diff options
Diffstat (limited to 'docs/_locale/es/configexamples.pot')
| -rw-r--r-- | docs/_locale/es/configexamples.pot | 511 |
1 files changed, 429 insertions, 82 deletions
diff --git a/docs/_locale/es/configexamples.pot b/docs/_locale/es/configexamples.pot index c1bdffc0..3182176d 100644 --- a/docs/_locale/es/configexamples.pot +++ b/docs/_locale/es/configexamples.pot @@ -8,7 +8,7 @@ msgstr "" "Language: es\n" "Plural-Forms: nplurals=2; plural=(n==1) ? 0 : 1;\n" -#: ../../configexamples/zone-policy.rst:162 +#: ../../configexamples/zone-policy.rst:152 msgid "''It is important to note, that you do not want to add logging to the established state rule as you will be logging both the inbound and outbound packets for each session instead of just the initiation of the session. Your logs will be massive in a very short period of time.''" msgstr "''Es importante tener en cuenta que no desea agregar el registro a la regla de estado establecida, ya que registrará los paquetes entrantes y salientes para cada sesión en lugar de solo el inicio de la sesión. Sus registros serán masivos en un período de tiempo muy corto”." @@ -36,7 +36,7 @@ msgstr "**NOTA:** Enrutador VyOS (probado con VyOS 1.4-rolling-202110310317): la msgid "**Note:** At the moment, trace mpls doesn’t show labels/paths. So we’ll see * * * for the transit routers of the mpls backbone." msgstr "**Nota:** Por el momento, trace mpls no muestra etiquetas ni rutas. Así que veremos * * * para los enrutadores de tránsito de la red troncal mpls." -#: ../../configexamples/zone-policy.rst:34 +#: ../../configexamples/zone-policy.rst:24 msgid "**This specific example is for a router on a stick, but is very easily adapted for however many NICs you have**:" msgstr "**Este ejemplo específico es para un enrutador en un dispositivo, pero se adapta muy fácilmente a la cantidad de NIC que tenga**:" @@ -140,11 +140,11 @@ msgstr "172.17.1.40 CS0 por defecto" msgid "172.17.1.4 CS0 -> CS6" msgstr "172.17.1.4 CS0 -> CS6" -#: ../../configexamples/zone-policy.rst:45 +#: ../../configexamples/zone-policy.rst:35 msgid "192.168.100.10/2001:0DB8:0:AAAA::10 is the administrator's console. It can SSH to VyOS." msgstr "192.168.100.10/2001:0DB8:0:AAAA::10 es la consola del administrador. Puede SSH a VyOS." -#: ../../configexamples/zone-policy.rst:43 +#: ../../configexamples/zone-policy.rst:33 msgid "192.168.200.200/2001:0DB8:0:BBBB::200 is an internal/external DNS, web and mail (SMTP/IMAP) server." msgstr "192.168.200.200/2001:0DB8:0:BBBB::200 es un servidor DNS, web y de correo (SMTP/IMAP) interno/externo." @@ -306,6 +306,35 @@ msgstr "Un orden de reglas para priorizar el tráfico es útil en escenarios don msgid "A simple solution could be using different routing tables, or VRFs for all the networks so we can keep the routing restrictions. But for us to route between the different VRFs we would need a cable or a logical connection between each other:" msgstr "Una solución simple podría ser usar diferentes tablas de enrutamiento o VRF para todas las redes para que podamos mantener las restricciones de enrutamiento. Pero para que podamos enrutar entre los diferentes VRFs necesitaríamos un cable o una conexión lógica entre ellos:" +#: ../../configexamples/fwall-and-bridge.rst:25 +msgid "Accept access to router itself." +msgstr "Accept access to router itself." + +#: ../../configexamples/fwall-and-bridge.rst:21 +#: ../../configexamples/fwall-and-bridge.rst:32 +msgid "Accept all ARP packets." +msgstr "Accept all ARP packets." + +#: ../../configexamples/fwall-and-bridge.rst:30 +msgid "Accept all DHCP discover packets." +msgstr "Accept all DHCP discover packets." + +#: ../../configexamples/fwall-and-bridge.rst:33 +msgid "Accept all IPv4 connections." +msgstr "Accept all IPv4 connections." + +#: ../../configexamples/fwall-and-bridge.rst:31 +msgid "Accept only DHCP offers from valid server and|or trusted bridge port." +msgstr "Accept only DHCP offers from valid server and|or trusted bridge port." + +#: ../../configexamples/fwall-and-bridge.rst:17 +msgid "Accept only IPv6 communication whithin the bridge." +msgstr "Accept only IPv6 communication whithin the bridge." + +#: ../../configexamples/fwall-and-bridge.rst:270 +msgid "Access to the router itself is controlled by the base chain ``input``, and rules to accomplish all the requirements are:" +msgstr "Access to the router itself is controlled by the base chain ``input``, and rules to accomplish all the requirements are:" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:19 msgid "Account at https://www.tunnelbroker.net/" msgstr "Cuenta en https://www.tunnelbroker.net/" @@ -414,10 +443,46 @@ msgstr "Permitir todos los paquetes icmpv6 para enrutador y LAN" msgid "Allow all new connections from local subnets." msgstr "Allow all new connections from local subnets." +#: ../../configexamples/fwall-and-vrf.rst:29 +msgid "Allow connection to PROD." +msgstr "Allow connection to PROD." + +#: ../../configexamples/policy-based-ipsec-and-firewall.rst:40 +msgid "Allow connections from LANs to LANs through the tunnel." +msgstr "Allow connections from LANs to LANs through the tunnel." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:40 msgid "Allow connections from LANs to LANs throught the tunnel." msgstr "Allow connections from LANs to LANs throught the tunnel." +#: ../../configexamples/fwall-and-vrf.rst:20 +msgid "Allow connections to LAN and PROD." +msgstr "Allow connections to LAN and PROD." + +#: ../../configexamples/fwall-and-vrf.rst:24 +msgid "Allow connections to PROD." +msgstr "Allow connections to PROD." + +#: ../../configexamples/fwall-and-bridge.rst:37 +msgid "Allow connections to bridge br1." +msgstr "Allow connections to bridge br1." + +#: ../../configexamples/fwall-and-bridge.rst:26 +msgid "Allow connections to internet" +msgstr "Allow connections to internet" + +#: ../../configexamples/fwall-and-vrf.rst:25 +msgid "Allow connections to internet(WAN)." +msgstr "Allow connections to internet(WAN)." + +#: ../../configexamples/fwall-and-bridge.rst:36 +msgid "Allow connections to internet." +msgstr "Allow connections to internet." + +#: ../../configexamples/fwall-and-vrf.rst:22 +msgid "Allow connections to the router." +msgstr "Allow connections to the router." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:34 msgid "Allow dns requests only only for local networks." msgstr "Allow dns requests only only for local networks." @@ -426,6 +491,14 @@ msgstr "Allow dns requests only only for local networks." msgid "Allow icmp on all interfaces." msgstr "Allow icmp on all interfaces." +#: ../../configexamples/fwall-and-vrf.rst:103 +msgid "Also, we are adding global state policies, in order to allow established and related traffic, in order not to drop valid responses:" +msgstr "Also, we are adding global state policies, in order to allow established and related traffic, in order not to drop valid responses:" + +#: ../../configexamples/fwall-and-bridge.rst:84 +msgid "Also, we are going to use firewall interface groups in order to simplify the firewall configuration." +msgstr "Also, we are going to use firewall interface groups in order to simplify the firewall configuration." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:220 msgid "Also, we can check firewall counters:" msgstr "Also, we can check firewall counters:" @@ -442,6 +515,18 @@ msgstr "Una L3VPN consta de varios enlaces de acceso, varias tablas de enrutamie msgid "And NAT Configuration:" msgstr "And NAT Configuration:" +#: ../../configexamples/fwall-and-vrf.rst:70 +msgid "And before firewall rules are shown, we need to pay attention how to configure and match interfaces and VRFs. In case where an interface is assigned to a non-default VRF, if we want to use inbound-interface or outbound-interface in firewall rules, we need to:" +msgstr "And before firewall rules are shown, we need to pay attention how to configure and match interfaces and VRFs. In case where an interface is assigned to a non-default VRF, if we want to use inbound-interface or outbound-interface in firewall rules, we need to:" + +#: ../../configexamples/fwall-and-vrf.rst:112 +msgid "And finally, we need to allow input connections to the router itself only from vrf MGMT:" +msgstr "And finally, we need to allow input connections to the router itself only from vrf MGMT:" + +#: ../../configexamples/fwall-and-bridge.rst:292 +msgid "And for traffic that is going to other local networks, and to he Internet, we need to use the base chain ``forward``. As in the bridge firewall, we are going to use custom rulesets for each bridge, that would be used in the ``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``:" +msgstr "And for traffic that is going to other local networks, and to he Internet, we need to use the base chain ``forward``. As in the bridge firewall, we are going to use custom rulesets for each bridge, that would be used in the ``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``:" + #: ../../configexamples/autotest/Wireguard/Wireguard.rst:99 msgid "And ping the Branch PC from your central router to check the response." msgstr "Y haga ping a la PC de la sucursal desde su enrutador central para verificar la respuesta." @@ -450,10 +535,23 @@ msgstr "Y haga ping a la PC de la sucursal desde su enrutador central para verif msgid "And show all DHCP Leases" msgstr "Y mostrar todas las concesiones de DHCP" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:132 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:140 msgid "And the ``client`` to receive an IPv6 address with stateless autoconfig." msgstr "Y el ``cliente`` para recibir una dirección IPv6 con autoconfiguración sin estado." +#: ../../configexamples/fwall-and-bridge.rst:202 +#: ../../configexamples/fwall-and-bridge.rst:321 +msgid "And the content of the custom rulesets:" +msgstr "And the content of the custom rulesets:" + +#: ../../configexamples/fwall-and-bridge.rst:132 +msgid "And then create the custom rulesets:" +msgstr "And then create the custom rulesets:" + +#: ../../configexamples/fwall-and-bridge.rst:364 +msgid "And with operational mode commands, we can check rules matchers, actions, and counters." +msgstr "And with operational mode commands, we can check rules matchers, actions, and counters." + #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:-1 #: ../../configexamples/autotest/Wireguard/Wireguard.rst:-1 msgid "Ansible Example topology image" @@ -475,10 +573,22 @@ msgstr "Apéndice A" msgid "Appendix-B" msgstr "Apéndice B" +#: ../../configexamples/fwall-and-bridge.rst:265 +msgid "As a reminder, here's a link to the :doc:`firewall documentation </configuration/firewall/index>`, where you can find more information about the packet flow for traffic that comes from bridge layer and should be analized by the IP firewall." +msgstr "As a reminder, here's a link to the :doc:`firewall documentation </configuration/firewall/index>`, where you can find more information about the packet flow for traffic that comes from bridge layer and should be analized by the IP firewall." + #: ../../configexamples/ha.rst:500 msgid "As a reminder, only advertise routes that you are the default router for. This is why we are NOT announcing the 192.0.2.0/24 network, because if that was announced into OSPF, the other routers would try to connect to that network over a tunnel that connects to that network!" msgstr "Como recordatorio, solo anuncie las rutas para las que es el enrutador predeterminado. Es por eso que NO estamos anunciando la red 192.0.2.0/24, porque si eso se anunciara en OSPF, los otros enrutadores intentarían conectarse a esa red a través de un túnel que se conecta a esa red." +#: ../../configexamples/fwall-and-vrf.rst:16 +msgid "As exposed in the diagram, there are four VRFs. These VRFs are ``MGMT``, ``WAN``, ``LAN`` and ``PROD``, and their requirements are:" +msgstr "As exposed in the diagram, there are four VRFs. These VRFs are ``MGMT``, ``WAN``, ``LAN`` and ``PROD``, and their requirements are:" + +#: ../../configexamples/fwall-and-bridge.rst:107 +msgid "As said before, we are going to create custom firewall rulesets for each bridge, that will be used in the ``prerouting`` chain, in order to drop as much unwanted traffic as early as possible. So, custom rulesets used in ``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``:" +msgstr "As said before, we are going to create custom firewall rulesets for each bridge, that will be used in the ``prerouting`` chain, in order to drop as much unwanted traffic as early as possible. So, custom rulesets used in ``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:853 msgid "As we can see even if both VRF LAN1 and LAN2 has the same import RTs we are able to select which routes are effectively imported and installed." msgstr "Como podemos ver, incluso si VRF LAN1 y LAN2 tienen los mismos RT de importación, podemos seleccionar qué rutas se importan e instalan efectivamente." @@ -503,7 +613,7 @@ msgstr "Como vemos, Shaper está funcionando y el tráfico no funcionará a más msgid "Assign external IP addresses" msgstr "Asignar direcciones IP externas" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:74 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:82 msgid "Assuming the pings are successful, you need to add some DNS servers. Some options:" msgstr "Suponiendo que los ping sean exitosos, debe agregar algunos servidores DNS. Algunas opciones:" @@ -523,7 +633,7 @@ msgstr "En este punto, debería poder acceder a ambos mediante SSH y ya no neces msgid "At this point, you should be able to see both IP addresses when you run ``show interfaces``\\ , and ``show vrrp`` should show both interfaces in MASTER state (and SLAVE state on router2)." msgstr "En este punto, debería poder ver ambas direcciones IP cuando ejecuta ``show interfaces``\\ , y ``show vrrp`` debería mostrar ambas interfaces en estado MAESTRO (y en estado ESCLAVO en el enrutador2)." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:102 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:110 msgid "At this point, your VyOS install should have full IPv6, but now your LAN devices need access." msgstr "En este punto, su instalación de VyOS debería tener IPv6 completo, pero ahora sus dispositivos LAN necesitan acceso." @@ -617,7 +727,35 @@ msgstr "Ambas LAN deben poder enrutar entre sí, ambas tendrán dispositivos adm msgid "Branch" msgstr "Rama" -#: ../../configexamples/zone-policy.rst:151 +#: ../../configexamples/fwall-and-bridge.rst:4 +msgid "Bridge and firewall example" +msgstr "Bridge and firewall example" + +#: ../../configexamples/fwall-and-bridge.rst:17 +msgid "Bridge br0:" +msgstr "Bridge br0:" + +#: ../../configexamples/fwall-and-bridge.rst:27 +msgid "Bridge br1:" +msgstr "Bridge br1:" + +#: ../../configexamples/fwall-and-bridge.rst:37 +msgid "Bridge br2:" +msgstr "Bridge br2:" + +#: ../../configexamples/fwall-and-bridge.rst:75 +msgid "Bridge firewall configuration" +msgstr "Bridge firewall configuration" + +#: ../../configexamples/fwall-and-bridge.rst:367 +msgid "Bridge firewall rulset:" +msgstr "Bridge firewall rulset:" + +#: ../../configexamples/fwall-and-bridge.rst:43 +msgid "Bridges and interfaces configuration" +msgstr "Bridges and interfaces configuration" + +#: ../../configexamples/zone-policy.rst:141 msgid "By default, iptables does not allow traffic for established sessions to return, so you must explicitly allow this. I do this by adding two rules to every ruleset. 1 allows established and related state packets through and rule 2 drops and logs invalid state packets. We place the established/related rule at the top because the vast majority of traffic on a network is established and the invalid rule to prevent invalid state packets from mistakenly being matched against other rules. Having the most matched rule listed first reduces CPU load in high volume environments. Note: I have filed a bug to have this added as a default action as well." msgstr "De forma predeterminada, iptables no permite que regrese el tráfico de las sesiones establecidas, por lo que debe permitirlo explícitamente. Hago esto agregando dos reglas a cada conjunto de reglas. 1 permite el paso de paquetes de estado establecidos y relacionados y la regla 2 elimina y registra paquetes de estado no válidos. Colocamos la regla establecida/relacionada en la parte superior porque la gran mayoría del tráfico en una red está establecida y la regla no válida para evitar que los paquetes de estado no válidos se comparen por error con otras reglas. Tener la regla más coincidente en la lista primero reduce la carga de la CPU en entornos de gran volumen. Nota: He presentado un error para que esto también se agregue como una acción predeterminada." @@ -704,6 +842,8 @@ msgstr "Conclusiones" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:25 #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:37 #: ../../configexamples/bgp-ipv6-unnumbered.rst:12 +#: ../../configexamples/fwall-and-bridge.rst:40 +#: ../../configexamples/fwall-and-vrf.rst:32 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:139 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:231 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:290 @@ -754,6 +894,14 @@ msgstr "Configuration of basic firewall in one site, in order to:" msgid "Configurations" msgstr "Configuraciones" +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:40 +msgid "Configure VyOS as OpenVPN Server" +msgstr "Configure VyOS as OpenVPN Server" + +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:253 +msgid "Configure VyOS as client" +msgstr "Configure VyOS as client" + #: ../../configexamples/ha.rst:358 msgid "Configure Wireguard" msgstr "Configurar protección de cables" @@ -882,14 +1030,22 @@ msgstr "Retransmisión DHCP a través de GRE-Bridge" msgid "DHCPv6-PD Setup" msgstr "Configuración de DHCPv6-PD" -#: ../../configexamples/zone-policy.rst:374 +#: ../../configexamples/zone-policy.rst:364 msgid "DMZ-LAN policy is LAN-DMZ. You can get a rhythm to it when you build out a bunch at one time." msgstr "La política de DMZ-LAN es LAN-DMZ. Puedes conseguir un ritmo cuando construyes un montón a la vez." -#: ../../configexamples/zone-policy.rst:49 +#: ../../configexamples/zone-policy.rst:39 msgid "DMZ cannot access LAN resources." msgstr "DMZ no puede acceder a los recursos de LAN." +#: ../../configexamples/fwall-and-bridge.rst:35 +msgid "Deny access to the router." +msgstr "Deny access to the router." + +#: ../../configexamples/fwall-and-vrf.rst:21 +msgid "Deny connections to internet(WAN)." +msgstr "Deny connections to internet(WAN)." + #: ../../configexamples/ha.rst:18 msgid "Design" msgstr "Diseño" @@ -902,6 +1058,27 @@ msgstr "Dispositivo-A" msgid "Device-B" msgstr "Dispositivo-B" +#: ../../configexamples/fwall-and-vrf.rst:9 +msgid "Diagram used in this example:" +msgstr "Diagram used in this example:" + +#: ../../configexamples/fwall-and-bridge.rst:20 +msgid "Drop all DHCP discover packets." +msgstr "Drop all DHCP discover packets." + +#: ../../configexamples/fwall-and-bridge.rst:24 +#: ../../configexamples/fwall-and-bridge.rst:34 +msgid "Drop all IPv6 connections." +msgstr "Drop all IPv6 connections." + +#: ../../configexamples/fwall-and-bridge.rst:23 +msgid "Drop all other IPv4 connections." +msgstr "Drop all other IPv4 connections." + +#: ../../configexamples/fwall-and-bridge.rst:27 +msgid "Drop connections to other LANs." +msgstr "Drop connections to other LANs." + #: ../../configexamples/ha.rst:514 msgid "Duplicate configuration" msgstr "Configuración duplicada" @@ -914,7 +1091,7 @@ msgstr "Durante la configuración de la dirección, además de asignar una direc msgid "Dynamic routing used between CE and PE nodes and eBGP peering established for the route exchanging between them. All routes received by PEs are then exported to L3VPN and delivered from Spoke sites to Hub and vise-versa based on previously configured L3VPN parameters." msgstr "Enrutamiento dinámico utilizado entre nodos CE y PE y peering eBGP establecido para el intercambio de rutas entre ellos. Todas las rutas recibidas por los PE se exportan a L3VPN y se entregan desde los sitios de Spoke a Hub y viceversa según los parámetros de L3VPN configurados previamente." -#: ../../configexamples/zone-policy.rst:91 +#: ../../configexamples/zone-policy.rst:81 msgid "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same." msgstr "Cada interfaz está asignada a una zona. La interfaz puede ser física o virtual, como túneles (VPN, PPTP, GRE, etc.) y se tratan exactamente de la misma manera." @@ -939,10 +1116,14 @@ msgstr "Habilitar SSH" msgid "Enable SSH so you can now SSH into the routers, rather than using the console." msgstr "Habilite SSH para que ahora pueda usar SSH en los enrutadores, en lugar de usar la consola." