[FUG-BR] [Fwd: Re: roteador numa maquina e squid em outra, como fazer ?]

Nenhum _de_Nos matheusber em gmail.com
Segunda Outubro 30 03:02:26 BRST 2006


uso PF para nat e portFowarding e ipfw pra firewall e pipes.

cheguei a tentar fazer este redir via ipfw, mas nada feito :(

só o detalhe, vou mandar um pacote vindo da rede interna para outro ip
da rede interna ... acho que é aí que esta a resenha ...

valeuz

matheus

ipfw:

[root em xxx ~]# ipfw list
00010 allow ip from any to any via lo0
00011 deny ip from any to 127.0.0.0/8
00050 pipe 1 ip from table(1) to any out via tun0
00099 check-state
00100 allow tcp from any to any dst-port
22,25,53,80,3389,4040,5010-5039,8000-8100,10000-11600 in setup via
tun0 keep-state
00101 allow udp from any to any dst-port
53,4040,5010-5039,8000-8100,10000-11600 in setup via tun0 keep-state
00102 allow ip from any to any out via tun0 keep-state
00103 deny ip from any to any in frag via tun0
00200 allow ip from 192.168.254.100 to 192.168.254.253 in via xl0 keep-state
00201 allow tcp from 192.168.254.0/24 to 192.168.254.253 in via xl0 keep-state
00202 allow udp from 192.168.254.0/24 to 192.168.254.253 in via xl0 keep-state
00203 allow ip from 192.168.254.0/24 to not 192.168.254.253 in via xl0
keep-state
00204 allow ip from 192.168.254.253 to 192.168.254.0/24 out via xl0 keep-state
65535 deny ip from any to any


PF:

nat on $ext_if from $maquinas to any -> ($ext_if)

rdr on $ext_if proto tcp          from any to any port 3389 ->
192.168.254.10 port 3389
rdr on $ext_if proto tcp          from any to any port { 25,80 }
         -> 192.168.254.251
rdr on $int_if proto tcp          from 192.168.254.100 to any   port
www -> 192.168.254.251 port 3128
rdr on $ext_if proto { tcp, udp } from any to any port $portas_maq1 -> $maq1
rdr on $ext_if proto { tcp, udp } from any to any port $portas_maq2 -> $maq2
rdr on $ext_if proto { tcp, udp } from any to any port $portas_maq3 -> $maq3
rdr on $ext_if proto { tcp, udp } from any to any port $portas_maq4 -> $maq4
rdr on $ext_if proto { tcp, udp } from any to any port $portas_maq5 -> $maq5
rdr on $ext_if proto { tcp, udp } from any to any port $portas_maq6 -> $maq6
rdr on $ext_if proto { tcp, udp } from any to any port $portas_maq7 -> $maq7
rdr on $ext_if proto { tcp, udp } from any to any port $portas_maq8 ->
$maq8 port 8080

pass on $ext_if all

pass on $int_if all
pass out on $int_if from ! 192.168.254.253 to $maquinas
pass in  on $int_if from $maquinas to ! 192.168.254.253


On 10/30/06, Eduardo Irgang <eirgang em bol.com.br> wrote:
> posta as regras do teu firewall...talvez esteja erradas!
>
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>


-- 
We will call you cygnus,
The God of balance you shall be


Mais detalhes sobre a lista de discussão freebsd