[FUG-BR] Ipfw duvidas em liberar icmp rede local

Thu, 21 Jul 2005 13:17:16 -0700

Caros amigos a algum tempo eu tive esta duvida porem terminei deixando de lado , mas a duvida continua e gostaria de um help pq ja bati a cabeça com isso e ainda nao consegui .. ja testei inumeras regras 

to usando um freebsd 5.4 com politica de firewall fechada por default


seguinte tenho um firewall

rl0 ip valido
vr0 - gateway da rede local 192.168.0.254


quero que as maquinas atras deste firewall , maquinas clientes consigam 
pingar para fora da rede , as maquinas navegam e pingam o ip da interface 
rl0



so nao passa icmp para fora , navega faz tudo so nao pinga pra fora as 
maquinas clientes , pois o servidor pinga numa boa



segue meu firewall .


as regras q estao comentadas foram q ja testei olhando outros firewalls 
porem nada ainda ..


################################################################################
#liberando lo
ipfw add 100 allow icmp from any to any via rl0
ipfw add 200 allow icmp from any to any via vr0
ipfw add 201 pass all from any to any via lo0

# Allow outgoing pings
#ipfw add 202 pass icmp from any to any icmptypes 8 out via rl0
#ipfw add 203 pass icmp from any to any icmptypes 0 in via rl0

#ipfw add 204 pass icmp from any to any icmptypes 8 out via vr0
#ipfw add 205 pass icmp from any to any icmptypes 0 in via vr0


#ipfw add 202 allow from ip from any to 127.0.0.0/8
#ipfw add 203 allow ip from 127.0.0.0/8 to any


# desvio para proxy transparente


ipfw add 330 forward 192.168.0.254,3128 tcp from 192.168.0.0/24 to any 80 
via vr0



# NAT
ipfw add 400 divert natd all from any to any via rl0

#libera rede local pra internet
ipfw add 401 allow all from any to 192.168.0.0/24
ipfw add 402 allow all from 192.168.0.0/24 to any



#Consultas dos servidor a servicos
ipfw add 410 allow tcp from any to any  53 out via rl0 setup keep-state
ipfw add 411 allow udp from any to any 53 out via rl0 keep-state

ipfw add 412 allow tcp from any to any 
8,1723,999,783,110,53,80,21,20,23,443,1000,953 out via rl0 keep-state 



_______________________________________________
Freebsd mailing list
Freebsd@fug.com.br
http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br






















					Responder a