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:140 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:148 msgid "Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS." msgstr "Habilita los anuncios del enrutador. Esta es una alternativa de IPv6 para DHCP (aunque aún se puede usar DHCPv6). Con RA, sus dispositivos encontrarán automáticamente la información que necesitan para enrutamiento y DNS." +#: ../../configexamples/zone-policy.rst:243 +msgid "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." +msgstr "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." + #: ../../configexamples/zone-policy.rst:253 msgid "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set enable-default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." msgstr "Incluso si las dos zonas nunca se comunicarán, es una buena idea crear conjuntos de reglas de direcciones de pares de zonas y configurar enable-default-log. Esto le permitirá registrar los intentos de acceder a las redes. Sin él, nunca verá los intentos de conexión." @@ -992,7 +1173,11 @@ msgstr "Red de ejemplo" msgid "Fill ``password`` and ``user`` with the credential provided by your ISP." msgstr "Rellene ``contraseña`` y ``usuario`` con la credencial proporcionada por su ISP." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:202 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:210 +msgid "Finally, don't forget the :ref:`Firewall<configuration/firewall/index:Firewall>`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." +msgstr "Finally, don't forget the :ref:`Firewall<configuration/firewall/index:Firewall>`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." + +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:210 msgid "Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." msgstr "Finalmente, no olvide el :ref:`firewall`. El uso es idéntico, excepto que en lugar de `establecer NOMBRE del nombre del cortafuegos`, usaría `establecer NOMBRE del nombre ipv6 del cortafuegos`." @@ -1000,7 +1185,7 @@ msgstr "Finalmente, no olvide el :ref:`firewall`. El uso es idéntico, excepto q msgid "Finally, let’s check the reachability between CEs:" msgstr "Finalmente, verifiquemos la accesibilidad entre los CE:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:200 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:208 msgid "Firewall" msgstr "cortafuegos" @@ -1008,6 +1193,10 @@ msgstr "cortafuegos" msgid "Firewall Configuration:" msgstr "Firewall Configuration:" +#: ../../configexamples/firewall.rst:4 +msgid "Firewall Examples" +msgstr "Firewall Examples" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:39 msgid "First, we configure the ``vyos-wan`` interface to get a DHCP address." msgstr "Primero, configuramos la interfaz ``vyos-wan`` para obtener una dirección DHCP." @@ -1016,6 +1205,14 @@ msgstr "Primero, configuramos la interfaz ``vyos-wan`` para obtener una direcci msgid "First, we configure the transport network and the Tunnel interface." msgstr "Primero, configuramos la red de transporte y la interfaz del Túnel." +#: ../../configexamples/fwall-and-vrf.rst:34 +msgid "First, we need to configure the interfaces and VRFs:" +msgstr "First, we need to configure the interfaces and VRFs:" + +#: ../../configexamples/fwall-and-bridge.rst:45 +msgid "First, we need to configure the interfaces and bridges:" +msgstr "First, we need to configure the interfaces and bridges:" + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:44 msgid "First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed. Please look :ref:`here <configuration/pki/index:pki>` for more information." msgstr "Primero se debe generar e instalar una CA, un certificado de servidor y cliente firmado y un parámetro Diffie-Hellman. Por favor mire :ref:`aquí<configuration/pki/index:pki> ` para más información." @@ -1024,14 +1221,30 @@ msgstr "Primero se debe generar e instalar una CA, un certificado de servidor y msgid "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP." msgstr "Primero prepare nuestro enrutador VyOS para la conexión a NMP. Tenemos que configurar el protocolo SNMP y la conectividad entre el enrutador y NMP." +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:56 +msgid "First the CA" +msgstr "First the CA" + #: ../../configexamples/site-2-site-cisco.rst:9 msgid "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." msgstr "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." +#: ../../configexamples/fwall-and-vrf.rst:75 +msgid "For **inbound-interface**: use the interface name with the VRF name, like ``MGMT`` or ``LAN``." +msgstr "For **inbound-interface**: use the interface name with the VRF name, like ``MGMT`` or ``LAN``." + +#: ../../configexamples/fwall-and-vrf.rst:77 +msgid "For **outbound-interface**: use the interface name, like ``eth0``, ``vtun0``, ``eth2*`` or similar." +msgstr "For **outbound-interface**: use the interface name, like ``eth0``, ``vtun0``, ``eth2*`` or similar." + #: ../../configexamples/ha.rst:60 msgid "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16" msgstr "Para la conexión entre sitios, estamos ejecutando un enlace WireGuard a dos enrutadores REMOTOS y usando OSPF sobre esos enlaces para distribuir rutas. Se espera que ese sitio remoto envíe tráfico desde cualquier lugar en 10.201.0.0/16" +#: ../../configexamples/fwall-and-bridge.rst:352 +msgid "For example, while a host tries to get an IP address from a DHCP server in br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from untrusted servers are dropped:" +msgstr "For example, while a host tries to get an IP address from a DHCP server in br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from untrusted servers are dropped:" + #: ../../configexamples/pppoe-ipv6-basic.rst:56 msgid "For home network users, most of time ISP only provides /64 prefix, hence there is no need to set SLA ID and prefix length. See :ref:`pppoe-interface` for more information." msgstr "Para los usuarios de redes domésticas, la mayoría de las veces el ISP solo proporciona el prefijo /64, por lo tanto, no es necesario establecer la ID de SLA y la longitud del prefijo. Consulte :ref:`pppoe-interface` para obtener más información." @@ -1096,7 +1309,7 @@ msgstr "Hardware" msgid "Hardware Router - Port 8 of each switch" msgstr "Enrutador de hardware: puerto 8 de cada conmutador" -#: ../../configexamples/zone-policy.rst:282 +#: ../../configexamples/zone-policy.rst:272 msgid "Here is an example of an IPv6 DMZ-WAN ruleset." msgstr "Este es un ejemplo de un conjunto de reglas IPv6 DMZ-WAN." @@ -1136,6 +1349,10 @@ msgstr "IPSec configuration:" msgid "IP Schema" msgstr "Esquema IP" +#: ../../configexamples/fwall-and-bridge.rst:258 +msgid "IP firewall configuration" +msgstr "IP firewall configuration" + #: ../../configexamples/site-2-site-cisco.rst:34 msgid "IPsec:" msgstr "IPsec:" @@ -1144,11 +1361,15 @@ msgstr "IPsec:" msgid "IPv4 Network" msgstr "Red IPv4" +#: ../../configexamples/fwall-and-bridge.rst:451 +msgid "IPv4 firewall rulset:" +msgstr "IPv4 firewall rulset:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85 msgid "IPv6 Network" msgstr "Red IPv6" -#: ../../configexamples/zone-policy.rst:383 +#: ../../configexamples/zone-policy.rst:373 msgid "IPv6 Tunnel" msgstr "Túnel IPv6" @@ -1169,11 +1390,11 @@ msgstr "ISP" msgid "I chose to run OSPF as the IGP (Interior Gateway Protocol). All required BGP sessions are established via a dummy interfaces (similar to the loopback, but in Linux you can have only one loopback, while there can be many dummy interfaces) on the PE routers. In case of a link failure, traffic is diverted in the other direction in this triangle setup and BGP sessions will not go down. One could even enable BFD (Bidirectional Forwarding Detection) on the links for a faster failover and resilience in the network." msgstr "Elegí ejecutar OSPF como IGP (Protocolo de puerta de enlace interior). Todas las sesiones BGP requeridas se establecen a través de interfaces ficticias (similar al bucle invertido, pero en Linux solo puede tener un bucle invertido, mientras que puede haber muchas interfaces ficticias) en los enrutadores PE. En caso de falla de un enlace, el tráfico se desvía en la otra dirección en esta configuración de triángulo y las sesiones BGP no se interrumpen. Incluso se podría habilitar BFD (Detección de reenvío bidireccional) en los enlaces para una conmutación por error más rápida y resiliencia en la red." -#: ../../configexamples/zone-policy.rst:171 +#: ../../configexamples/zone-policy.rst:161 msgid "I create/configure the interfaces first. Build out the rulesets for each zone-pair-direction which includes at least the three state rules. Then I setup the zone-policies." msgstr "Primero creo/configuro las interfaces. Cree los conjuntos de reglas para cada zona-par-dirección que incluya al menos las tres reglas estatales. Luego configuro las políticas de zona." -#: ../../configexamples/zone-policy.rst:100 +#: ../../configexamples/zone-policy.rst:90 msgid "I name rule sets to indicate which zone-pair-direction they represent. eg. ZoneA-ZoneB or ZoneB-ZoneA. LAN-DMZ, DMZ-LAN." msgstr "Nombro conjuntos de reglas para indicar qué zona-par-dirección representan. p.ej. ZonaA-ZonaB o ZonaB-ZonaA. LAN-DMZ, DMZ-LAN." @@ -1185,10 +1406,18 @@ msgstr "Nombré a los clientes azul, rojo y verde, que es una práctica común e msgid "I spun up a new lab in EVE-NG, which represents this as the \"Foo Bar - Service Provider Inc.