Em 09/10/07, Helder Urso - Gmail<[EMAIL PROTECTED]> escreveu: > Boa tarde. > > > Preciso implementar a utilização de 2 link de acesso a internet no servidor, > cada link ficara para algumas portas, o servidor é FreeBSD 6.1 com ipfw, nat > e squid. > > As interfaces: > > bge0: 192.168.20.1 -> rede interna com vlan redes 192.168.21.x, > 30.x,40.x,50.x > xl0: IP valido LP > xl1: IP valido adsl > > > Hoje so utilizo o o usual para o acesso a internet entra pela xl0 e passa > para a bge0, quero que a entrada e saida de email, P2P, emule, videos etc.. > saia pela xl1, ficando http, https, msn, voip pela xl0. > > > > Segue meu ipfw: > > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 00400 check-state > 00500 allow tcp from me to any setup keep-state > 00510 allow tcp from 127.0.0.1 3128 to any via bge0 setup keep-state > 00511 allow udp from any to any dst-port 53 via bge0 > 00511 allow udp from any to any dst-port 53 via vlan* > 00512 skipto 800 ip4 from 192.168.21.249 to any via vlan* > 00520 pipe 10 ip4 from any to me dst-port 22 via bge0 > 00520 pipe 10 ip4 from any to me dst-port 22 via vlan* > 00540 pipe 11 udp from table(1) to not me in via bge0 > 00540 pipe 11 udp from table(1) to not me in via vlan* > 00550 pipe 12 udp from table(1) to not me out via bge0 > 00550 pipe 12 udp from table(1) to not me out via vlan* > 00560 pipe 1 ip4 from table(1) to not me in via bge0 > 00560 pipe 1 ip4 from table(1) to not me in via vlan* > 00570 pipe 2 ip4 from table(1) to not me out via bge0 > 00570 pipe 2 ip4 from table(1) to not me out via vlan* > 00600 skipto 800 tcp from any to 200.201.174.0/24 via bge0 > 00600 skipto 800 tcp from any to 200.201.174.0/24 via vlan* > 00600 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 via bge0 setup > keep-sta > 00600 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 via vlan* setup > keep-st > 00650 fwd 127.0.0.1,53 udp from any to 200.134.184.2 dst-port 53 via bge0 > 00650 fwd 127.0.0.1,53 udp from any to 200.134.184.2 dst-port 53 via vlan* > 00700 allow udp from any to me dst-port 53 in via bge0 > 00700 allow udp from any to me dst-port 53 in via vlan* > 00800 divert 8668 udp from any to any dst-port 53 via xl0 > 00900 divert 8668 ip from any to any via xl0 > 60000 allow log logamount 10000 ip from any to any > 65535 allow ip from any to any > > > Obrigado, > > > > Helder > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >
vc pode da uma olhda neste material http://www.bsdsul.com.br/tutoriais_detalhe.php?cod=27&tipo=2 ou neste http://www.openbsd.org/faq/pf/pt/pools.html -- Alessandro de Souza Rocha Administrador de Redes e Sistemas Freebsd-BR User #117 ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
