Devido a complexa estrutura que este cliente utiliza, acredito ser muito pouco proveitoso postar o firewall dele aki. Por isso segue abaixo um resumo:
# aliases ext_if="xl1" ext_if1=$ext_if ext_if2="xl2" ext_if3="xl3" ext_if4="xl4" int_if="xl0" ext_gw=<ext_gw> ext_gw1=$ext_gw ext_gw2=<ext_gw2> ext_gw3=<ext_gw3> ext_gw4=<ext_gw4> # options set block-policy return set loginterface $ext_if set skip on lo # scrub scrub in nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" # nat/rdr #nat on $ext_if from 192.168.100.5 to $omni_ips -> $omni_ip_ext nat on $ext_if from !($ext_if) -> ($ext_if:0) nat on $ext_if2 from !($ext_if2) -> ($ext_if2:0) nat on $ext_if3 from !($ext_if3) -> ($ext_if3:0) nat on $ext_if4 from !($ext_if4) -> ($ext_if4:0) # redirecionamentos .. Inumeros redirecionamentos aki para todas as interfaces usando: Rdr pass on $interface proto { tcp, udp } from <origem> to <ip_externo> port <porta> -> <ip_interno> port <porta> anchor "ftp-proxy/*" # filter rules antispoof quick for { lo $int_if } block in log on $ext_ifs ################ # EMAIL - SAIDA # anchor rdr_mail_saida load anchor rdr_mail_saida from "/etc/ancoras/rdr_mail_saida" pass in quick on $int_if from $internal_net to { ($int_if), ($ext_if1), ($ext_if2), ($ext_if3), ($ext_if4) } ###################################### # FORÇAR SAIDA PELA IF NAO BALANCEADA # anchor no_bal load anchor no_bal from "/etc/ancoras/no_bal" ################ # BALANCEAMENTO # anchor balanceamento load anchor balanceamento from "/etc/ancoras/balanceamento" ... ... ################################ # ROTEIA ENTRE AS IF's EXTERNAS # pass out on $ext_if1 route-to { ($ext_if2 $ext_gw2), ($ext_if3 $ext_gw3), ($ext_if4 $ext_gw4) } from { $ext_if2, $ext_if3, $ext_if4 } to any pass out on $ext_if2 route-to { ($ext_if1 $ext_gw1), ($ext_if3 $ext_gw3), ($ext_if4 $ext_gw4) } from { $ext_if1, $ext_if3, $ext_if4 } to any pass out on $ext_if3 route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2), ($ext_if4 $ext_gw4) } from { $ext_if1, $ext_if2, $ext_if4 } to any pass out on $ext_if4 route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2), ($ext_if3 $ext_gw3) } from { $ext_if1, $ext_if2, $ext_if3 } to any Pass in on $int_if --- Agora segue parte do código da ancora balanceamento: ext_if1="xl1" ext_if2="xl2" int_if="xl0" ext_gw1=<ip> ext_gw2=<ip> pass in on $int_if route-to \ { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto tcp from $internal_net to any flags S/SA modulate state # TRÁFEGO UDP - probabilidade 50% pass in on $int_if route-to \ { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto { udp, icmp } from $internal_net to any keep state -- Att. Márcio -----Mensagem original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de Cristina Fernandes Silva Enviada em: terça-feira, 29 de janeiro de 2008 12:46 Para: Lista Brasileira de Discussão sobre FreeBSD (FUG-BR) Assunto: Re: [FUG-BR]RES: RES: ENC: Duas rotas de saída se não for muito pedir muito.. vc teria como mandar o seu script.. pode ser em PVT. Obrigada.. ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd