<div class="gmail_quote"><div><br></div><div>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">modprobe iptable_nat</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">modprobe ip_nat_ftp</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">modprobe ip_conntrack_ftp</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"> </font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="ES"><font size="3"><font face="Times New Roman">## POLITICAS POR DEFECTO POR LA VPN</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -F FORWARD</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -P FORWARD ACCEPT</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"> </font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -A INPUT -i tun0 -j ACCEPT</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -A FORWARD -i tun0 -j ACCEPT</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -A FORWARD -o tun0 -j ACCEPT</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -A OUTPUT -o tun0 -j ACCEPT</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -A INPUT -i tap0 -j ACCEPT</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -A FORWARD -i tap0 -j ACCEPT</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -A INPUT -p udp --dport 1194 -j ACCEPT</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"> </font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -A FORWARD -s <a href="http://10.8.0.0/24" target="_blank">10.8.0.0/24</a> -j ACCEPT</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -t nat -A POSTROUTING -s <a href="http://10.8.0.0/24" target="_blank">10.8.0.0/24</a> -o eth0 -j MASQUERADE</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"> </font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -A FORWARD -s <a href="http://192.168.10.0/24" target="_blank">192.168.10.0/24</a> -j ACCEPT</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -t nat -A POSTROUTING -s <a href="http://192.168.10.0/24" target="_blank">192.168.10.0/24</a> -o eth0 -j MASQUERADE</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"> </font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"> </font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="ES"><font size="3" face="Times New Roman">## SE AUMENTAN EL NUMERO DE CONEXIONES SEGUIDAS</font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">echo 65535 > /proc/sys/net/ipv4/ip_conntrack_max</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"> </font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="ES"><font size="3" face="Times New Roman">## SE IGNORAN LOS ERRORES DEL ICMP</font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="ES"><font size="3" face="Times New Roman">echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses</font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="ES"><font size="3" face="Times New Roman"> </font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="ES"><font size="3" face="Times New Roman">## SE HABILITA EL FORWARD DE LOS PAQUETES</font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">echo 1 > /proc/sys/net/ipv4/ip_forward</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"> </font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="ES"><font size="3" face="Times New Roman">## SE HABILITA LA PROTECCION CONTRA LOS SYN FLOODS</font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">echo 1 > /proc/sys/net/ipv4/tcp_syncookies</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"> </font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="ES"><font size="3" face="Times New Roman">## SE QUITAN LOS REGISTROS DE BROADCAST EN /var/log/messages</font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -t mangle -I PREROUTING -j DROP -d <a href="http://224.0.0.0/8" target="_blank">224.0.0.0/8</a></font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"> </font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span class="Apple-style-span" style="font-family: 'Times New Roman'; font-size: medium; ">iptables -t nat -A PREROUTING -i eth1 -p tcp -s $LAN -d $NUBE --dport 80 -j REDIRECT --to-port 3128</span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"> </font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span class="Apple-style-span" style="font-family: 'Times New Roman'; font-size: medium; ">iptables -A INPUT -i eth0 -p tcp --dport 1194 -j ACCEPT</span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"> </font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span class="Apple-style-span" style="font-family: 'Times New Roman'; font-size: medium; ">iptables -t nat -A POSTROUTING -p tcp -s $LAN -d $NUBE --dport 53 -j MASQUERADE</span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -t nat -A POSTROUTING -p udp -s $LAN -d $NUBE --dport 53 -j MASQUERADE</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -t nat -A POSTROUTING -p tcp -s $LAN -d $NUBE --dport 5190 -j MASQUERADE</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -t nat -A POSTROUTING -p udp -s $LAN -d $NUBE --dport 5190 -j MASQUERADE</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -t nat -A POSTROUTING -p tcp -s $LAN -d $NUBE --dport 1863 -j MASQUERADE</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -t nat -A POSTROUTING -p udp -s $LAN -d $NUBE --dport 1863 -j MASQUERADE</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -t nat -A POSTROUTING -p tcp -s $LAN -d $NUBE --dport 1024:65535 -j MASQUERADE</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3"><font face="Times New Roman">iptables -t nat -A POSTROUTING -p udp -s $LAN -d $NUBE --dport 1024:65535 -j MASQUERADE</font></font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"> </font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span class="Apple-style-span" style="font-family: 'Times New Roman'; font-size: medium; ">iptables -t nat -A POSTROUTING -s $LAN -d $NUBE -j SNAT --to-source $WAN</span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"> </font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span class="Apple-style-span" style="font-family: 'Times New Roman'; font-size: medium; ">iptables -t nat -L –n</span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"> </font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"> EN CADA SERVER LEVANTA el dev tun0 sin problemas</font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman">EN EL SERVER2 SE LE ASIGNA UNA IP 10.8.0.6 en el dev tun0</font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman">YA QUE EL dev tun0 DEL SERVER1 tiene asignado 10.8.0.1</font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"></font></span> </p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman">entre la red <a href="http://10.8.0.0/24" target="_blank">10.8.0.0/24</a> puedo hacer ping sin problemas, PERO ENTRE LOS SERVERS NO PUEDO HACER PING NI A LA 192.168.10.1 NI A LA 192.168.20.1, COMO CONSECUENCIA UNA ESTACION DE LA RED1 NO PUEDE HACER PING A UNA PC DE LA RED2 Y VICEVERSA</font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"></font></span> </p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman">DONDE ESTA LA FALLA</font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"></font></span> </p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman">HAY QUE HACER ALGO EN EL ROUTER DEL SPEEDY CLASS DE LA RED2 O NO</font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"></font></span> </p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman">DESDE LA RED2 QUIERO ACCEDER A UN SISTEMA QUE LO RTIENE UNA PC DE LA RED1, ESE ES MI OBJETIVO PERO NO LOGRO.</font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"></font></span> </p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman">ESPERO SUS COMENTARIOS</font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"></font></span> </p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman">ATT.</font></span></p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman"></font></span> </p>
<p style="margin:0cm 0cm 0pt" class="MsoNormal"><span lang="EN-US"><font size="3" face="Times New Roman">PAUL CRIOLLO<span class="Apple-style-span" style="font-family: arial; font-size: small; "><span lang="EN-US"><font size="3" face="Times New Roman"> </font></span></span></font></span></p>
</div>
</div><br>