\" that has 3 points of presence (PoP) in random datacenters/sites named PE1, PE2, and PE3. Each PoP aggregates at least two customers." msgstr "Creé un nuevo laboratorio en EVE-NG, que representa esto como "Foo Bar - Service Provider Inc". que tiene 3 puntos de presencia (PoP) en centros de datos/sitios aleatorios denominados PE1, PE2 y PE3. Cada PoP agrega al menos dos clientes." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:54 +msgid "If `source-address` is dynamic, the tunnel will cease working once the address changes. To avoid having to manually update `source-address` each time the dynamic IP changes, an address of '0.0.0.0' can be specified." +msgstr "If `source-address` is dynamic, the tunnel will cease working once the address changes. To avoid having to manually update `source-address` each time the dynamic IP changes, an address of '0.0.0.0' can be specified." + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:256 msgid "If the client is connect successfully you can check the output with" msgstr "Si el cliente se conecta correctamente, puede verificar la salida con" +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:272 +msgid "If the client is connected successfully you can check the status" +msgstr "If the client is connected successfully you can check the status" + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:236 msgid "If we need to retrieve information about a specific host/network inside the EVPN network we need to run" msgstr "Si necesitamos recuperar información sobre un host/red específico dentro de la red EVPN, debemos ejecutar" @@ -1197,7 +1426,7 @@ msgstr "Si necesitamos recuperar información sobre un host/red específico dent msgid "If you are following through this document, it is strongly suggested you complete the entire document, ONLY doing the virtual router1 steps, and then come back and walk through it AGAIN on the backup hardware router." msgstr "Si está siguiendo este documento, se recomienda enfáticamente que complete todo el documento, SOLAMENTE siguiendo los pasos del enrutador virtual1, y luego regrese y revíselo OTRA VEZ en el enrutador de hardware de respaldo." -#: ../../configexamples/zone-policy.rst:385 +#: ../../configexamples/zone-policy.rst:375 msgid "If you are using a IPv6 tunnel from HE.net or someone else, the basis is the same except you have two WAN interfaces. One for v4 and one for v6." msgstr "Si está utilizando un túnel IPv6 de HE.net o de otra persona, la base es la misma excepto que tiene dos interfaces WAN. Uno para v4 y otro para v6." @@ -1205,7 +1434,7 @@ msgstr "Si está utilizando un túnel IPv6 de HE.net o de otra persona, la base msgid "If you use a routing protocol itself, you solve two problems at once. This is only a basic example, and is provided as a starting point." msgstr "Si usa un protocolo de enrutamiento en sí mismo, resuelve dos problemas a la vez. Este es solo un ejemplo básico y se proporciona como un punto de partida." -#: ../../configexamples/zone-policy.rst:110 +#: ../../configexamples/zone-policy.rst:100 msgid "If your computer is on the LAN and you need to SSH into your VyOS box, you would need a rule to allow it in the LAN-Local ruleset. If you want to access a webpage from your VyOS box, you need a rule to allow it in the Local-LAN ruleset." msgstr "Si su computadora está en la LAN y necesita SSH en su caja VyOS, necesitará una regla para permitirlo en el conjunto de reglas LAN-Local. Si desea acceder a una página web desde su caja VyOS, necesita una regla para permitirlo en el conjunto de reglas de LAN local." @@ -1213,23 +1442,23 @@ msgstr "Si su computadora está en la LAN y necesita SSH en su caja VyOS, necesi msgid "Image name: vyos-1.4-rolling-202110310317-amd64.iso" msgstr "Nombre de la imagen: vyos-1.4-rolling-202110310317-amd64.iso" -#: ../../configexamples/zone-policy.rst:103 +#: ../../configexamples/zone-policy.rst:93 msgid "In VyOS, you have to have unique Ruleset names. In the event of overlap, I add a \"-6\" to the end of v6 rulesets. eg. LAN-DMZ, LAN-DMZ-6. This allows for each auto-completion and uniqueness." msgstr "En VyOS, debe tener nombres de conjuntos de reglas únicos. En caso de superposición, agrego un "-6" al final de los conjuntos de reglas v6. p.ej. LAN-DMZ, LAN-DMZ-6. Esto permite que cada autocompletado y singularidad." -#: ../../configexamples/zone-policy.rst:167 +#: ../../configexamples/zone-policy.rst:157 msgid "In VyOS you must have the interfaces created before you can apply it to the zone and the rulesets must be created prior to applying it to a zone-policy." msgstr "En VyOS, debe tener las interfaces creadas antes de poder aplicarlas a la zona y los conjuntos de reglas deben crearse antes de aplicarlas a una política de zona." -#: ../../configexamples/zone-policy.rst:18 +#: ../../configexamples/zone-policy.rst:8 msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." msgstr "En :vytask:`T2199` se cambió la sintaxis de la configuración de zona. La configuración de la zona se movió de ``zone-policy zone<name> `` a `` zona de cortafuegos<name> ``." -#: ../../configexamples/zone-policy.rst:115 +#: ../../configexamples/zone-policy.rst:105 msgid "In rules, it is good to keep them named consistently. As the number of rules you have grows, the more consistency you have, the easier your life will be." msgstr "En las reglas, es bueno mantenerlas nombradas consistentemente. A medida que crezca el número de reglas que tenga, cuanta más consistencia tenga, más fácil será su vida." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:176 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:184 msgid "In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535)." msgstr "En los ejemplos anteriores, usted elige 1,2,ffff. Puede usar 1-ffff (1-65535)." @@ -1245,7 +1474,7 @@ msgstr "Al final, configuraremos el formador de tráfico utilizando mecanismos d msgid "In the end, you'll get a powerful instrument for monitoring the VyOS systems." msgstr "Al final, obtendrá un poderoso instrumento para monitorear los sistemas VyOS." -#: ../../configexamples/zone-policy.rst:377 +#: ../../configexamples/zone-policy.rst:367 msgid "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is." msgstr "Al final, terminará con algo como esta configuración. Eliminé todo excepto las secciones Firewall, Interfaces y zone-policy. Es lo suficientemente largo como está." @@ -1265,7 +1494,7 @@ msgstr "En este caso, el enrutador de hardware tiene una IP diferente, por lo qu msgid "In this case, we'll try to make a simple lab using QoS and the general ability of the VyOS system. We recommend you to go through the main article about `QoS <https://docs.vyos.io/en/latest/configuration/trafficpolicy/index.html>`_ first." msgstr "En este caso, intentaremos hacer un laboratorio simple usando QoS y la capacidad general del sistema VyOS. Le recomendamos leer el artículo principal sobre `QoS<https://docs.vyos.io/en/latest/configuration/trafficpolicy/index.html> `_ primero." -#: ../../configexamples/zone-policy.rst:365 +#: ../../configexamples/zone-policy.rst:355 msgid "In this case, we are setting the v6 ruleset that represents traffic sourced from the LAN, destined for the DMZ. Because the zone-policy firewall syntax is a little awkward, I keep it straight by thinking of it backwards." msgstr "En este caso, estamos configurando el conjunto de reglas v6 que representa el tráfico procedente de la LAN, destinado a la DMZ. Debido a que la sintaxis del cortafuegos de política de zona es un poco incómoda, la mantengo clara al pensar en ella al revés." @@ -1289,7 +1518,7 @@ msgstr "En este ejemplo, OpenVPN se configurará con un certificado de cliente y msgid "In this example two LAN interfaces exist in different subnets instead of one like in the previous examples:" msgstr "En este ejemplo, existen dos interfaces LAN en diferentes subredes en lugar de una como en los ejemplos anteriores:" -#: ../../configexamples/zone-policy.rst:107 +#: ../../configexamples/zone-policy.rst:97 msgid "In this example we have 4 zones. LAN, WAN, DMZ, Local. The local zone is the firewall itself." msgstr "En este ejemplo tenemos 4 zonas. LAN, WAN, DMZ, locales. La zona local es el propio cortafuegos." @@ -1301,7 +1530,11 @@ msgstr "In this example we use VyOS 1.5 as LNS and Cisco IOS as LAC. All users w msgid "In this lab we use Windows PPPoE client." msgstr "In this lab we use Windows PPPoE client." -#: ../../configexamples/zone-policy.rst:50 +#: ../../configexamples/fwall-and-bridge.rst:77 +msgid "In this section, we are going to configure the firewall rules that will be used in bridge firewall, and will control the traffic within each bridge." +msgstr "In this section, we are going to configure the firewall rules that will be used in bridge firewall, and will control the traffic within each bridge." + +#: ../../configexamples/zone-policy.rst:40 msgid "Inbound WAN connect to DMZ host." msgstr "Conexión WAN entrante al host DMZ." @@ -1350,22 +1583,26 @@ msgstr "Red interna" msgid "Internet" msgstr "Internet" -#: ../../configexamples/zone-policy.rst:40 +#: ../../configexamples/zone-policy.rst:30 msgid "Internet - 192.168.200.100 - TCP/25" msgstr "Internet - 192.168.200.100 - TCP/25" -#: ../../configexamples/zone-policy.rst:39 +#: ../../configexamples/zone-policy.rst:29 msgid "Internet - 192.168.200.100 - TCP/443" msgstr "Internet - 192.168.200.100 - TCP/443" -#: ../../configexamples/zone-policy.rst:41 +#: ../../configexamples/zone-policy.rst:31 msgid "Internet - 192.168.200.100 - TCP/53" msgstr "Internet - 192.168.200.100 - TCP/53" -#: ../../configexamples/zone-policy.rst:38 +#: ../../configexamples/zone-policy.rst:28 msgid "Internet - 192.168.200.100 - TCP/80" msgstr "Internet - 192.168.200.100 - TCP/80" +#: ../../configexamples/fwall-and-bridge.rst:16 +msgid "Isolated layer 2 bridge." +msgstr "Isolated layer 2 bridge." + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:79 msgid "It's important to note that all your existing configurations will be migrated automatically on image upgrade. Nothing to do on your side." msgstr "Es importante tener en cuenta que todas sus configuraciones existentes se migrarán automáticamente en la actualización de la imagen. Nada que hacer de tu lado." @@ -1374,11 +1611,11 @@ msgstr "Es importante tener en cuenta que todas sus configuraciones existentes s msgid "It is assumed that the routers provided by upstream are capable of acting as a default router, add that as a static route." msgstr "Se supone que los enrutadores proporcionados por upstream son capaces de actuar como un enrutador predeterminado, agregue eso como una ruta estática." -#: ../../configexamples/zone-policy.rst:140 +#: ../../configexamples/zone-policy.rst:130 msgid "It is good practice to log both accepted and denied traffic. It can save you significant headaches when trying to troubleshoot a connectivity issue." msgstr "Es una buena práctica registrar tanto el tráfico aceptado como el denegado. Puede ahorrarle dolores de cabeza significativos cuando intente solucionar un problema de conectividad." -#: ../../configexamples/zone-policy.rst:60 +#: ../../configexamples/zone-policy.rst:50 msgid "It will look something like this:" msgstr "Se verá algo como esto:" @@ -1406,7 +1643,7 @@ msgstr "L3VPN para conectividad Hub-and-Spoke con VyOS" msgid "LAC" msgstr "LAC" -#: ../../configexamples/zone-policy.rst:392 +#: ../../configexamples/zone-policy.rst:382 msgid "LAN, WAN, DMZ, local and TUN (tunnel)" msgstr "LAN, WAN, DMZ, local y TUN (túnel)" @@ -1438,15 +1675,15 @@ msgstr "Y 1" msgid "LAN 2" msgstr "Y 2" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:100 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:108 msgid "LAN Configuration" msgstr "Configuración LAN" -#: ../../configexamples/zone-policy.rst:47 +#: ../../configexamples/zone-policy.rst:37 msgid "LAN and DMZ hosts have basic outbound access: Web, FTP, SSH." msgstr "Los hosts LAN y DMZ tienen acceso de salida básico: Web, FTP, SSH." -#: ../../configexamples/zone-policy.rst:48 +#: ../../configexamples/zone-policy.rst:38 msgid "LAN can access DMZ resources." msgstr "La LAN puede acceder a los recursos de la DMZ." @@ -1501,7 +1738,7 @@ msgstr "Muchos otros hipervisores hacen esto, y espero que este documento se amp msgid "Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface." msgstr "Tráfico de enmascaramiento que se origina en 10.200.201.0/24 que se dirige hacia la interfaz pública." -#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:254 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:270 #: ../../configexamples/lac-lns.rst:106 msgid "Monitoring" msgstr "Supervisión" @@ -1518,7 +1755,7 @@ msgstr "Monitoring on LNS side" msgid "Monitoring on RADIUS Server side" msgstr "Monitoring on RADIUS Server side" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:162 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:170 msgid "Multiple LAN/DMZ Setup" msgstr "Configuración de múltiples LAN/DMZ" @@ -1530,7 +1767,7 @@ msgstr "NAT y conntrack-sync" msgid "NMP example" msgstr "ejemplo de NMP" -#: ../../configexamples/zone-policy.rst:23 +#: ../../configexamples/zone-policy.rst:13 msgid "Native IPv4 and IPv6" msgstr "IPv4 e IPv6 nativos" @@ -1544,6 +1781,7 @@ msgid "Network Topology" msgstr "Topología de la red" #: ../../configexamples/ansible.rst:-1 +#: ../../configexamples/fwall-and-vrf.rst:-1 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:-1 #: ../../configexamples/l3vpn-hub-and-spoke.rst:-1 #: ../../configexamples/lac-lns.rst:-1 @@ -1559,6 +1797,10 @@ msgstr "Diagrama de topología de red" msgid "Network Topology and requirements" msgstr "Network Topology and requirements" +#: ../../configexamples/fwall-and-vrf.rst:80 +msgid "Next, we need to configure the firewall rules. First we will define all rules for transit traffic between VRFs." +msgstr "Next, we need to configure the firewall rules. First we will define all rules for transit traffic between VRFs." + #: ../../configexamples/qos.rst:31 msgid "Next, we will replace only all CS4 labels on the “VyOS2” router." msgstr "A continuación, reemplazaremos solo todas las etiquetas CS4 en el enrutador "VyOS2"." @@ -1587,10 +1829,14 @@ msgstr "Tenga en cuenta que el enrutador1 es una máquina virtual que se ejecuta msgid "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)." msgstr "Tenga en cuenta que debe permitir que el enrutador reciba una respuesta DHCPv6 del ISP. Necesitamos permitir paquetes con el puerto de origen 547 (servidor) y el puerto de destino 546 (cliente)." -#: ../../configexamples/zone-policy.rst:411 +#: ../../configexamples/zone-policy.rst:401 msgid "Notice, none go to WAN since WAN wouldn't have a v6 address on it." msgstr "Tenga en cuenta que ninguno va a WAN ya que WAN no tendría una dirección v6." +#: ../../configexamples/fwall-and-bridge.rst:168 +msgid "Now, in the ``forward`` chain, we are going to define state policies, and custom rulesets for each bridge that would be used in the ``forward`` chain. These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``:" +msgstr "Now, in the ``forward`` chain, we are going to define state policies, and custom rulesets for each bridge that would be used in the ``forward`` chain. These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``:" + #: ../../configexamples/l3vpn-hub-and-spoke.rst:831 msgid "Now, let’s check routing information on out Hub PE:" msgstr "Ahora, verifiquemos la información de enrutamiento en nuestro Hub PE:" @@ -1603,7 +1849,7 @@ msgstr "Ahora habilite la replicación entre nodos. Reemplace eth0.201 con bond0 msgid "Now generate all required certificates on the ovpn-server:" msgstr "Ahora genere todos los certificados necesarios en el servidor ovpn:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:144 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:152 msgid "Now the Client is able to ping a public IPv6 address" msgstr "Ahora el Cliente puede hacer ping a una dirección IPv6 pública" @@ -1619,7 +1865,7 @@ msgstr "Ahora realizamos algunas pruebas de extremo a extremo" msgid "Now we’re checking iBGP status and routes from route-reflector nodes to other devices:" msgstr "Ahora estamos comprobando el estado iBGP y las rutas desde los nodos reflectores de ruta a otros dispositivos:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:57 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:65 msgid "Now you should be able to ping a public IPv6 Address" msgstr "Ahora debería poder hacer ping a una dirección IPv6 pública" @@ -1648,7 +1894,7 @@ msgstr "Una vez que todos los enrutadores se puedan administrar de forma remota msgid "Once all the required certificates and keys are installed, the remaining OpenVPN Server configuration can be carried out." msgstr "Una vez que se instalan todos los certificados y claves necesarios, se puede llevar a cabo la configuración restante del servidor OpenVPN." -#: ../../configexamples/zone-policy.rst:355 +#: ../../configexamples/zone-policy.rst:345 msgid "Once you have all of your rulesets built, then you need to create your zone-policy." msgstr "Una vez que haya creado todos sus conjuntos de reglas, debe crear su política de zona." @@ -1676,6 +1922,10 @@ msgstr "Un cable/conexión lógica entre LAN2 e Internet" msgid "One cable/logical connection between LAN2 and Management" msgstr "Un cable/conexión lógica entre LAN2 y Management" +#: ../../configexamples/fwall-and-vrf.rst:27 +msgid "Only accepts connections." +msgstr "Only accepts connections." + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:5 msgid "OpenVPN with LDAP" msgstr "OpenVPN con LDAP" @@ -1755,8 +2005,8 @@ msgstr "Haga ping al cliente desde el servidor DHCP." msgid "Pings will be sent to four targets for health testing (33.44.55.66, 44.55.66.77, 55.66.77.88 and 66.77.88.99)." msgstr "Se enviarán pings a cuatro objetivos para realizar pruebas de salud (33.44.55.66, 44.55.66.77, 55.66.77.88 y 66.77.88.99)." