[FreeBSD] Static route ve PF

Wed, 28 Jan 2009 23:07:21 -0800 

Merhabalar,

 

Freebsd makinamda bir static route yazılı farklı bir subnete gitmek için
faklı bir gatewaye yönlendirme yapmış durumdayım. Fakat Pf te sorun çıkıyor.
Şöyle ki; kurallarda default olarak bütün trafiği blockladım. İçeriden
dışarıya çıkışlarda belirli portlara izin veriyorum. Fakat static route
çalışmıyor bu seferde. İçeride ki makinelerin dışarıya çıkışlarına full izin
verdiğimde bu sefer route çalışıyor. Bu işi nasıl çözebilirim?

 

Static route çalışan PF.conf:

 

ext_if="em0"

int_if="bge0"

dmz_if="bge1"

 

int_net="10.10.1.0/24"

safeports="{ 21, 22, 25, 26, 53, 80, 110, 443 }"

izinli="{ 10.10.1.237/32, 10.10.1.248/32 }"

 

scrub in all

 

nat on $ext_if from $int_net to any -> $ext_if

 

rdr pass log(all) on $int_if proto tcp from $int_net to any port 80 ->
127.0.0.1 port 3128

 

block in log(all)

block out log(all) 

 

pass out keep state

 

pass quick on lo0

 

block in log(all) quick on $int_if proto tcp from any to any port 1863

 

pass in log(all) on $int_if from $int_net to any keep state 

 

pass in log(all) on $ext_if proto tcp from any to ($ext_if) port 26 keep
state

 

pass in log(all) on $int_if proto tcp from $int_net to any port {10000} keep
state

 

pass in log(all) on $int_if from $izinli to any keep state

 

pass in log(all) on $int_if proto udp from $int_net to any port {53}

 

 

Static Route çalışmayan PF.conf :

 

ext_if="em0"

int_if="bge0"

dmz_if="bge1"

 

int_net="10.10.1.0/24"

safeports="{ 21, 22, 25, 26, 53, 80, 110, 443 }"

izinli="{ 10.10.1.237/32, 10.10.1.248/32 }"

 

scrub in all

 

nat on $ext_if from $int_net to any -> $ext_if

 

rdr pass log(all) on $int_if proto tcp from $int_net to any port 80 ->
127.0.0.1 port 3128

 

block in log(all)

block out log(all) 

 

pass out keep state

 

pass quick on lo0

 

block in log(all) quick on $int_if proto tcp from any to any port 1863

 

pass in log(all) quick on $int_if proto tcp from $int_net to any port
$safeports keep state

 

pass in log(all) on $ext_if proto tcp from any to ($ext_if) port 26 keep
state

 

pass in log(all) on $int_if proto tcp from $int_net to any port {10000} keep
state

 

pass in log(all) on $int_if from $izinli to any keep state

 

pass in log(all) on $int_if proto udp from $int_net to any port {53}

Cevap