Pf.conf dosyasi basitce asagidaki gibidir. LL'dan cikan iplerin nata
girmemesi icin kural var ama yinede ayni sorun devam ediyor.
******************************************************************
nat on $ext_if from $lan_net to any -> ($ext_if)
no nat on $ext_if from $SERVERS to any
pass in on $int_if from $lan_net to any
pass out on $int_if from any to $lan_net
pass in quick on $int_if from $lan_net to $int_if
pass in on $int_if route-to ($ext_if $LL) proto tcp from $SERVERS to any
pass in on $int_if route-to ($ext_if $LL) proto { udp, icmp} from $SERVERS
to any
pass in on $ext_if all
pass out on $ext_if all
******************************************************************
-----Original Message-----
From: Huzeyfe Onal [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 05, 2006 10:47 AM
To: freebsd@lists.enderunix.org
Subject: Spam:Re: [FreeBSD] ipfw - pf
Merhaba,
icerideki makineler NAt ile disariya cikiyorsa nat kurallarinizda
onemli. Zira LLdan cikacak bir paketi diger arabirimiden nat
yaparsaniz dogal olarak isteginiz olmaz.
On 7/4/06, Muammer Dogan <[EMAIL PROTECTED]> wrote:
>
> Merhaba,
>
> Belirttiginiz sekilde kurallari duzenledim. Disaridaki bir ipye ping
> yada trace cekebiliyorum ama tracelerde BSD'nin ipsini goremiyorum.
> Disaridan trace cektigimde ise BSD peketleri geri gonderiyor.
>
> Kurallar ve yapi agadisaki gibidir.
>
> ADSL-----
> |---BSD--Local
> LL-------
>
> Bsd'nin default gw adsl dir.
>
> pass in on $int_if route-to ($ext_if $LL) proto tcp from $SERVERS to any
> pass in on $int_if route-to ($ext_if $LL) proto { udp, icmp} from $SERVERS
> to any
>
> .......trace.......
> 10.11.1.4 -> 192.168.0.140
>
> traceroute 192.168.0.140
> Type escape sequence to abort.
> Tracing the route to 192.168.0.140
>
> 1 10.11.1.5 0 msec 4 msec 0 msec
> 2 10.11.1.5 0 msec 4 msec 0 msec
>
> .................
>
>
>
>
> -----Original Message-----
> From: Huzeyfe Onal [mailto:[EMAIL PROTECTED]
> Sent: Sunday, July 02, 2006 8:09 PM
> To: freebsd@lists.enderunix.org
> Subject: Re: [FreeBSD] ipfw - pf
>
> Merhaba,
>
> route-to tanimini ic interfacede kullanirsaniz nat'a takilmadan islem
gorur.
>
> pass in on $INT_IF route-to { $EXT_IF1 10.11.1.4} from
> 192.168.0.140/32 to any ...
>
> gibi
>
> On 7/1/06, Serhat Selahattin Umar <[EMAIL PROTECTED]> wrote:
> >
> > Merhaba,
> >
> > route-to isinize yarar sanirim.... ilgili interface in cikisinda paketi
> > yakalayip istenilen yere route edebilirsiniz, fakat nat yapiyorsaniz
paket
> > nat a girerse yakalayamiyabilirsiniz... deneyin...
> >
> > Serhat
> >
> >
> > pass out on fxp0 route-to 10.11.1.4 from 192.168.0.140/32 to any
> >
> >
> > On Jul 1, 2006, at 1:12 PM, Muammer Dogan wrote:
> >
> > slm
> > asagidaki satiri pf'de nasıl yazabilirim yada onereceginiz baska bir
> > yontem varmi.
> >
> > ipfw add fwd 10.11.1.4 all from 192.168.0.140/32 to any
> >
> > iyi calismalar...
> > Muammer
> >
> >
> >
> > -[ssu]-
> > serhat at secureinbox dot net
> >
> >
> >
> >
>
>
> --
> Huzeyfe ÖNAL
> +90 505 5260064
> ---
> Ag Guvenligi Listesine uye oldunuz mu?
> http://www.huzeyfe.net/netsec.html
>
>
>
> ---------------------------------------------------------------------
> Cikmak icin, e-mail: [EMAIL PROTECTED]
> Liste arsivi: http://lists.enderunix.org
> Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php
>
>
>
--
Huzeyfe ÖNAL
+90 505 5260064
---
Ag Guvenligi Listesine uye oldunuz mu?
http://www.huzeyfe.net/netsec.html
---------------------------------------------------------------------
Cikmak icin, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://lists.enderunix.org
Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php
