DESCONECTADO. Primera pregunta por que desconectado si tiene trafico?

El otro problema que tengo es que configuré dos DDNS, uno de noip y otro de dynamicdns, para tener acceso por uno de los dos enlaces por si se cae alguno, de arranque nunca me actualizo por el enlace de fibertel, luego al agregar express puse los dos que actualizaran por internet2 y actualizaba pero no me dejaba entrar remoto ni por ssh (a pesar de tener los puertos abiertos y habilitados) de pronto empezó a funcionar duro 4 horas y ahora no funciona de nuevo. También vi un post que mostraba un parámetro para cambiar en noip, lo revisé y estaba correcto.

La configuración esta asi:
cablemodem fibertel bridge ==> WAN Cisco900 ===>LAN 192.168.251.1 255.255.255.252 DMZ a la 192.168.251.2
cablemodem express bridge==> WAN Tplink ===>LAN 192.168.252.5 255.255.255.0 (el router no me permitio poner mask 252) DMZ a la 192.168.252.6

en brazilfw
fisical: eth0 local eth1 internet eth2 local2
virtual: veth0 inter1 veth1 inter2
Logical:
Local local 192.168.1.1 255.255.255.0
Local1 local 192.168.1.192 255.255.255.192 (subred)
Internet inter1 (virtual) 192.168.251.2 gateway persistente balanceo si, nat si
Internet2 inter2 (virtual) 192.168.252.6 gateway persistente balanceo si, nat si
local2 local 192.168.2.1 255.255.255.0

por **jlduarte** » Sáb Fev 28, 2015 12:41 pm

link internet

Código: Selecionar todos: LINK_TYPE='static' LINK_CONNECTION='internet' LINK_ALIAS='inter1' LINK_IP='192.168.251.2' LINK_NETMASK='255.255.255.252' LINK_GATEWAY='192.168.251.1' LINK_WEIGHT='6' LINK_UPSTREAM='3072' LINK_DOWNSTREAM='30720' LINK_MTU='1492' LINK_LOADBALANCE='yes' LINK_PERSISTENT='yes' LINK_ADDITIONAL_IP='' LINK_NAT='yes'

Link Internet1

Código: Selecionar todos: INK_TYPE='static' LINK_CONNECTION='internet' LINK_ALIAS='inter2' LINK_IP='192.168.252.6' LINK_NETMASK='255.255.255.0' LINK_GATEWAY='192.168.252.5' LINK_WEIGHT='1' LINK_UPSTREAM='512' LINK_DOWNSTREAM='5120' LINK_MTU='1500' LINK_LOADBALANCE='yes' LINK_PERSISTENT='yes' LINK_ADDITIONAL_IP='' LINK_NAT='yes'

contenido de brazil.cfg

Código: Selecionar todos: WEBADMIN_PORT='8181' SSH_PORT='22' ADMIN_AUTH='$1$aiSbNTGL$8sXMpmzYPoo3bmWExk6ul/' DNSSERVER='yes' HOSTNAME='brazilfw' DNS1='' DNS2='' PERSIST_LOG='yes' TIME_ZONE='America/Buenos_Aires' CACHE_DISK='yes' USE_QOS='yes' DHCP_SERVER='yes' DHCP_DEFAULT_LEASE='28800' DHCP_DNS1='' DHCP_DNS2='' IPUPDATE='yes' IPUPDATE_REFRESH='60' USE_MAC_CONTROL='no' CERTIFICATE_ISSUED_TO='' EXTERNAL_PING='yes' ENABLE_MYSQL='yes' ARP_SCAN_RETRY='1' ARP_SCAN_TIMEOUT='250' KEYBOARD='es' DNSFREECHOICE='yes' USE_RESTRICTION_FILE='no' SHOW_LINK_USAGE='yes' DMZ='' ADDON_EXPERIMENTAL='yes' DISTRO_EXPERIMENTAL='no' WPAD='yes' MYSQL_SERVER_PORT='3306' CLAMAV='no'

contenido de ipupdate.cfg

Código: Selecionar todos: #ipupdate 2.0 by Washington Rodrigues 2009 #Format <link alias> no-ip <hostname> <username> <password> #Format <link alias> zoneedit <hostname> <username> <password> #Format <link alias> dyndns <hostname> <username> <password> <system> <backup MX internet no-ip XXXXXX.no-ip.biz (usuario) (password) internet2 dnsdynamic xxxxxssh22.net (usuario) (password)

