[FUG-BR] RDR porta específica com PF
Enio Marconcini # www.Enio.Pro.Br
eniorm em gmail.com
Sexta Outubro 8 09:21:20 BRT 2010
2010/10/8 Enio Marconcini # www.Enio.Pro.Br <eniorm em gmail.com>
> pessoal, na rede eu já tenho um rdr pra redirecionar o fluxo da porta 3050
> para o banco de dados
>
> porém agora uma outra aplicação, tambem usando a porta 3050, só que esta
> deve conectar em outro servidor,
>
> então, no cliente eu configurei, a porta 3051, quando esta chega ao fw, era
> pra ser redirecionada a porta 3050 deste outro servidor....
>
> uma regra assim de PF
>
> # rdr´s e nat
> rdr on $nic inet proto tcp from <rede> to any port 3050 tag BANCO1 ->
> $ip_srv_1
> (essa já funciona)
>
> rdr on $nic inet proto tcp from <rede> to any port 3051 tag BANCO2 ->
> $ip_srv_2 port 3050
> (essa não vai)
>
> # filter rules
> pass quick tagged BANCO1 flags S/SA
> pass quick tagged BANCO2 flags S/SA
>
> no pass, acrescentei o log(all) pra rastrear com tcpdump, mas não apareceu
> nada.
>
> FreeBSD 7.3-Stable
>
> --
> ENIO RODRIGO MARCONCINI
> gtalk: eniorm em gmail.com
> skype: eniorm
> msn: /dev/null
>
> .: FreeBSD -:- OpenBSD -:-Slackware Linux :.
> Have trouble with Windows - reboot!
> Have trouble with Unix - be root!
>
complementando, o log(all) aparece sim
000000 rule 6/0(match): pass in on xl1: 10.10.3.148.1224 > 192.168.0.9.3050:
[|tcp]
000026 rule 6/0(match): pass out on xl0: 10.10.3.148.1224 >
192.168.0.9.3050: [|tcp]
000163 rule 6/0(match): pass in on xl0: 192.168.0.9.3050 > 10.10.3.148.1224:
[|tcp]
000008 rule 6/0(match): pass out on xl1: 10.10.3.129.3051 >
10.10.3.148.1224: [|tcp]
001219 rule 6/0(match): pass in on xl1: 10.10.3.148.1224 > 192.168.0.9.3050:
[|tcp]
000006 rule 6/0(match): pass out on xl0: 10.10.3.148.1224 >
192.168.0.9.3050: [|tcp]
000336 rule 6/0(match): pass in on xl1: 10.10.3.148.1224 > 192.168.0.9.3050:
[|tcp]
000006 rule 6/0(match): pass out on xl0: 10.10.3.148.1224 >
192.168.0.9.3050: tcp 128 [bad hdr length 0 - too short, < 20]
2. 986598 rule 6/0(match): pass in on xl1: 10.10.3.148.1224 >
192.168.0.9.3050: [|tcp]
000012 rule 6/0(match): pass out on xl0: 10.10.3.148.1224 >
192.168.0.9.3050: [|tcp]
6. 015711 rule 6/0(match): pass in on xl1: 10.10.3.148.1224 >
192.168.0.9.3050: [|tcp]
000012 rule 6/0(match): pass out on xl0: 10.10.3.148.1224 >
192.168.0.9.3050: [|tcp]
12. 031578 rule 6/0(match): pass in on xl1: 10.10.3.148.1224 >
192.168.0.9.3050: [|tcp]
000013 rule 6/0(match): pass out on xl0: 10.10.3.148.1224 >
192.168.0.9.3050: [|tcp]
12. 031531 rule 6/0(match): pass in on xl1: 10.10.3.148.1224 >
192.168.0.9.3050: [|tcp]
000012 rule 6/0(match): pass out on xl0: 10.10.3.148.1224 >
192.168.0.9.3050: [|tcp]
confiro pelo netstat -an tanto no gw como no servidor com o banco, aparece
as conexões mas o programa não abre
--
ENIO RODRIGO MARCONCINI
gtalk: eniorm em gmail.com
skype: eniorm
msn: /dev/null
.: FreeBSD -:- OpenBSD -:-Slackware Linux :.
Have trouble with Windows - reboot!
Have trouble with Unix - be root!
Mais detalhes sobre a lista de discussão freebsd