[FreeBSD] PF Yardım

[T.Tuncay Hebu]

Slm;   Aşağıdaki gibi bir yapı oluşturmaya çalışıyorum. Nerde yanlış yaptığım hakkında yardımcı olursanız sevinirim.   Teşekkürler                                          |--(fxp0)------------- ISP1  LAN ----------- (xl0)—FW---|                                |      |--(fxp1)------------- ISP2                                |                              (fxp2)                                |                                |                                |                                |                               DMZ   1.LAN - ISP1 DEN 2.DMZ - ISP2 DEN INTERNETE BAGLANMASINI İSTIYORUM.     GECICI OLARAK HAZIRLADIGIM TEST ORTAMINDAKI OPENBSD 3.8'IN PF.CONF ICERIGI ASAGIDAKI GIBIDIR.   ########################################## ext_if1="fxp0" ext_gw1="10.10.10.1" ext_if2="fxp1" ext_gw2="10.20.20.1" int_if1="xl0" int_if2="fxp2" lan_net="192.168.1.0/24" dmz_net="192.168.2.0/24"   nat on $ext_if1 from $lan_net to any -> ($ext_if1) nat on $ext_if2 from $dmz_net to any -> ($ext_if2)   block in from any to any block out from any to any   pass out on $int_if1 from any to $lan_net pass in quick on $int_if1 from $lan_net to $int_if1   pass out on $int_if2 from any to $dmz_net pass in quick on $int_if2 from $dmz_net to $int_if2   pass in  on $int_if1 route-to ($ext_if1 $ext_gw1) \  proto tcp from $lan_net to any flags S/SA modulate state pass in  on $int_if1 route-to ($ext_if1 $ext_gw1) \  proto { udp, icmp } from $lan_net to any keep state   pass in  on $int_if2 route-to ($ext_if2 $ext_gw2) \  proto tcp from $dmz_net to any flags S/SA modulate state pass in  on $int_if2 route-to ($ext_if2 $ext_gw2) \  proto { udp, icmp } from $dmz_net to any keep state   pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state pass out on $ext_if1 proto { udp, icmp } from any to any keep state pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state pass out on $ext_if2 proto { udp, icmp } from any to any keep state   pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any   ###########################   fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500         lladdr 00:0e:0c:76:f7:28         groups: egress         media: Ethernet autoselect (100baseTX full-duplex)         status: active         inet 10.10.10.13 netmask 0xffffff00 broadcast 10.10.10.255         inet6 fe80::20e:cff:fe76:f728%fxp0 prefixlen 64 scopeid 0x1 fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500         lladdr 00:0e:0c:76:f7:29         media: Ethernet autoselect (100baseTX full-duplex)         status: active         inet 10.20.20.10 netmask 0xffffff00 broadcast 10.20.20.255         inet6 fe80::20e:cff:fe76:f729%fxp1 prefixlen 64 scopeid 0x2 xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500         lladdr 00:04:76:0b:27:de         media: Ethernet autoselect (none)         status: no carrier         inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255         inet6 fe80::204:76ff:fe0b:27de%xl0 prefixlen 64 scopeid 0x3 fxp2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500         lladdr 00:a0:c9:43:26:45         media: Ethernet autoselect (10baseT)         status: active         inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255         inet6 fe80::2a0:c9ff:fe43:2645%fxp2 prefixlen 64 scopeid 0x4