sunucular icin yonlendirme(rdr) kuraliniz yok. smtp, pop, www servisler firewall uzerinde mi calisiyor? Yok firewall uzerinde calismiyorsa bu sunucular icin RDR kurallari yazmalisiniz.
ek olarak yazdiginiz "pass in quick on $int_if all " kurali ondan sonra $int_if 'e gelecek tum kurallarin islevsiz kalmasini sagliyor.
On 11/3/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Huzeyfe bey mrb,
söylediginiz sekilde kurallari duzenledim fakat bu sefer makineye ping
cekebiliyorum ama 22 25 110 80 portlari acmama ragmen server a
ulasamiyorum uygalamis oldugum kurallari tekrar asagiya yaziyorum.
saygilar....
veysi gumus
###################################################
# Macros
###################################################
lan_net = "10.0.0.0/24"
lan2_net = "10.0.2.0/24"
lan3_net = " 10.0.3.0/24"
lan4_net = "10.0.4.0/24"
int_if = "bge0"
ext_if = "vr0"
ext_if2 = "vr1"
ext_gw1 = " 192.168.100.213"
ext_gw2 = "192.168.110.25"
##################################################
#Tanımlar
##################################################
table <msn> persist file "/usr/local/etc/fw/msn"
table <kamera> persist file "/usr/local/etc/fw/kamera"
table <ftp> persist file "/usr/local/etc/fw/ftp"
table <sigorta> persist file "/usr/local/etc/fw/sigorta"
table <banka> persist file "/usr/local/etc/fw/banka"
###################################################
# Set Optimizations
###################################################
set limit { frags 30000, states 25000 }
set loginterface $ext_if
scrub in all
##################################################
#Nat Kuralları
##################################################
nat on $ext_if from $lan_net to any -> ($ext_if)
nat on $ext_if from $lan2_net to any -> ($ext_if)
nat on $ext_if from $lan3_net to any -> ($ext_if)
nat on $ext_if from $lan4_net to any -> ($ext_if)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)
nat on $ext_if2 from $lan2_net to any -> ($ext_if2)
nat on $ext_if2 from $lan3_net to any -> ($ext_if2)
nat on $ext_if2 from $lan4_net to any -> ($ext_if2)
rdr on $int_if proto tcp from any to any port 80 -> 10.0.0.2 port 8080
##################################################
#Firewall Kuralları
##################################################
block in all
block out all
pass in quick on lo0 all
pass out quick on lo0 all
pass in quick on $int_if all
pass in on $int_if route-to \
{ ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto tcp from $lan_net to any flags S/SA modulate state
pass in on $int_if route-to \
{ ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto { udp, icmp } from $lan_net to any keep state
pass out quick on $int_if proto { udp, icmp } from any to any keep state
pass out quick on $ext_if proto { udp, icmp } from any to any keep state
pass out quick on $ext_if2 proto { udp, icmp } from any to any keep state
pass out quick log on $int_if proto tcp from <msn> to any port = 1863
flags S/SA
pass out quick log on $int_if proto tcp from <kamera> to any port = 18082
flags S/SA
pass out quick log on $int_if proto tcp from <sigorta> to any port = 12173
flags S/SA
pass out quick log on $int_if proto tcp from <banka> to any port = 443
flags S/SA
pass out quick log on $int_if proto tcp from <ftp> to any port = 21 flags
S/SA
pass out quick log on $int_if proto tcp from any to any port
{22,25,80,110} flags S/SA
pass in quick log on $ext_if2 proto tcp from any to any port {25,80,110}
flags S/SA
pass out quick log on $ext_if2 proto tcp from any to any port {25,80,110}
flags S/SA
pass in quick log on $ext_if proto tcp from any to any port = 22 flags S/SA
pass out on $ext_if route-to ($ext_if2 $ext_gw2)from $ext_if2 to any pass
out on $ext_if2 route-to ($ext_if $ext_gw1) from $ext_if to any
---------------------------------------------------------------------
Cikmak icin, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://lists.enderunix.org
Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php
--
Huzeyfe ÖNAL
EnderUnix Core Team Member
[EMAIL PROTECTED]
http://www.enderunix.org/huzeyfe
+90 505 5260064
---
