Estou criando um firewall que bloqueia tudo e abre apenas o necessario. Mas estou tendo alguns problemas :) J� tentei de tudo e ainda n�o consegui resolver meu problema. As regras do ipfw s�o essas:
00001 0 0 allow ip from any to any via lo0 00002 0 0 deny ip from 10.0.0.0/8 to any via xl0 00003 0 0 deny ip from any to 10.0.0.0/8 via xl0 00004 0 0 deny ip from any to 172.16.0.0/12 via xl0 00005 0 0 deny ip from 172.16.0.0/12 to any via xl0 00006 0 0 deny ip from any to 192.168.0.0/16 via xl0 00007 15 720 deny ip from 192.168.0.0/16 to any via xl0 00008 0 0 deny ip from 192.168.48.0/24 to any in recv xl0 00009 0 0 deny ip from 192.168.49.0/24 to any in recv xl0 00010 0 0 deny ip from 200.206.102.64/26 to any in recv xl0 00020 0 0 check-state 00030 0 0 allow tcp from any to 200.206.102.66 53 keep-state setup 00040 0 0 allow udp from 200.206.102.66 to any 53 keep-state 00050 0 0 allow udp from any to 200.206.102.66 53 keep-state 00060 0 0 allow tcp from any to 192.168.49.10 53 keep-state setup 00070 0 0 allow udp from 192.168.49.10 to any 53 keep-state 00080 0 0 allow udp from any to 192.168.49.10 53 keep-state 00090 0 0 allow tcp from any to 192.168.48.10 53 keep-state setup 00100 0 0 allow udp from 192.168.48.10 to any 53 keep-state 00110 0 0 allow udp from any to 192.168.48.10 53 keep-state 00120 0 0 divert 8668 ip from any to any via xl0 00130 0 0 allow tcp from 200.206.102.66 to 200.206.102.72 110 out xmit xl0 00140 0 0 allow tcp from 200.206.102.72 110 to 200.206.102.66 in recv xl0 00150 0 0 allow tcp from 200.206.102.66 to 200.206.102.72 25 out xmit xl0 00160 0 0 allow tcp from 200.206.102.72 25 to 200.206.102.66 in recv xl0 00170 1 48 allow tcp from 192.168.48.0/24 to 200.206.102.72 110 keep-state setup 00180 0 0 allow tcp from 192.168.48.0/24 to 200.206.102.72 25 keep-state setup 00190 14 672 allow tcp from 192.168.49.0/24 to 200.206.102.72 110 keep-state setup 00200 0 0 allow tcp from 192.168.49.0/24 to 200.206.102.72 25 keep-state setup 00210 0 0 allow tcp from any 80 to 200.206.102.66 in recv xl0 00220 0 0 allow tcp from any 443 to 200.206.102.66 in recv xl0 00230 0 0 allow tcp from 192.168.48.0/24 to 192.168.49.10 3128 keep-state setup 00240 0 0 allow tcp from 192.168.49.0/24 to 192.168.48.10 3128 keep-state setup 00250 0 0 allow udp from 200.206.102.72 161 to 200.206.102.66 in recv xl0 00260 0 0 allow udp from 200.206.102.66 to 200.206.102.72 161 out xmit xl0 00270 0 0 allow udp from 192.168.49.4 161 to 192.168.49.10 in recv fxp0 00280 0 0 allow udp from 192.168.49.10 to 192.168.49.4 161 out xmit fxp0 00380 102 6799 allow ip from 192.168.49.12 to any via fxp0 00480 127 15356 allow ip from any to 192.168.49.12 via fxp0 65000 32 14429 deny log logamount 100 ip from any to any Gostaria de saber o pq essas regras n�o possibilitam o Nat ? E como resolver esse problema ? []'s -- +-------------------------------+ Admistrador de Sistemas/Rede Jk Comercio e Servi�o Ltda www.jkexpress.com.br +-------------------------------+ Site: www.unsigned.eti.br Email [EMAIL PROTECTED] Email [EMAIL PROTECTED] Cel 9593-8333 Res 6605-8195 *-------------------------------+ _______________________________________________________________ Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
