Merhaba,#1.Adsl Uzerinden
Gelisler kismindaki pass out quick
on $ext_if proto { udp, icmp } from $ext_if to any keep statekuralina tcp protokolunu de eklerseniz 1.baglantiya SSH yapabilirsiniz.pass out quick
on $ext_if proto { tcp, udp, icmp } from $ext_if to any keep stateolmali kural..Ic agdan gelisler icin herhangibir kural yok. Asagidaki kurali eklersenz problem kalmayacaktir.pass in quick log on $int_if proto
tcp from $lan_net to any port { 22, 25, 80, 110 } flags S/SA keep stateEk not: Kurallarinizdaki #Localden Firewall
Gelisler kismi islevsiz gozukuyor. On 11/4/06, Veysi Gümüs [EMAIL PROTECTED] wrote:
merhaba,
kural tablomu soylediginiz yola gore yeniden
duzenledim.disaridan 2.adsl uzerinden firewall makinaya 25,80,110 portlar
acmistim problem olmadan ulasabiliyorum.fakat 1. adsl uzerinden ssh port acik
olmasina ragmen ulasamiyorum.2.bir sorun ise kural taplosunu yukledigimde local
makinelerden firewall makinesine ulasamiyorum 22 25 110 80 portlari kural
tablosunda acmis durumdayim vermis oldugum rahatsizlik tan dolayida ozur
dilerim.kural tablosunu en son halini tekrar asagiya yazdim
saygilar.
Macros###lan_net = {
10.0.0.0/24, 10.0.2.0/24
, 10.0.3.0/24,
10.0.4.0/24 }int_if =
bge0ext_if = vr0ext_if2 = vr1ext_gw1 =
192.168.100.213ext_gw2 =
192.168.110.25
###Tanımlar##table
msn persist file /usr/local/etc/fw/msntable kamera persist
file /usr/local/etc/fw/kameratable ftp persist file
/usr/local/etc/fw/ftptable sigorta persist file
/usr/local/etc/fw/sigortatable banka persist file
/usr/local/etc/fw/banka
Set
Optimizations###set
limit { frags 3, states 25000 }set loginterface $ext_ifscrub in
all
###Nat
Kuralları##nat on
$ext_if from $lan_net to any - ($ext_if)nat on $ext_if2 from $lan_net to
any - ($ext_if2)rdr on $int_if proto tcp from any to any port 80 -
10.0.0.2 port 8080
###Firewall
Kuralları##block in
allblock out allpass in on $int_if route-to \ {
($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto tcp from $lan_net to any flags S/SA modulate state
pass in on $int_if route-to \
{ ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto { udp, icmp } from $lan_net to any keep state
###1.Adsl Uzerinden
Gelisler##pass in quick
log on $ext_if proto tcp from any to any port = 22 flags S/SApass out quick
on $ext_if proto { udp, icmp } from $ext_if to any keep statepass out
on $ext_if2 route-to ($ext_if $ext_gw1) from $ext_if to any keep
state
###2.Adsl Uzerinden
Gelisler##pass in quick
log on $ext_if2 proto tcp from any to any port {25,80,110} flags S/SApass
out quick on $ext_if2 proto { udp, icmp } from $ext_if2 to any keep
statepass out on $ext_if route-to ($ext_if2 $ext_gw2) from $ext_if2 to
any keep state
###Localden Firewall
Gelisler##pass out quick
log on $int_if proto tcp from msn to any port = 1863 flags S/SApass
out quick log on $int_if proto tcp from kamera to any port = 18082 flags
S/SApass out quick log on $int_if proto tcp from sigorta to any port
= 12173 flags S/SApass out quick log on $int_if proto tcp from banka
to any port = 443 flags S/SApass out quick log on $int_if proto tcp from
ftp to any port = 21 flags S/SApass out quick log on $int_if proto
tcp from any to any port { 22, 25, 80, 110 } flags S/SA
- Original Message -
From:
Huzeyfe
Onal
To:
freebsd@lists.enderunix.org
Sent: Friday, November 03, 2006 6:42
PM
Subject: Re: [FreeBSD] freebsd pf
merhabalar,yazdiklarim sadece sizin yazdiklariniza cevap
niteliginde oldugu icin konu tam anlasilmamis olabilir.Kisaca kural
tablonuza baktigimizda ;disaridan ext_if2'e gelen smtp isteklerini kabul
ediyorsunuz, buna cevap donecek paketler ici kural tablosuna bakalim;
pass out quick on $ext_if proto { udp, icmp }
from any to any keep statepass out quick on $ext_if2 proto { udp, icmp }
from any to any keep statepass in quick log on $ext_if2 proto tcp from
any to any port {25,80,110} flags S/SApass out quick log on $ext_if2
proto tcp from any to any port {25,80,110}flags S/SApass in quick log
on $ext_if proto tcp from any to any port = 22 flags S/SApass out on
$ext_if route-to ($ext_if2 $ext_gw2)from $ext_if2 to any pass