Re: [FreeBSD] IPFW-NAT-FWD

Thu, 23 Feb 2006 03:22:48 -0800

Merhaba,

pass in on fxp0 proto tcp from any to <foo> port = http keep state

pass in on fxp0 proto udp from any to <foo> port = http keep state


kurallarindaki foo'lar nedir? tum kural aileniz bu mu? ek olarak pass/block li kurallara mutlaka log ekeyin ki problem ciktiginde  hangi kuraldan dolayi cikiyor gorebiliriz.






2006/2/23, Abdullah OZTURK < [EMAIL PROTECTED]>:

Huzeyfe bey,

 

Sozunuzu tutup PF kurdum  nat ve transparan squid gayet guzel calismakta  RDR yonlendirme  calismiyor… lutfen yardim….

 

pfctl –sa    kismi sonucu asagidaki gibidir..

 

nat on fxp0 inet from 192.0.0.0/8 to any -> (fxp0) round-robin

rdr on fxp0 inet proto tcp from any to x.x.x.x port = smtp -> 192.168.1.2 port 25

rdr on fxp0 inet proto tcp from any to x.x.x.x port = pop3 -> 192.168.1.2 port 110

rdr on rl0 inet proto tcp from 192.168.1.0/24 to any port = http -> 127.0.0.1 port 3128

 

FILTER RULES:

pass in on rl0 inet proto tcp from any to 127.0.0.1 port = 3128 keep state

pass out on fxp0 inet proto tcp from any to any port = http keep state

pass in on fxp0 inet proto tcp from any to any port = smtp keep state

pass in on fxp0 proto tcp from any to <foo> port = http keep state

pass in on fxp0 proto udp from any to <foo> port = http keep state

 

From: Huzeyfe Onal [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 08, 2006 10:31 AM
 To: freebsd@lists.enderunix.org
 Subject: Re: [FreeBSD] IPFW-NAT-FWD

 

Merhaba,

bence bu kadar ugrasi yerin bir adet PF(Packet Filter ) kurun, hem siz rahat edin hem FreeBSD makineniz rahat etsin ;-). Kurallarini yazmak da bu kadar karmasik ve uzun surmez

2006/2/7, Abdullah OZTURK < [EMAIL PROTECTED]>:

Arkadaslar frebsd gonuldaslari   mail server a yonlendirme isini bir turlu cozemedim  4.3 de normal calisan conf  6.0 da  yukledim calismadi nat ve ipfwde conf larindan baska bir ayar mi var  acaba

 

Rc.conf

…..

firewall_enable="YES"

firewall_type="/etc/ipfw/ipfw.conf"

#firewall_script="/etc/rc.firewall"

firewall_quiet="NO"

firewall_logging_enable="YES"

natd_enable="YES"

natd_interface="fxp0"

natd_flags="-f /etc/ipfw/natd.conf"

…..

 

ipfw.conf

add 00020 divert 8668 ip from any to any via fxp0

add 00021 pipe 1 ip from any to 192.168.1.128/25 out via rl0

pipe 1 config bw 200kbit/s

add 00022 fwd 192.168.1.2,25  tcp from any to any 25 in recv fxp0

add 00023 fwd 192.168.1.2,110  tcp  from any to  any 110 in recv fxp0

…..

…..

 

natd.conf

 

use_sockets

same_ports

interface fxp0

redirect_port tcp 192.168.1.2:25 25

redirect_port tcp 192.168.1.2:110 110

dynamic

 

 

 




--
Huzeyfe ÖNAL  
---
First Turkish Qmail book is out! Go check it.
Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti.
http://www.acikakademi.com/catalog/qmail/




--
Huzeyfe ÖNAL  
---
First Turkish Qmail book is out! Go check it.
Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti.
http://www.acikakademi.com/catalog/qmail/

Cevap