Bruno Fernandes wrote: > Hi again !!! > > Please post your ipf.rules and ipnat.rules to see if i can figure what's appening !!! > > Regards > BF >
here it is, friend. The proposed block rules is between '#', 14th till 16th line below: block in quick on rl0 from 192.168.0.0/24 to any block in quick from 172.16/12 to any block in quick from 10.0.0.0/8 to any block in quick from 0.0.0.0/8 to any block in quick from 169.254.0.0/16 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl1 from 127.0.0.0/8 to any block in quick on rl2 from 127.0.0.0/8 to any block in quick from 192.0.2.0/24 to any block in quick from 204.152.64.0/23 to any block in quick from 224.0.0.0/3 to any block in log quick on rl0 from any to 192.168.1.0/32 block in log quick on rl0 from any to 192.168.1.255/32 # block out quick on rl1 proto tcp/udp from 192.168.10.0/24 to 192.168.1.0/24 # pass in quick on lo0 pass out quick on lo0 pass in quick on gif0 pass out quick on gif0 pass in quick on rl2 pass out quick on rl2 pass in quick on rl0 pass out quick on rl0 pass in quick proto tcp from any to any port = 22 keep state pass in quick on rl1 proto tcp from any to any port = 25 keep state pass in quick proto tcp from any to any port = 10000 keep state pass in quick on rl1 proto tcp from any to any port = 53 keep state pass in quick on rl1 proto udp from any to any port = 53 keep state pass out quick on rl1 proto tcp from any to any keep state pass out quick on rl1 proto udp from any to any keep state block out quick on rl1 all block in quick on rl1 all pass out quick proto icmp from any to any keep state pass out quick proto tcp/udp from any to any keep state keep frags pass in quick proto tcp/udp from any to any keep state keep frags :===================================== and hereis the ipnat.conf: map rl0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp map rl0 192.168.1.0/24 -> 0/32 map rl0 192.168.10.0/24 -> 0/32 proxy port ftp ftp/tcp map rl0 192.168.10.0/24 -> 0/32 rdr rl0 200.198.77.35/32 port 80 -> 192.168.10.2 port 80 rdr rl0 200.198.77.36/32 port 80 -> 192.168.10.2 port 80 rdr rl2 200.198.77.35/32 port 80 -> 192.168.10.2 port 80 rdr rl2 200.198.77.36/32 port 80 -> 192.168.10.2 port 80 rdr rl0 200.198.77.35/32 port 25 -> 192.168.10.2 port 25 rdr rl0 200.198.77.34/32 port 53 -> 192.168.10.2 port 53 rdr rl0 200.198.77.35/32 port 53 -> 192.168.10.2 port 53 rdr rl0 200.198.77.34/32 port 53 -> 192.168.10.2 port 53 udp rdr rl0 200.198.77.35/32 port 53 -> 192.168.10.2 port 53 udp hmmm... in re-reading these rules, I think that something is wrong with the 4th/5th lines. Or am I just desperate?? > -- sauda��es, irado furioso com tudo. Linux User (SuSE) 179.402 que se pode esperar de um pa�s que considera bundas gordas como 'talento'e intelig�ncia � aferida pelo 'show do milh�o'? _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
