Pf.conf dosyasi basitce asagidaki gibidir. LL'dan cikan iplerin nata girmemesi icin kural var ama yinede ayni sorun devam ediyor.
****************************************************************** nat on $ext_if from $lan_net to any -> ($ext_if) no nat on $ext_if from $SERVERS to any pass in on $int_if from $lan_net to any pass out on $int_if from any to $lan_net pass in quick on $int_if from $lan_net to $int_if pass in on $int_if route-to ($ext_if $LL) proto tcp from $SERVERS to any pass in on $int_if route-to ($ext_if $LL) proto { udp, icmp} from $SERVERS to any pass in on $ext_if all pass out on $ext_if all ****************************************************************** -----Original Message----- From: Huzeyfe Onal [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 05, 2006 10:47 AM To: freebsd@lists.enderunix.org Subject: Spam:Re: [FreeBSD] ipfw - pf Merhaba, icerideki makineler NAt ile disariya cikiyorsa nat kurallarinizda onemli. Zira LLdan cikacak bir paketi diger arabirimiden nat yaparsaniz dogal olarak isteginiz olmaz. On 7/4/06, Muammer Dogan <[EMAIL PROTECTED]> wrote: > > Merhaba, > > Belirttiginiz sekilde kurallari duzenledim. Disaridaki bir ipye ping > yada trace cekebiliyorum ama tracelerde BSD'nin ipsini goremiyorum. > Disaridan trace cektigimde ise BSD peketleri geri gonderiyor. > > Kurallar ve yapi agadisaki gibidir. > > ADSL----- > |---BSD--Local > LL------- > > Bsd'nin default gw adsl dir. > > pass in on $int_if route-to ($ext_if $LL) proto tcp from $SERVERS to any > pass in on $int_if route-to ($ext_if $LL) proto { udp, icmp} from $SERVERS > to any > > .......trace....... > 10.11.1.4 -> 192.168.0.140 > > traceroute 192.168.0.140 > Type escape sequence to abort. > Tracing the route to 192.168.0.140 > > 1 10.11.1.5 0 msec 4 msec 0 msec > 2 10.11.1.5 0 msec 4 msec 0 msec > > ................. > > > > > -----Original Message----- > From: Huzeyfe Onal [mailto:[EMAIL PROTECTED] > Sent: Sunday, July 02, 2006 8:09 PM > To: freebsd@lists.enderunix.org > Subject: Re: [FreeBSD] ipfw - pf > > Merhaba, > > route-to tanimini ic interfacede kullanirsaniz nat'a takilmadan islem gorur. > > pass in on $INT_IF route-to { $EXT_IF1 10.11.1.4} from > 192.168.0.140/32 to any ... > > gibi > > On 7/1/06, Serhat Selahattin Umar <[EMAIL PROTECTED]> wrote: > > > > Merhaba, > > > > route-to isinize yarar sanirim.... ilgili interface in cikisinda paketi > > yakalayip istenilen yere route edebilirsiniz, fakat nat yapiyorsaniz paket > > nat a girerse yakalayamiyabilirsiniz... deneyin... > > > > Serhat > > > > > > pass out on fxp0 route-to 10.11.1.4 from 192.168.0.140/32 to any > > > > > > On Jul 1, 2006, at 1:12 PM, Muammer Dogan wrote: > > > > slm > > asagidaki satiri pf'de nasıl yazabilirim yada onereceginiz baska bir > > yontem varmi. > > > > ipfw add fwd 10.11.1.4 all from 192.168.0.140/32 to any > > > > iyi calismalar... > > Muammer > > > > > > > > -[ssu]- > > serhat at secureinbox dot net > > > > > > > > > > > -- > Huzeyfe ÖNAL > +90 505 5260064 > --- > Ag Guvenligi Listesine uye oldunuz mu? > http://www.huzeyfe.net/netsec.html > > > > --------------------------------------------------------------------- > Cikmak icin, e-mail: [EMAIL PROTECTED] > Liste arsivi: http://lists.enderunix.org > Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php > > > -- Huzeyfe ÖNAL +90 505 5260064 --- Ag Guvenligi Listesine uye oldunuz mu? http://www.huzeyfe.net/netsec.html --------------------------------------------------------------------- Cikmak icin, e-mail: [EMAIL PROTECTED] Liste arsivi: http://lists.enderunix.org Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php