merhaba,
kural tablomu soylediginiz yola gore yeniden
duzenledim.disaridan 2.adsl uzerinden firewall makinaya 25,80,110 portlar
acmistim problem olmadan ulasabiliyorum.fakat 1. adsl uzerinden ssh port acik
olmasina ragmen ulasamiyorum.2.bir sorun ise kural taplosunu yukledigimde local
makinelerden firewall makinesine ulasamiyorum 22 25 110 80 portlari kural
tablosunda acmis durumdayim vermis oldugum rahatsizlik tan dolayida ozur
dilerim.kural tablosunu en son halini tekrar asagiya yazdim
saygilar.....
###################################################
# Macros ################################################### lan_net = "{ 10.0.0.0/24, 10.0.2.0/24, 10.0.3.0/24, 10.0.4.0/24 }" int_if = "bge0" ext_if = "vr0" ext_if2 = "vr1" ext_gw1 = "192.168.100.213" ext_gw2 = "192.168.110.25" ##################################################
#Tanımlar ################################################## table <msn> persist file "/usr/local/etc/fw/msn" table <kamera> persist file "/usr/local/etc/fw/kamera" table <ftp> persist file "/usr/local/etc/fw/ftp" table <sigorta> persist file "/usr/local/etc/fw/sigorta" table <banka> persist file "/usr/local/etc/fw/banka" ###################################################
# Set Optimizations ################################################### set limit { frags 30000, states 25000 } set loginterface $ext_if scrub in all ##################################################
#Nat Kuralları ################################################## nat on $ext_if from $lan_net to any -> ($ext_if) nat on $ext_if2 from $lan_net to any -> ($ext_if2) rdr on $int_if proto tcp from any to any port 80 -> 10.0.0.2 port 8080 ##################################################
#Firewall Kuralları ################################################## block in all block out allpass in on $int_if route-to \ { ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto tcp from $lan_net to any flags S/SA modulate state pass in on $int_if route-to \
{ ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto { udp, icmp } from $lan_net to any keep state ##################################################
#1.Adsl Uzerinden Gelisler ################################################## pass in quick log on $ext_if proto tcp from any to any port = 22 flags S/SA pass out quick on $ext_if proto { udp, icmp } from $ext_if to any keep state pass out on $ext_if2 route-to ($ext_if $ext_gw1) from $ext_if to any keep state ##################################################
#2.Adsl Uzerinden Gelisler ################################################## pass in quick log on $ext_if2 proto tcp from any to any port {25,80,110} flags S/SA pass out quick on $ext_if2 proto { udp, icmp } from $ext_if2 to any keep state pass out on $ext_if route-to ($ext_if2 $ext_gw2) from $ext_if2 to any keep state ##################################################
#Localden Firewall Gelisler ################################################## pass out quick log on $int_if proto tcp from <msn> to any port = 1863 flags S/SA pass out quick log on $int_if proto tcp from <kamera> to any port = 18082 flags S/SA pass out quick log on $int_if proto tcp from <sigorta> to any port = 12173 flags S/SA pass out quick log on $int_if proto tcp from <banka> to any port = 443 flags S/SA pass out quick log on $int_if proto tcp from <ftp> to any port = 21 flags S/SA pass out quick log on $int_if proto tcp from any to any port { 22, 25, 80, 110 } flags S/SA
|
- [FreeBSD] freebsd pf veysi
- Re: [FreeBSD] freebsd pf Huzeyfe Onal
- [FreeBSD] freebsd pf veysi
- Re: [FreeBSD] freebsd pf Huzeyfe Onal
- Re: [FreeBSD] freebsd pf Veysi Gümüs
- Re: [FreeBSD] freebsd pf Huzeyfe Onal
- Re: [FreeBSD] freebsd pf Veysi Gümüs
- Re: [FreeBSD] freebsd pf Huzeyfe Onal
- Re: [FreeBSD] freebsd pf Veysi Gümüs