ipupdate-monitor

Código: Selecionar todos: else log "(ZONOMI #$2) Connection timeout." fi } wincoddns() { RESP="$(/usr/local/sbin/ddnsquery -t SET -p $2 $1 -a $3)" if [ "$?" = 0 ]; then log "(WINCO-DDNS #$1) $(resp "good")" else log "(WINCO_DDNS #$1) $RESP" fi } if [ ! -e "/etc/brazilfw/ipupdate.cfg" -o "$IPUPDATE" != "yes" ]; then exit else while :; do echo "$CONFIG" | while read LINK SERVICE DOMAIN USERNAME PASSWORD; do getinfo $LINK if [ "$STATUS" != "down" ]; then if [ "$(is_ip_change $LINK $DOMAIN)" = "true" -o "$(isnumeric $DOMAIN)" = "true" ]; then case $SERVICE in dnsdynamic) dnsdynamic $WAN_IP $USERNAME $PASSWORD $DOMAIN;; changeip) changeip $WAN_IP $USERNAME $PASSWORD $DOMAIN;; no-ip) noip $WAN_IP $USERNAME $PASSWORD $DOMAIN;; freedns) freedns $WAN_IP $DOMAIN $USERNAME;; dyndns) dyndns $WAN_IP $USERNAME $PASSWORD $DOMAIN;; zonomi) zonomi $WAN_IP $DOMAIN $USERNAME;; winco-ddns) wincoddns $DOMAIN $USERNAME $EXT_IP;; esac fi fi done [ -z "$IPUPDATE_REFRESH" ] && IPUPDATE_REFRESH=600 sleep $IPUPDATE_REFRESH done fi

Tambien tengo habilitado Qos
qos.cfg

Código: Selecionar todos: yes 192.168.1.192/26 512 128 768 yes 192.168.2.0/24 10240 5120 12000

por **killerinstinc** » Qua Mar 11, 2015 1:48 pm

facilmente te diria que las v-ethx no estan funcionando, ahorita tengo ese mismo problema al querer meter 4 lineas por un swich, me aparecen desconectados sin generar mas que solo un pequeño trafico.

por **jimmbofish** » Qui Mar 12, 2015 3:56 am

es otro el problema por que yo estoy metiendo 6 lineas con un switch de 8 puertos y funcionan perfectamente estoy por meter la linea 7

por **jlduarte** » Qui Mar 12, 2015 8:08 pm

y como tenes configuradas las vethx Jimbo?

por **kartejane** » Sex Mar 20, 2015 10:15 am

estava com o msm problema no bfw 3.0.261.rc4 resolvi ele editando o arquivo route-monitor /usr/local/sbin/route-monitor = [ -z "$PING_IPS" ] && PING_IPS="127.0.0.1" aterei esse valor para fazer o ping para o propio server bfw asim n tera perda de pacote e os links n vão + cair

