MErhabalar, butun kurallarinizda loglama yaptiginiza gore paketlerin hangi kuraldan dolayi gecemedigini pflog02i izleyerek bulabilirsiniz.
Huzeyfe ONAL [email protected] http://www.lifeoverip.net Ag guvenligi listesine uye oldunuz mu? http://netsec.lifeoverip.net --- On Thu, Jan 29, 2009 at 9:06 AM, Mehmet Zahid Öğrenç <[email protected]> wrote: > Merhabalar, > > > > Freebsd makinamda bir static route yazılı farklı bir subnete gitmek için > faklı bir gatewaye yönlendirme yapmış durumdayım. Fakat Pf te sorun çıkıyor. > Şöyle ki; kurallarda default olarak bütün trafiği blockladım. İçeriden > dışarıya çıkışlarda belirli portlara izin veriyorum. Fakat static route > çalışmıyor bu seferde. İçeride ki makinelerin dışarıya çıkışlarına full izin > verdiğimde bu sefer route çalışıyor. Bu işi nasıl çözebilirim? > > > > Static route çalışan PF.conf: > > > > ext_if="em0" > > int_if="bge0" > > dmz_if="bge1" > > > > int_net="10.10.1.0/24" > > safeports="{ 21, 22, 25, 26, 53, 80, 110, 443 }" > > izinli="{ 10.10.1.237/32, 10.10.1.248/32 }" > > > > scrub in all > > > > nat on $ext_if from $int_net to any -> $ext_if > > > > rdr pass log(all) on $int_if proto tcp from $int_net to any port 80 -> > 127.0.0.1 port 3128 > > > > block in log(all) > > block out log(all) > > > > pass out keep state > > > > pass quick on lo0 > > > > block in log(all) quick on $int_if proto tcp from any to any port 1863 > > > > pass in log(all) on $int_if from $int_net to any keep state > > > > pass in log(all) on $ext_if proto tcp from any to ($ext_if) port 26 keep > state > > > > pass in log(all) on $int_if proto tcp from $int_net to any port {10000} keep > state > > > > pass in log(all) on $int_if from $izinli to any keep state > > > > pass in log(all) on $int_if proto udp from $int_net to any port {53} > > > > > > Static Route çalışmayan PF.conf : > > > > ext_if="em0" > > int_if="bge0" > > dmz_if="bge1" > > > > int_net="10.10.1.0/24" > > safeports="{ 21, 22, 25, 26, 53, 80, 110, 443 }" > > izinli="{ 10.10.1.237/32, 10.10.1.248/32 }" > > > > scrub in all > > > > nat on $ext_if from $int_net to any -> $ext_if > > > > rdr pass log(all) on $int_if proto tcp from $int_net to any port 80 -> > 127.0.0.1 port 3128 > > > > block in log(all) > > block out log(all) > > > > pass out keep state > > > > pass quick on lo0 > > > > block in log(all) quick on $int_if proto tcp from any to any port 1863 > > > > pass in log(all) quick on $int_if proto tcp from $int_net to any port > $safeports keep state > > > > pass in log(all) on $ext_if proto tcp from any to ($ext_if) port 26 keep > state > > > > pass in log(all) on $int_if proto tcp from $int_net to any port {10000} keep > state > > > > pass in log(all) on $int_if from $izinli to any keep state > > > > pass in log(all) on $int_if proto udp from $int_net to any port {53} > > FreeBSD 6 kitabi: http://www.acikakademi.com/catalog/freebsd6 --------------------------------------------------------------------- Listeye soru sormadan once lutfen http://ipucu.enderunix.org sitesine bakiniz. Cikmak icin, e-mail: [email protected] Liste arsivi: http://news.gmane.org/gmane.org.user-groups.bsd.turkey
