[FUG-BR] "IRRITABILIDADE SOCIAL" DA CAIXA

Cleyton Bertolim cbertolim em gmail.com
Segunda Maio 14 13:02:41 BRT 2007 

Boa tarde lista!

Novamente recorrendo a lista por causa dessa droga de conectividade social!!!

Estamos configurando um servidor proxy com as seguintes especificacoes:

FreeBSD-6.2-Stable
IPFILTER e nao o IPFW ou IPFW2
IPNAT
SQUID-2.6 - "NAO" CONFIGURADO DE FORMA TRANSPARENTE! PRO PESSOAL
NAVEGAR TEM QUE COLOCAR O PROXY E A PORTA NO NAVEGADOR! E ESTOU
TRABALHANDO COM PROXY AUTENTICADO TAMBEM!

Encontrei em um monte de lugares o pessoal com solucoes para fazer a
conectividade social funcionar usando o IPFW, mas no IPFILTER esta
dificil encontrar algo que realmente funcione!
Preciso de ajuda com relacao a isso!!

Alguem teria um exemplo de configuracao do IPFILTER ou do IPNAT pra
que eu resolva isso de vez?

Abaixo segue meus arquivos ipf.rules e ipnat.rules:

----------------------------
ipf.rules
----------------------------

### Loopback - LO0
pass out quick on lo0 all
pass in quick on lo0 all


### LINK BRT
pass out quick on xl0 all keep state

pass in quick on xl0 proto tcp from any to any port = 50000 flags S/SA
keep state
block in log first quick on xl0 all

block in log quick on xl0 from 192.168.0.0/16 to any
block in log quick on xl0 from 172.16.0.0/12 to any
block in log quick on xl0 from 10.0.0.0/8 to any
block in log quick on xl0 from 127.0.0.0/8 to any
block in log quick on xl0 from 0.0.0.0/8 to any
block in log quick on xl0 from 169.254.0.0/16 to any
block in log quick on xl0 from 192.0.2.0/24 to any
block in log quick on xl0 from 204.152.64.0/23 to any
block in log quick on xl0 from 224.0.0.0/3 to any

block in quick on xl0 all with frags
block in quick on xl0 proto tcp all with short
block in quick on xl0 all with opt lsrr
block in quick on xl0 all with opt ssrr
block in log first quick on xl0 proto tcp from any to any flags FUP
block in quick on xl0 all with ipopts
block in quick on xl0 proto icmp all icmp-type 8
block in quick on xl0 proto tcp from any to any port = 113
block in log first quick on xl0 proto tcp/udp from any to any port = 81
block in log first quick on xl0 proto tcp/udp from any to any port = 137
block in log first quick on xl0 proto tcp/udp from any to any port = 138
block in log first quick on xl0 proto tcp/udp from any to any port = 139


### REDE CORPORATIVA - XL1 - 192.168.0.1/24
pass out quick on xl1 all keep state
pass in quick on xl1 all keep state

############
block return-rst in log proto tcp from any to any flags S/SA
block return-icmp-as-dest(port-unr) in log proto udp from any to any
block return-icmp(net-unr) in log proto udp from any to any




------------------------------------------------
ipnat.rules
-------------------------------------------------

map xl0 192.168.0.0/24 -> 0/32 proxy port ftp ftp/tcp
map xl0 192.168.0.0/24 -> 0/32 portmap tcp/udp 1000:45000
map xl0 192.168.0.0/24 -> 0/32

rdr xl1 0/0 port 80 -> 127.0.0.1 port 3128 tcp/udp


Agradeco toda ajuda possivel!!

Obrigado!

Cleyton Bertolim.

Mais detalhes sobre a lista de discussão freebsd