Código: Selecionar todos: #!/bin/sh # Copyright (C) 2012 Washington Rodrigues <woshman@brazilfw.com.br> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. . /etc/brazilfw/brazilfw.cfg . /lib/system-functions export APP_NAME="route-monitor" [ -z "$PING_IPS" ] && PING_IPS="127.0.0.1" [ -z "$PING_WAIT" ] && PING_WAIT="10" [ -z "$CHECK_INTERVAL" ] && CHECK_INTERVAL="30" ROUTECHANGE="/var/run/route.change" ROUTEFILE="/proc/net/route" CHK_CONN="/var/state/check_connection.lst" SMFILE="/var/run/smartroute.reload" EXTIPFILE="/var/state/externaladdr.inet" NETRELOAD="/tmp/network.reload" EXTIPFILE="/var/state/externaladdr.inet" IPROUTE="ip route replace default table main proto static " ping_remote() { [ -z "$1" ] && exit if [ ! -e "$CHK_CONN" ]; then for IP in $(split "$PING_IPS" ","); do echo "$IP" >> $CHK_CONN done fi [ ! -e "$CHK_CONN" ] && exit CHK_LIST=$(cat $CHK_CONN) CCOUNT=1 NET_STATUS=1 for SRV in $CHK_LIST; do ping $SRV -I $1 -c1 -w$PING_WAIT >/dev/null 2>&1 RESP=$? if [ "$RESP" = 0 -a "$CCOUNT" -gt 1 ]; then sed -i "$CCOUNT"'d;1i\'$SRV $CHK_CONN fi if [ "$RESP" = 0 ]; then NET_STATUS=0 break fi CCOUNT=$((CCOUNT+1)) done echo $NET_STATUS } ping_gateway() { ping $1 -I $2 -c1 -w$PING_WAIT >/dev/null 2>&1 echo $? } rm -fr $CHK_CONN >/dev/null 2>&1 while :; do CHK_ROUTE="$(awk '$4~/003/{print $3}' $ROUTEFILE)" if [ -z "$CHK_ROUTE" ]; then ROUTEVAR="$IPROUTE $(find /tmp -type f -name \*.inet -exec grep -il "LINK_CONNECTION='internet'" {} \; | \ while read FILENAME; do . $FILENAME if [ "$LINK_TYPE" = "pppoe" -o "$LINK_TYPE" = "ppp" ]; then INTERFACE_PHYSICAL="$INTERFACE_PPP" else . /tmp/$PHYSICAL_ALIAS.phy [ -e "/tmp/$PHYSICAL_ALIAS.veth" ] && . /tmp/$PHYSICAL_ALIAS.veth fi [ "$LOADBALANCE" != "no" ] && echo -n "nexthop via $GATEWAY dev $INTERFACE_PHYSICAL weight $WEIGHT " sed -i s/STATUS.*/STATUS=\'up\'/g $FILENAME >/dev/null 2>&1 log_connection "$(basename $FILENAME .inet): $LINK_TYPE connection up" done)" $ROUTEVAR >/dev/null 2>&1 echo "" > $ROUTECHANGE else ROUTEVAR="$IPROUTE $(find /tmp -type f -name \*.inet -exec grep -il "LINK_CONNECTION='internet'" {} \; | \ while read FILENAME; do . $FILENAME if [ "$LINK_TYPE" = "pppoe" -o "$LINK_TYPE" = "ppp" ]; then [ "$LOADBALANCE" != "no" ] && echo -n "nexthop via $GATEWAY dev $INTERFACE_PPP weight $WEIGHT " else . /tmp/$PHYSICAL_ALIAS.phy [ -e "/tmp/$PHYSICAL_ALIAS.veth" ] && . /tmp/$PHYSICAL_ALIAS.veth if [ "$(ping_gateway "$GATEWAY" "$IPADDR")" = 0 ]; then NEW_STATUS="wait" if [ "$(ping_remote "$IPADDR")" = 0 ]; then [ "$LOADBALANCE" != "no" ] && echo -n "nexthop via $GATEWAY dev $INTERFACE_PHYSICAL weight $WEIGHT " NEW_STATUS="up" fi else NEW_STATUS="down" fi [ "$NEW_STATUS" != "up" -a "$LINK_PERSISTENT" = "yes" -a "$LOADBALANCE" != "no" ] && echo -n "nexthop via $GATEWAY dev $INTERFACE_PHYSICAL weight $WEIGHT " if [ "$STATUS" != "$NEW_STATUS" ]; then log_connection "$(basename $FILENAME .inet): $LINK_TYPE connection $NEW_STATUS" $(echo "sed -i s/STATUS.*/STATUS='$NEW_STATUS'/g $FILENAME") echo "" > $ROUTECHANGE fi fi done)" fi if [ -e "$ROUTECHANGE" ]; then rm -fr $ROUTECHANGE >/dev/null 2>&1 $ROUTEVAR >/dev/null 2>&1 echo "$(find /tmp -type f -name \*.inet -exec grep -il "LINK_CONNECTION='internet'" {} \; | while read FILENAME; do EXTIP="0.0.0.0" . $FILENAME [ "$STATUS" = "up" ] && [ "$(is_internalip $IPADDR)" != "true" ] && EXTIP=$IPADDR || EXTIP=$(get_wan_ip $IPADDR) echo "$(basename $FILENAME .inet):$EXTIP" done)" > $EXTIPFILE /etc/init.d/ipupdate reload >/dev/null 2>&1 /etc/rc.d/rc.accept >/dev/null 2>&1 /etc/rc.d/rc.forward >/dev/null 2>&1 /usr/local/sbin/route-mark >/dev/null 2>&1 /etc/rc.d/rc.vpn-client >/dev/null 2>&1 fi if [ -e "$SMFILE" ]; then rm -fr $SMFILE >/dev/null 2>&1 /etc/rc.d/rc.route >/dev/null 2>&1 fi if [ -e "$NETRELOAD" ]; then rm -fr $NETRELOAD >/dev/null 2>&1 /etc/rc.d/rc.inet fi [ -e "/tmp/time.syncfail" ] && /etc/rc.d/rc.time >/dev/null 2>&1 & [ -e "/var/run/squid.reload" ] && /etc/init.d/squid reload >/dev/null 2>&1 & sleep $CHECK_INTERVAL done

Código: Selecionar todos: criar new file em /var/addon-list com nome route-monitor_bfw.pkg con o seguinte conteudo /var/addon-list/route-monitor_bfw.pkg /usr/local/sbin/route-monitor para empacotar mt cd /mnt package route-monitor_bfw.pkg cd / umt para reempacotar use so so se ja tiver o empacotado mt cd /mnt rm route-monitor.bfw.bfw64 package route-monitor_bfw.pkg cd / umt

no meu caso os links ficava desconectando sozinho

qualquer coisa posta o resultado :o!

BFW Firewall & Router

Virtual eth desconectado e ipupdate falla [INACTIVE]

Virtual eth desconectado e ipupdate falla

Re: Virtual eth desconectado e ipupdate falla

Re: Virtual eth desconectado e ipupdate falla

Re: Virtual eth desconectado e ipupdate falla

Re: Virtual eth desconectado e ipupdate falla

Re: tenta isso aki no meu caso resolvel

Quem está online