Re: [FreeBSD] ipfw ve kurallar...

Arda bozkurt Mon, 07 Apr 2008 05:16:01 -0700

hata alman gayet normal zaten hatanin ne oldugunuda soyluyor. pf'de rulelar
belli bir duzen icinde olmali "Rules must be in order: options,
normalization, queueing, translation, filtering"   .  Asagidaki sekilde
anchor rulelarini duzenlersen sorun olmayacaktir.





ext_if="le0"
ext_ip="{10.0.0.19 , 10.0.0.20 }"

*anchor "ftp-proxy/*" *
*nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $ext_if proto tcp from any to any port 21 ->
**127.0.0.1*<http://127.0.0.1/>
* \ port 8021*

pass quick on lo0 keep state
pass in quick on $ext_if inet proto tcp from any to $ext_ip port {22, 80,
21} keep state flags S/SA
pass in quick on $ext_if inet proto tcp from any to $ext_ip port = 53 keep
state flags S/SA
pass in quick on $ext_if inet proto udp from any to $ext_ip port = 53 keep
state



2008/4/7 Sinan <[EMAIL PROTECTED]>:

>
>
>
>
>         Ekledim  anchor "ftp-proxy/*"  yi ama hocam sorun aynı yine
> saygılar...
>
>
>
> *******************
>
> ext_if="le0"
> ext_ip="{10.0.0.19 , 10.0.0.20 }"
>
>
>
> scrub in all
> pass quick on lo0 keep state
> pass in quick on $ext_if inet proto tcp from any to $ext_ip port {22, 80,
> 21} keep state flags S/SA
> pass in quick on $ext_if inet proto tcp from any to $ext_ip port = 53 keep
> state flags S/SA
> pass in quick on $ext_if inet proto udp from any to $ext_ip port = 53 keep
> state
>
>
> pass out log on $ext_if inet proto tcp from ($ext_if) port > 1023 \ to any
> port ftp modulate state
> pass out log on $ext_if inet proto tcp from ($ext_if) port > 1023 \ to any
> port > 1023 modulate state
> pass in log on $ext_if inet proto tcp from ($ext_if) port > 1023 \ to any
> port > 1023 modulate state
>
> anchor "ftp-proxy/*"
> nat-anchor "ftp-proxy/*"
> rdr-anchor "ftp-proxy/*"
> rdr on $ext_if proto tcp from any to any port 21 -> 127.0.0.1 \ port 8021
>
>
> pass in on $ext_if proto tcp from any to any port 21 keep state
> pass in on $ext_if proto tcp from any to any port > 49151 \ keep state
>
> pass out quick on $ext_if inet proto tcp all modulate state flags S/SA
> pass out quick on $ext_if inet proto { udp, icmp } all keep state
> block in quick all
> block out quick all
>
> ****************************************************
>
> [EMAIL PROTECTED] ~]#  pfctl -f /etc/pf.conf
> /etc/pf.conf:18: Rules must be in order: options, normalization, queueing,
> translation, filtering
> /etc/pf.conf:19: Rules must be in order: options, normalization, queueing,
> translation, filtering
> /etc/pf.conf:20: Rules must be in order: options, normalization, queueing,
> translation, filtering
> pfctl: Syntax error in config file: pf rules not loaded
> [EMAIL PROTECTED] ~]#
>
>
>
>

Re: [FreeBSD] ipfw ve kurallar...

Reply via email to