2009/11/14 Wanderson Tinti <wander...@bsd.com.br> > Olá, Enio. > > Veja o script abaixo. > > #Macros - Váriaveis > local_net = "192.168.168.0/24" > int_if1 = "xl2" > ext_if1 = "xl0" > ext_if2 = "xl1" > ext_gw1 = "200.200.10.10" > ext_gw2 = "201.201.10.10" > > #NAT - Para as duas Interface > nat on $ext_if1 from $lan_net to any -> $ext_if1 > nat on $ext_if2 from $lan_net to any -> $ext_if2 > > #REDIRECIONAMENTO > rdr on $ext_if2 proto tcp from any to $ext_if1 port 3655 -> 192.168.168.254 > > #REGRAS DE FILTRO > > #PERMITE COMUNICACAO ENTRE REDE LOCAL E GATEWAY. > pass out on $int_if1 from any to $local_net > pass in quick on $int_if1 from $local_net to $int_if1 > > #HTTP UTILIZA LINK2. > pass in quick on $int_if1 route-to ($ext_if2 $ext_gw2) proto tcp from \ > $local_net to any port 80 flags S/SA modulate state > > #HTTPS UTILIZA LINK1. > pass in quick on $int_if1 route-to ($ext_if1 $ext_gw1) proto tcp from \ > $local_net to any port 443 flags S/SA modulate state > > #SSH UTILIZA LINK2. > pass in quick on $int_if1 route-to ($ext_if2 $ext_gw2) proto tcp from \ > $local_net to any port 22 flags S/SA modulate state > > #SSH - A ROTA DEFAULT E LINK1. O QUE ENTRAR PELO LINK2 NA PORTA SSH > #DEVE RETORNAR PELO LINK2 E NAO PELA LINK1(ROTA DEFAULT). > pass in quick on $ext_if2 reply-to ($ext_if2 $ext_if2) proto tcp from \ > any to any port 22 keep state > > #DISTRIBUI O RESTANTE DOS PACOTES(TCP) PELOS DOIS LINKS. > #OBSERVER QUE NAS REGRAS ANTERIORES FORAM UTILIZADO A OPCAO 'quick'. > pass in on $int_if1 route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } > round-robin \ > proto tcp from $local_net to any flags S/SA modulate state > > #DISTRIBUI O RESTANTE DOS PACOTES(UDP e ICMP) PELOS DOIS LINKS. > pass in on $int_if1 route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } > round-robin \ > proto { udp, icmp } from $local_net to any keep state > > #PERMITE A SAIDA DOS PACOTES(TCP, UDP e ICMP) PELAS INTERFACES EXTERNAS. > pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state > pass out on $ext_if1 proto { udp, icmp } from any to any keep state > pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state > pass out on $ext_if2 proto { udp, icmp } from any to any keep state > > #ALINHA A SAIDA DOS PACOTES PARA A INTEFACE CORRETA. > pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any > pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any > > > Sugiro que você teste essas regras sem utilizar o Proxy. > Boa noite. > > > Atenciosamente, > Wanderson Tinti > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >
blza amigo, obrigado pelo help eu vo analisar o script e fazer uns testes, reporto dps o resultado abraços -- ENIO RODRIGO MARCONCINI gtalk: eni...@gmail.com skype: eniorm msn: /dev/null > FreeBSD -:- OpenBSD -:- > Coleções Marcas de Cigarros < Obi-Wan has taught you well.... ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd