Re: [FUG-BR] roteador numa maquina e squid em outra, como fazer ?

Tue, 31 Oct 2006 10:05:48 -0800 

> Matheus,
>
> Posta suas regras (coloque endereços ficticios) pra gente ver como estão.
>

uso PF para nat e portFowarding e ipfw pra firewall e pipes.

cheguei a tentar fazer este redir via ipfw, mas nada feito :(

só o detalhe, vou mandar um pacote vindo da rede interna para outro ip
da rede interna ... acho que é aí que esta a resenha ...

valeuz

matheus

ipfw:

[EMAIL PROTECTED] ~]# ipfw list
00010 allow ip from any to any via lo0
00011 deny ip from any to 127.0.0.0/8
00050 pipe 1 ip from table(1) to any out via tun0
00099 check-state
00100 allow tcp from any to any dst-port
22,25,53,80,3389,4040,5010-5039,8000-8100,10000-11600 in setup via
tun0 keep-state
00101 allow udp from any to any dst-port
53,4040,5010-5039,8000-8100,10000-11600 in setup via tun0 keep-state
00102 allow ip from any to any out via tun0 keep-state
00103 deny ip from any to any in frag via tun0
00200 allow ip from 192.168.254.100 to 192.168.254.253 in via xl0 keep-state
00201 allow tcp from 192.168.254.0/24 to 192.168.254.253 in via xl0 keep-state
00202 allow udp from 192.168.254.0/24 to 192.168.254.253 in via xl0 keep-state
00203 allow ip from 192.168.254.0/24 to not 192.168.254.253 in via xl0
keep-state
00204 allow ip from 192.168.254.253 to 192.168.254.0/24 out via xl0 keep-state
65535 deny ip from any to any


PF:

nat on $ext_if from $maquinas to any -> ($ext_if)

rdr on $ext_if proto tcp          from any to any port 3389 ->
192.168.254.10 port 3389
rdr on $ext_if proto tcp          from any to any port { 25,80 }
        -> 192.168.254.251
rdr on $int_if proto tcp          from 192.168.254.100 to any   port
www -> 192.168.254.251 port 3128
rdr on $ext_if proto { tcp, udp } from any to any port $portas_maq1 -> $maq1
rdr on $ext_if proto { tcp, udp } from any to any port $portas_maq2 -> $maq2
rdr on $ext_if proto { tcp, udp } from any to any port $portas_maq3 -> $maq3
rdr on $ext_if proto { tcp, udp } from any to any port $portas_maq4 -> $maq4
rdr on $ext_if proto { tcp, udp } from any to any port $portas_maq5 -> $maq5
rdr on $ext_if proto { tcp, udp } from any to any port $portas_maq6 -> $maq6
rdr on $ext_if proto { tcp, udp } from any to any port $portas_maq7 -> $maq7
rdr on $ext_if proto { tcp, udp } from any to any port $portas_maq8 ->
$maq8 port 8080

pass on $ext_if all

pass on $int_if all
pass out on $int_if from ! 192.168.254.253 to $maquinas
pass in  on $int_if from $maquinas to ! 192.168.254.253

valeuz novamente :)

-- 
We will call you cygnus,
The God of balance you shall be
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

Responder a