Evet sorunun temelini anlayabilmek icin
blocklama yapmadim.bende oyle dusunecem ama 22 numarali port acik olmazdi
enteresan Dis tarama yapan bir siteden tarama
yapiyorum ve makina dan 25 numarali portu dinliyorum goremiyorum 16:15:20.891211 IP gate.city.com >
0.0.0.0: pfsync 228 16:15:20.891216 IP gate.city.com >
0.0.0.0: pfsync 228 Boyle bir seyler cikiyor acaba alakasi
olabilir mi? From: Huzeyfe Onal
[mailto:[EMAIL PROTECTED] Merhaba, 2006/2/23, Abdullah OZTURK <[EMAIL PROTECTED]>: Pf ornek configurasyondan duzenlemey calistim
<foo> degistirmeyi unutmusum oyle kalmis… configurasyonu da
ekte gonderiyorum.. From: Huzeyfe Onal [mailto:[EMAIL PROTECTED]]
Merhaba, pass in on fxp0 proto tcp from any to <foo> port = http
keep state pass in on fxp0 proto udp from any to <foo> port = http
keep state kurallarindaki foo'lar nedir? tum kural aileniz bu mu? ek
olarak pass/block li kurallara mutlaka log ekeyin ki problem ciktiginde
hangi kuraldan dolayi cikiyor gorebiliriz. 2006/2/23,
Abdullah OZTURK < [EMAIL PROTECTED]>: Huzeyfe bey, Sozunuzu tutup PF kurdum nat ve transparan squid gayet
guzel calismakta RDR yonlendirme calismiyor… lutfen
yardim…. pfctl –sa kismi sonucu asagidaki
gibidir.. nat on fxp0 inet from 192.0.0.0/8 to any -> (fxp0) round-robin rdr on fxp0 inet proto tcp from any to x.x.x.x port = smtp
-> 192.168.1.2 port 25 rdr on fxp0 inet proto tcp from any to x.x.x.x port = pop3
-> 192.168.1.2 port 110 rdr on rl0 inet proto tcp from 192.168.1.0/24 to any port = http -> 127.0.0.1 port 3128 FILTER RULES: pass in on rl0 inet proto tcp from any to 127.0.0.1 port = 3128 keep state pass out on fxp0 inet proto tcp from any to any port = http
keep state pass in on fxp0 inet proto tcp from any to any port = smtp
keep state pass in on fxp0 proto tcp from any to <foo> port = http
keep state pass in on fxp0 proto udp from any to <foo> port = http
keep state From: Huzeyfe Onal [mailto: [EMAIL PROTECTED]]
Merhaba, 2006/2/7,
Abdullah OZTURK < [EMAIL PROTECTED]>: Arkadaslar
frebsd gonuldaslari mail server a yonlendirme isini bir turlu
cozemedim 4.3 de normal calisan conf 6.0 da yukledim
calismadi nat ve ipfwde conf larindan baska bir ayar mi var acaba Rc.conf ….. firewall_enable="YES" firewall_type="/etc/ipfw/ipfw.conf" #firewall_script="/etc/rc.firewall" firewall_quiet="NO" firewall_logging_enable="YES" natd_enable="YES" natd_interface="fxp0" natd_flags="-f
/etc/ipfw/natd.conf" ….. ipfw.conf add
00020 divert 8668 ip from any to any via fxp0 add
00021 pipe 1 ip from any to 192.168.1.128/25
out via rl0 pipe
1 config bw 200kbit/s add
00022 fwd 192.168.1.2,25
tcp from any to any 25 in recv fxp0 add
00023 fwd 192.168.1.2,110
tcp from any to any 110 in recv fxp0 ….. ….. natd.conf use_sockets same_ports interface
fxp0 redirect_port
tcp 192.168.1.2:25 25 redirect_port
tcp 192.168.1.2:110 110 dynamic
|
- RE: [FreeBSD] IPFW-NAT-FWD Abdullah OZTURK
- RE: [FreeBSD] IPFW-NAT-FWD Abdullah OZTURK