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:128 -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:195 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:136 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:203 msgid "Please note, 'autonomous-flag' and 'on-link-flag' are enabled by default, 'valid-lifetime' and 'preferred-lifetime' are set to default values of 30 days and 4 hours respectively." msgstr "Tenga en cuenta que 'autonomous-flag' y 'on-link-flag' están habilitados de forma predeterminada, 'valid-lifetime' y 'preferred-lifetime' tienen valores predeterminados de 30 días y 4 horas respectivamente." @@ -1853,11 +2103,11 @@ msgstr "VPN de sitio a sitio basada en rutas a Azure (BGP sobre IKEv2/IPsec)" msgid "Route-Filtering" msgstr "Filtrado de rutas" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:110 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:118 msgid "Routed /48. This is something you can request by clicking the \"Assign /48\" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k" msgstr "Enrutado /48. Esto es algo que puede solicitar haciendo clic en el enlace "Asignar /48" en la configuración del túnel Tunnelbroker.net. Te permite tener hasta 65k" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:107 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:115 msgid "Routed /64. This is the default assignment. In IPv6-land, it's good for a single \"LAN\", and is somewhat equivalent to a /24." msgstr "Enrutado /64. Esta es la asignación predeterminada. En IPv6-land, es bueno para una sola "LAN" y es algo equivalente a /24." @@ -1883,10 +2133,15 @@ msgstr "Enrutador B:" msgid "Router id's must be unique." msgstr "La identificación del enrutador debe ser única." -#: ../../configexamples/zone-policy.rst:98 +#: ../../configexamples/zone-policy.rst:88 msgid "Ruleset are created per zone-pair-direction." msgstr "El conjunto de reglas se crea por zona-par-dirección." +#: ../../configexamples/fwall-and-bridge.rst:7 +#: ../../configexamples/fwall-and-vrf.rst:5 +msgid "Scenario and requirements" +msgstr "Scenario and requirements" + #: ../../configexamples/segment-routing-isis.rst:7 msgid "Segment-routing IS-IS example" msgstr "Ejemplo IS-IS de enrutamiento de segmento" @@ -1919,7 +2174,7 @@ msgstr "Configure la subred local en eth2 y la dirección IP pública eth1 en ca msgid "Set up bandwidth limits on the eth2 interface of the router “VyOS2”." msgstr "Configure límites de ancho de banda en la interfaz eth2 del enrutador "VyOS2"." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:139 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:147 msgid "Sets your LAN interface's IP address" msgstr "Establece la dirección IP de su interfaz LAN" @@ -1931,6 +2186,10 @@ msgstr "Configuración local global de BGP, también dentro del VRF. Redistribuy msgid "Setting up Ansible on a server running the Debian operating system." msgstr "Setting up Ansible on a server running the Debian operating system." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:59 +msgid "Setup the IPv6 default route to the tunnel interface" +msgstr "Setup the IPv6 default route to the tunnel interface" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 msgid "Setup the ipv6 default route to the tunnel interface" msgstr "Configure la ruta predeterminada ipv6 a la interfaz del túnel" @@ -1943,23 +2202,31 @@ msgstr "Mostrar rutas para todos los VRF" msgid "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`." msgstr "De manera similar, para conectar el firewall, usaría `set interfaces ethernet eth0 firewall in ipv6-name` o `et firewall zone LOCAL from WAN firewall ipv6-name`." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:214 +msgid "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall ipv6-name`." +msgstr "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall ipv6-name`." + #: ../../configexamples/pppoe-ipv6-basic.rst:78 msgid "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address." msgstr "Dado que algunos ISP desconectan la conexión continua cada 2 o 3 días, configuramos la "vida útil válida" en 2 días para permitir que la PC elimine gradualmente la dirección anterior." +#: ../../configexamples/fwall-and-bridge.rst:260 +msgid "Since some of the requirements listed above exceed the capabilities of the bridge firewall, we need to use the IP firewall to implement them. For bridge br1 and br2, we need to control the traffic that is going to the router itself, to other local networks, and to the Internet." +msgstr "Since some of the requirements listed above exceed the capabilities of the bridge firewall, we need to use the IP firewall to implement them. For bridge br1 and br2, we need to control the traffic that is going to the router itself, to other local networks, and to the Internet." + #: ../../configexamples/site-2-site-cisco.rst:128 msgid "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" msgstr "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" -#: ../../configexamples/zone-policy.rst:236 +#: ../../configexamples/zone-policy.rst:226 msgid "Since we have 4 zones, we need to setup the following rulesets." msgstr "Como tenemos 4 zonas, necesitamos configurar los siguientes conjuntos de reglas." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:119 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:127 msgid "Single LAN Setup" msgstr "Configuración de LAN única" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:121 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:129 msgid "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:" msgstr "Configuración de LAN única donde eth2 es su interfaz LAN. Utilice el prefijo /64 enrutado de Tunnelbroker:" @@ -1967,11 +2234,15 @@ msgstr "Configuración de LAN única donde eth2 es su interfaz LAN. Utilice el p msgid "Site-to-Site IPSec VPN to Cisco using FlexVPN" msgstr "Site-to-Site IPSec VPN to Cisco using FlexVPN" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:187 msgid "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:" msgstr "Entonces, cuando su LAN es eth1, su DMZ es eth2, sus cámaras están en eth3, etc.:" -#: ../../configexamples/zone-policy.rst:416 +#: ../../configexamples/fwall-and-bridge.rst:87 +msgid "So first, let's create the required firewall interface groups:" +msgstr "So first, let's create the required firewall interface groups:" + +#: ../../configexamples/zone-policy.rst:406 msgid "Something like:" msgstr "Algo como:" @@ -1980,7 +2251,7 @@ msgstr "Algo como:" msgid "Spoke" msgstr "Habló" -#: ../../configexamples/zone-policy.rst:358 +#: ../../configexamples/zone-policy.rst:348 msgid "Start by setting the interface and default action for each zone." msgstr "Comience configurando la interfaz y la acción predeterminada para cada zona." @@ -1992,6 +2263,10 @@ msgstr "Start the playbook:" msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." +#: ../../configexamples/zone-policy.rst:8 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." + #: ../../configexamples/l3vpn-hub-and-spoke.rst:105 msgid "Step-1: Configuring IGP and enabling MPLS LDP" msgstr "Paso 1: Configuración de IGP y habilitación de MPLS LDP" @@ -2074,7 +2349,7 @@ msgstr "Pruebas" msgid "Testing and debugging" msgstr "Prueba y depuración" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:164 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:172 msgid "That's how you can expand the example above. Use the `Routed /48` information. This allows you to assign a different /64 to every interface, LAN, or even device. Or you could break your network into smaller chunks like /56 or /60." msgstr "Así es como puedes ampliar el ejemplo anterior. Utilice la información `Routed /48`. Esto le permite asignar un /64 diferente a cada interfaz, LAN o incluso dispositivo. O podría dividir su red en partes más pequeñas como /56 o /60." @@ -2086,7 +2361,7 @@ msgstr "El laboratorio asume un Active Directory en pleno funcionamiento en el s msgid "The Topology are consists of:" msgstr "La topología consta de:" -#: ../../configexamples/zone-policy.rst:57 +#: ../../configexamples/zone-policy.rst:47 msgid "The VyOS interface is assigned the .1/:1 address of their respective networks. WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30." msgstr "A la interfaz de VyOS se le asigna la dirección .1/:1 de sus respectivas redes. WAN está en VLAN 10, LAN en VLAN 20 y DMZ en VLAN 30." @@ -2098,6 +2373,10 @@ msgstr "El comando ``commit`` está implícito después de cada sección. Si com msgid "The ``redistribute ospf`` command is there purely as an example of how this can be expanded. In this walkthrough, it will be filtered by BGPOUT rule 10000, as it is not 203.0.113.0/24." msgstr "El comando ``redistribute ospf`` está ahí simplemente como un ejemplo de cómo se puede expandir esto. En este tutorial, se filtrará por la regla 10000 de BGPOUT, ya que no es 203.0.113.0/24." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 +msgid "The `source-address` is the Tunnelbroker client IPv4 address or if there is NAT the current WAN interface address." +msgstr "The `source-address` is the Tunnelbroker client IPv4 address or if there is NAT the current WAN interface address." + #: ../../configexamples/segment-routing-isis.rst:19 msgid "The below configuration is used as example where we keep focus on VyOS-P1/VyOS-P2/XRv-P3 which we share the settings." msgstr "La siguiente configuración se usa como ejemplo en el que nos enfocamos en VyOS-P1/VyOS-P2/XRv-P3, cuya configuración compartimos." @@ -2110,11 +2389,11 @@ msgstr "Los pasos de configuración son los mismos que en el ejemplo anterior, e msgid "The example topology has 2 VyOS routers. One as The WAN Router and on as a Client, to test a single LAN setup" msgstr "La topología de ejemplo tiene 2 enrutadores VyOS. Uno como enrutador WAN y otro como cliente, para probar una única configuración de LAN" -#: ../../configexamples/zone-policy.rst:133 +#: ../../configexamples/zone-policy.rst:123 msgid "The first two rules are to deal with the idiosyncrasies of VyOS and iptables." msgstr "Las dos primeras reglas tienen que ver con las idiosincrasias de VyOS e iptables." -#: ../../configexamples/zone-policy.rst:182 +#: ../../configexamples/zone-policy.rst:172 msgid "The following are the rules that were created for this example (may not be complete), both in IPv4 and IPv6. If there is no IP specified, then the source/destination address is not explicit." msgstr "Las siguientes son las reglas que se crearon para este ejemplo (puede que no estén completas), tanto en IPv4 como en IPv6. Si no se especifica una IP, la dirección de origen/destino no es explícita." @@ -2126,7 +2405,7 @@ msgstr "El siguiente software se utilizó en la creación de este documento:" msgid "The following template configuration can be used in each remote router based in our topology." msgstr "La siguiente configuración de plantilla se puede utilizar en cada enrutador remoto según nuestra topología." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:169 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:177 msgid "The format of these addresses:" msgstr "El formato de estas direcciones:" @@ -2134,6 +2413,10 @@ msgstr "El formato de estas direcciones:" msgid "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers." msgstr "El laboratorio que construí usa un VRF (llamado **mgmt**) para proporcionar acceso SSH fuera de banda a los enrutadores PE (Provider Edge)." +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:23 +msgid "The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." +msgstr "The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." + #: ../../configexamples/site-2-site-cisco.rst:14 msgid "The lab was built using EVE-NG." msgstr "The lab was built using EVE-NG." @@ -2206,7 +2489,11 @@ msgstr "Quieren que establezcamos una sesión BGP en sus enrutadores en 192.0.2. msgid "This LAB show how to uwe OpenVPN with a Active Directory authentication backend." msgstr "Este LAB muestra cómo utilizar OpenVPN con un backend de autenticación de Active Directory." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:137 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:10 +msgid "This LAB shows how to use OpenVPN with a Active Directory authentication method." +msgstr "This LAB shows how to use OpenVPN with a Active Directory authentication method." + +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:145 msgid "This accomplishes a few things:" msgstr "Esto logra algunas cosas:" @@ -2215,6 +2502,10 @@ msgid "This chapter contains various configuration examples:" msgstr "Este capítulo contiene varios ejemplos de configuración:" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 +msgid "This configuration example and the requirements consists of:" +msgstr "This configuration example and the requirements consists of:" + +#: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 msgid "This configuration example and the requirments consists of:" msgstr "This configuration example and the requirments consists of:" @@ -2242,6 +2533,14 @@ msgstr "Este documento lo guía a través de una configuración HA completa de d msgid "This ensures you don't go too fast or miss a step. However, it will make your life easier to configure the fixed IP address and default route now on the hardware router." msgstr "Esto asegura que no vaya demasiado rápido o pierda un paso. Sin embargo, le facilitará la vida configurar la dirección IP fija y la ruta predeterminada ahora en el enrutador de hardware." +#: ../../configexamples/fwall-and-vrf.rst:7 +msgid "This example shows how to configure a VyOS router with VRFs and firewall rules." +msgstr "This example shows how to configure a VyOS router with VRFs and firewall rules." + +#: ../../configexamples/fwall-and-bridge.rst:9 +msgid "This example shows how to configure a VyOS router with bridge interfaces and firewall rules." +msgstr "This example shows how to configure a VyOS router with bridge interfaces and firewall rules." + #: ../../configexamples/wan-load-balancing.rst:70 msgid "This example uses the failover mode." msgstr "Este ejemplo utiliza el modo de conmutación por error." @@ -2282,7 +2581,7 @@ msgstr "Esto tiene una dirección IP flotante de 10.200.201.1/24, usando el ID d msgid "This has a floating IP address of 203.0.113.1/24, using virtual router ID 113. The virtual router ID is just a random number between 1 and 254, and can be set to whatever you want. Best practices suggest you try to keep them unique enterprise-wide." msgstr "Esto tiene una dirección IP flotante de 203.0.113.1/24, usando la ID de enrutador virtual 113. La ID de enrutador virtual es solo un número aleatorio entre 1 y 254, y se puede configurar como desee. Las mejores prácticas sugieren que trate de mantenerlas únicas en toda la empresa." -#: ../../configexamples/zone-policy.rst:258 +#: ../../configexamples/zone-policy.rst:248 msgid "This is an example of the three base rules." msgstr "Este es un ejemplo de las tres reglas básicas." @@ -2306,6 +2605,10 @@ msgstr "Esto ignora la red de administración fuera de banda adicional, que debe msgid "This scenario could be a nightmare applying regular routing and might need filtering in multiple interfaces." msgstr "Este escenario podría ser una pesadilla aplicando enrutamiento regular y podría necesitar filtrado en múltiples interfaces." +#: ../../configexamples/firewall.rst:6 +msgid "This section contains examples of firewall configurations for various deployments." +msgstr "This section contains examples of firewall configurations for various deployments." + #: ../../configexamples/l3vpn-hub-and-spoke.rst:547 msgid "This section describes verification commands for MPLS/BGP/LDP protocols and L3VPN related routes as well as diagnosis and reachability checks between CE nodes." msgstr "Esta sección describe los comandos de verificación para los protocolos MPLS/BGP/LDP y las rutas relacionadas con L3VPN, así como las verificaciones de accesibilidad y diagnóstico entre nodos CE." @@ -2330,6 +2633,10 @@ msgstr "Esta estructura simple muestra cómo configurar un relé DHCP a través msgid "This will be visible in 'show ip route'." msgstr "Esto será visible en 'show ip route'." +#: ../../configexamples/fwall-and-bridge.rst:12 +msgid "Three non VLAN-aware bridges are going to be configured, and each one has its own requirements." +msgstr "Three non VLAN-aware bridges are going to be configured, and each one has its own requirements." + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:112 msgid "Thus you can easily match it to one of the devices/networks below." msgstr "Por lo tanto, puede combinarlo fácilmente con uno de los dispositivos/redes a continuación." @@ -2338,7 +2645,7 @@ msgstr "Por lo tanto, puede combinarlo fácilmente con uno de los dispositivos/r msgid "To achieve this, your ISP is required to support DHCPv6-PD. If you're not sure, please contact your ISP for more information." msgstr "Para lograr esto, su ISP debe ser compatible con DHCPv6-PD. Si no está seguro, comuníquese con su ISP para obtener más información." -#: ../../configexamples/zone-policy.rst:144 +#: ../../configexamples/zone-policy.rst:134 msgid "To add logging to the default rule, do:" msgstr "Para agregar el registro a la regla predeterminada, haga lo siguiente:" @@ -2367,7 +2674,11 @@ msgstr "Para llegar a la red, se debe establecer una ruta en cada host VyOS. En msgid "Topology" msgstr "Topología" -#: ../../configexamples/zone-policy.rst:95 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:15 +msgid "Topology consists of:" +msgstr "Topology consists of:" + +#: ../../configexamples/zone-policy.rst:85 msgid "Traffic flows from zone A to zone B. That flow is what I refer to as a zone-pair-direction. eg. A->B and B->A are two zone-pair-destinations." msgstr "El tráfico fluye de la zona A a la zona B. Ese flujo es a lo que me refiero como una dirección de par de zona. p.ej. A->B y B->A son destinos de pares de dos zonas." @@ -2391,7 +2702,7 @@ msgstr "Two VyOS routers with public IP address." msgid "Two rules will be created, the first rule directs traffic coming in from eth2 to eth0 and the second rule directs the traffic to eth1. If eth0 fails the first rule is bypassed and the second rule matches, directing traffic to eth1." msgstr "Se crearán dos reglas, la primera regla dirige el tráfico proveniente de eth2 a eth0 y la segunda regla dirige el tráfico a eth1. Si eth0 falla, la primera regla se omite y la segunda regla coincide, dirigiendo el tráfico a eth1." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:113 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:121 msgid "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that." msgstr "A diferencia de IPv4, IPv6 realmente no está diseñado para dividirse en menos de /64. Entonces, si alguna vez desea tener múltiples LAN, VLAN, DMZ, etc., querrá ignorar el /64 asignado, solicitar el /48 y usarlo." @@ -2421,10 +2732,34 @@ msgstr "VMware: debe DESACTIVAR LA SEGURIDAD en este grupo de puertos. Asegúres msgid "VRF" msgstr "VRF" +#: ../../configexamples/fwall-and-vrf.rst:24 +msgid "VRF LAN:" +msgstr "VRF LAN:" + +#: ../../configexamples/fwall-and-vrf.rst:21 +msgid "VRF MGMT:" +msgstr "VRF MGMT:" + +#: ../../configexamples/fwall-and-vrf.rst:26 +msgid "VRF PROD:" +msgstr "VRF PROD:" + +#: ../../configexamples/fwall-and-vrf.rst:29 +msgid "VRF WAN:" +msgstr "VRF WAN:" + +#: ../../configexamples/fwall-and-vrf.rst:2 +msgid "VRF and firewall example" +msgstr "VRF and firewall example" + #: ../../configexamples/ha.rst:189 msgid "VRRP Configuration" msgstr "Configuración de VRRP" +#: ../../configexamples/fwall-and-bridge.rst:347 +msgid "Validation" +msgstr "Validation" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:160 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:248 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:320 @@ -2555,7 +2890,7 @@ msgstr "VyOS-RR2:" msgid "VyOS 1.3 added initial support for VRFs (including IPv4/IPv6 static routing) and VyOS 1.4 now enables full dynamic routing protocol support for OSPF, IS-IS, and BGP for individual VRFs." msgstr "VyOS 1.3 agregó soporte inicial para VRF (incluido el enrutamiento estático IPv4/IPv6) y VyOS 1.4 ahora permite el soporte completo del protocolo de enrutamiento dinámico para OSPF, IS-IS y BGP para VRF individuales." -#: ../../configexamples/zone-policy.rst:42 +#: ../../configexamples/zone-policy.rst:32 msgid "VyOS acts as DHCP, DNS forwarder, NAT, router and firewall." msgstr "VyOS actúa como DHCP, reenviador de DNS, NAT, enrutador y firewall." @@ -2608,6 +2943,10 @@ msgstr "Sugerencia de tutorial" msgid "We are going to use 10.200.201.0/24 for an 'internal' network on VLAN201." msgstr "Vamos a utilizar 10.200.201.0/24 para una red 'interna' en VLAN201." +#: ../../configexamples/fwall-and-bridge.rst:80 +msgid "We are going to use custom firewall rulesets, one for each bridge that will be used in ``prerouting``, and one for each bridge that will be used in the ``forward`` chain." +msgstr "We are going to use custom firewall rulesets, one for each bridge that will be used in ``prerouting``, and one for each bridge that will be used in the ``forward`` chain." + #: ../../configexamples/ha.rst:191 msgid "We are setting up VRRP so that it does NOT fail back when a machine returns into service, and it prioritizes router1 over router2." msgstr "Estamos configurando VRRP para que NO falle cuando una máquina vuelve a estar en servicio, y prioriza el enrutador1 sobre el enrutador2." @@ -2632,7 +2971,7 @@ msgstr "Tenemos cuatro hosts en la red local 172.17.1.0/24. Todos los hosts est msgid "We have four pre-configured routers with this configuration:" msgstr "We have four pre-configured routers with this configuration:" -#: ../../configexamples/zone-policy.rst:25 +#: ../../configexamples/zone-policy.rst:15 msgid "We have three networks." msgstr "Tenemos tres redes." @@ -2688,6 +3027,10 @@ msgstr "Cuando tenga ambos enrutadores activos, debería poder establecer una co msgid "When you have enabled OSPF on both routers, you should be able to see each other with the command ``show ip ospf neighbour``. The state must be 'Full' or '2-Way'. If it is not, then there is a network connectivity issue between the hosts. This is often caused by NAT or MTU issues. You should not see any new routes (unless this is the second pass) in the output of ``show ip route``" msgstr "Cuando haya habilitado OSPF en ambos enrutadores, debería poder verse con el comando ``show ip ospf neighbour``. El estado debe ser 'Completo' o '2 vías'. Si no es así, entonces hay un problema de conectividad de red entre los hosts. Esto suele deberse a problemas de NAT o MTU. No debería ver ninguna ruta nueva (a menos que esta sea la segunda pasada) en la salida de ``show ip route``" +#: ../../configexamples/fwall-and-bridge.rst:349 +msgid "While testing the configuration, we can check logs in order to ensure that we are accepting and/or blocking the correct traffic." +msgstr "While testing the configuration, we can check logs in order to ensure that we are accepting and/or blocking the correct traffic." + #: ../../configexamples/lac-lns.rst:-1 msgid "Window PPPoE Client Configuration" msgstr "Window PPPoE Client Configuration" @@ -2704,7 +3047,7 @@ msgstr "Guardia de alambre" msgid "Wireguard doesn't have the concept of an up or down link, due to its design. This complicates AND simplifies using it for network transport, as for reliable state detection you need to use SOMETHING to detect when the link is down." msgstr "Debido a su diseño, Wireguard no tiene el concepto de enlace ascendente o descendente. Esto complica Y simplifica su uso para el transporte de red, ya que para una detección de estado confiable, debe usar ALGO para detectar cuándo el enlace está caído." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:105 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:113 msgid "With Tunnelbroker.net, you have two options:" msgstr "Con Tunnelbroker.net, tiene dos opciones:" @@ -2716,6 +3059,10 @@ msgstr "Con este comando podemos verificar el transporte y la etiqueta del clien msgid "Within the VRF we set the Route-Distinguisher (RD) and Route-Targets (RT), then we enable the export/import VPN." msgstr "Dentro del VRF, configuramos el Distinguidor de ruta (RD) y los Objetivos de ruta (RT), luego habilitamos la VPN de exportación/importación." +#: ../../configexamples/fwall-and-bridge.rst:22 +msgid "Within the bridge, accept only new IPv4 connections from host 10.1.1.102" +msgstr "Within the bridge, accept only new IPv4 connections from host 10.1.1.102" + #: ../../configexamples/segment-routing-isis.rst:48 msgid "XRv-P3:" msgstr "XRv-P3:" @@ -2728,7 +3075,7 @@ msgstr "Se las arregló para llegar hasta aquí, ahora queremos ver la red y las msgid "You should be able to ping to and from all the IPs you have allocated." msgstr "Debería poder hacer ping hacia y desde todas las direcciones IP que ha asignado." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:81 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:89 msgid "You should now be able to ping something by IPv6 DNS name:" msgstr "Ahora debería poder hacer ping a algo por nombre de DNS IPv6:" @@ -2736,11 +3083,11 @@ msgstr "Ahora debería poder hacer ping a algo por nombre de DNS IPv6:" msgid "You should now be able to see the advertised network on the other host." msgstr "Ahora debería poder ver la red anunciada en el otro host." -#: ../../configexamples/zone-policy.rst:388 +#: ../../configexamples/zone-policy.rst:378 msgid "You would have 5 zones instead of just 4 and you would configure your v6 ruleset between your tunnel interface and your LAN/DMZ zones instead of to the WAN." msgstr "Tendría 5 zonas en lugar de solo 4 y configuraría su conjunto de reglas v6 entre su interfaz de túnel y sus zonas LAN/DMZ en lugar de la WAN." -#: ../../configexamples/zone-policy.rst:413 +#: ../../configexamples/zone-policy.rst:403 msgid "You would have to add a couple of rules on your wan-local ruleset to allow protocol 41 in." msgstr "Tendría que agregar un par de reglas en su conjunto de reglas wan-local para permitir el protocolo 41 in." @@ -2748,31 +3095,31 @@ msgstr "Tendría que agregar un par de reglas en su conjunto de reglas wan-local msgid "Zone-Policy example" msgstr "Ejemplo de política de zona" -#: ../../configexamples/zone-policy.rst:89 +#: ../../configexamples/zone-policy.rst:79 msgid "Zones Basics" msgstr "Conceptos básicos de las zonas" -#: ../../configexamples/zone-policy.rst:136 +#: ../../configexamples/zone-policy.rst:126 msgid "Zones and Rulesets both have a default action statement. When using Zone-Policies, the default action is set by the zone-policy statement and is represented by rule 10000." msgstr "Tanto las zonas como los conjuntos de reglas tienen una declaración de acción predeterminada. Cuando se utilizan políticas de zona, la acción predeterminada se establece mediante la declaración de política de zona y se representa mediante la regla 10000." -#: ../../configexamples/zone-policy.rst:175 +#: ../../configexamples/zone-policy.rst:165 msgid "Zones do not allow for a default action of accept; either drop or reject. It is important to remember this because if you apply an interface to a zone and commit, any active connections will be dropped. Specifically, if you are SSH’d into VyOS and add local or the interface you are connecting through to a zone and do not have rulesets in place to allow SSH and established sessions, you will not be able to connect." msgstr "Las zonas no permiten una acción predeterminada de aceptar; ya sea descartar o rechazar. Es importante recordar esto porque si aplica una interfaz a una zona y confirma, se eliminarán todas las conexiones activas. Específicamente, si tiene SSH en VyOS y agrega local o la interfaz a través de la cual se está conectando a una zona y no tiene conjuntos de reglas establecidos para permitir SSH y sesiones establecidas, no podrá conectarse." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:172 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:180 msgid "`2001:470:xxxx:1::/64`: A subnet suitable for a LAN" msgstr "`2001:470:xxxx:1::/64`: una subred adecuada para una LAN" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:173 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:181 msgid "`2001:470:xxxx:2::/64`: Another subnet" msgstr "`2001:470:xxxx:2::/64`: Otra subred" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:171 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179 msgid "`2001:470:xxxx::/48`: The whole subnet. xxxx should come from Tunnelbroker." msgstr "`2001:470:xxxx::/48`: toda la subred. xxxx debe provenir de Tunnelbroker." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:174 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:182 msgid "`2001:470:xxxx:ffff:/64`: The last usable /64 subnet." msgstr "`2001:470:xxxx:ffff:/64`: la última subred /64 utilizable." @@ -2898,7 +3245,7 @@ msgstr "conmutador 1 (conmutador Nexus de 10 gb)" msgid "switch2 (Nexus 10gb Switch)" msgstr "switch2 (Conmutador Nexus de 10 gb)" -#: ../../configexamples/zone-policy.rst:394 +#: ../../configexamples/zone-policy.rst:384 msgid "v6 pairs would be:" msgstr "Los pares v6 serían:" |