I think this will give you something to start: Assume:
ep0 --> outside rl0 --> inside xpto --> dmz #Block strange packets block in log quick on ep0 proto tcp all with short #headher to small #Block source routed packets block in log quick on ep0 all with opt lsrr #source route packets1 block in log quick on ep0 all with opt ssrr #block in log quick on ep0 proto tcp from any to any flags FUP #block FIN,URGENT,PSH figth nmap OS fingerprint # don't allow anyone to spoof non-routeable addresses block in log quick on ep0 from 127.0.0.0/8 to any block in log quick on ep0 from 192.168.0.0/16 to any block in log quick on ep0 from 172.16.0.0/12 to any block in log quick on ep0 from 10.0.0.0/8 to any # only allow our administration machine to connect via ssh pass in quick on ep0 proto tcp from any to any port = 22 flags S keep state keep frags # allow www & mail connections in pass in quick on ep0 proto tcp from any to 200.198.77.35 port = 80 flags S keep state keep frags # finally lock the rest down with a default deny block in log quick on ep0 from any to any block in log quick on xpto from any to any # i assume dmz doesn't need to start anything in inside #permit everything out and keep state pass out on ep0 proto tcp from any to any keep state pass out on ep0 proto udp from any to any keep state pass out on ep0 proto icmp from any to any keep state #permit everything out and keep state anything coming from inside --> dmz pass out on xpto proto tcp from any to any keep state pass out on xpto proto udp from any to any keep state pass out on xpto proto icmp from any to any keep state regarding ipnat.rules #inside --> outside map ep0 192.168.1.0/24 -> ep0/32 portmap tcp/udp 10000:20000 map ep0 192.168.1.0/24 -> ep0/32 #dmz --> outside map ep0 192.168.10.2/32 -> 200.198.77.35/32 #outside --> dmz rdr ep0 0.0.0.0/0 port 80 -> 192.168.10.2 port 80 I think this will be what you want (almost everything !!!) If anyone correct me if i am wrong !!! C Y A -----Original Message----- From: irado furioso com tudo [mailto:[EMAIL PROTECTED]] Sent: ter�a-feira, 19 de Fevereiro de 2002 10:45 To: [EMAIL PROTECTED] Subject: Re: stuck with FreeBSD and Ipfilter bob bobing wrote: > please paste the output of ipfstat -i -h, ipnat -l and > the contens of your ipfrules file, and ipnatrules > file. > > Just an FYI, ipnat happens before ipf, so your rules > need to be written post nat. hmm.. think that I donot how to do this. Maybe it is the cause of failure. Anyway, firstly thank you for your kind attention. Now, for the files: :========== ipfstat -i -h 0 block in quick on rl0 from 192.168.0.0/24 to any 0 block in quick from 172.0.0.0/12 to any 0 block in quick from 10.0.0.0/8 to any 73 block in quick from 0.0.0.0/8 to any 0 block in quick from 169.254.0.0/16 to any 0 block in quick on rl0 from 127.0.0.0/8 to any 0 block in quick on rl1 from 127.0.0.0/8 to any 0 block in quick on rl2 from 127.0.0.0/8 to any 0 block in quick from 192.0.2.0/24 to any 0 block in quick from 204.152.64.0/23 to any 0 block in quick from 224.0.0.0/3 to any 0 block in log quick on rl0 from any to 192.168.1.0/32 0 block in log quick on rl0 from any to 192.168.1.255/32 0 block in quick from any to 192.168.1.89/32 149 block in quick from 192.168.1.89/32 to any 10 pass in quick on lo0 from any to any 0 pass in quick on gif0 from any to any 90274 pass in quick on rl2 from any to any 94465 pass in quick on rl0 from any to any 0 pass in quick proto tcp from any to any port = 22 keep state 145 pass in quick on rl1 proto tcp from any to any port = 25 keep state 0 pass in quick proto tcp from any to any port = 10000 keep state 13 pass in quick on rl1 proto tcp from any to any port = 53 keep state 268 pass in quick on rl1 proto udp from any to any port = 53 keep state 3770 block in quick on rl1 from any to any 0 pass in quick proto tcp/udp from any to any keep state keep frags :================ ipnat -l (very long) List of active MAP/Redirect filters: map rl0 192.168.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 192.168.1.0/24 -> 0.0.0.0/32 map rl0 192.168.10.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 192.168.10.0/24 -> 0.0.0.0/32 rdr rl0 200.198.77.35/32 port 80 -> 192.168.10.2 port 80 tcp rdr rl0 200.198.77.36/32 port 80 -> 192.168.10.2 port 80 tcp rdr rl0 200.198.77.35/32 port 25 -> 192.168.10.2 port 25 tcp rdr rl0 200.198.77.34/32 port 53 -> 192.168.10.2 port 53 tcp rdr rl0 200.198.77.35/32 port 53 -> 192.168.10.2 port 53 tcp rdr rl0 200.198.77.34/32 port 53 -> 192.168.10.2 port 53 udp rdr rl0 200.198.77.35/32 port 53 -> 192.168.10.2 port 53 udp List of active sessions: MAP 192.168.1.216 1177 <- -> 200.198.77.34 1177 [64.4.56.7 80] MAP 192.168.1.216 1175 <- -> 200.198.77.34 1175 [207.68.183.59 80] MAP 192.168.1.242 2401 <- -> 200.198.77.34 2401 [200.176.3.142 80] MAP 192.168.1.242 2400 <- -> 200.198.77.34 2400 [200.176.3.142 80] MAP 192.168.1.242 2399 <- -> 200.198.77.34 2399 [200.176.2.94 80] MAP 192.168.1.242 2397 <- -> 200.198.77.34 2397 [200.176.3.142 80] MAP 192.168.1.242 2396 <- -> 200.198.77.34 2396 [200.176.3.142 80] MAP 192.168.1.242 2394 <- -> 200.198.77.34 2394 [200.192.140.2 80] MAP 192.168.1.242 2392 <- -> 200.198.77.34 2392 [200.177.228.134 80] MAP 192.168.1.242 2391 <- -> 200.198.77.34 2391 [200.177.228.135 80] MAP 192.168.1.236 1108 <- -> 200.198.77.34 1108 [206.65.183.110 80] MAP 192.168.1.242 2390 <- -> 200.198.77.34 2390 [200.177.228.134 80] MAP 192.168.1.242 2388 <- -> 200.198.77.34 2388 [200.177.228.135 80] MAP 192.168.1.242 2386 <- -> 200.198.77.34 2386 [200.177.228.135 80] MAP 192.168.10.2 2416 <- -> 200.198.77.34 2416 [200.221.24.86 25] MAP 192.168.1.182 1651 <- -> 200.198.77.34 1651 [205.188.161.249 80] MAP 192.168.1.236 1105 <- -> 200.198.77.34 1105 [206.65.183.110 80] MAP 192.168.1.236 1104 <- -> 200.198.77.34 1104 [204.253.104.220 80] MAP 192.168.1.236 1102 <- -> 200.198.77.34 1102 [65.57.83.12 80] MAP 192.168.1.236 1101 <- -> 200.198.77.34 1101 [65.57.83.12 80] MAP 192.168.1.236 1100 <- -> 200.198.77.34 1100 [206.65.183.110 80] MAP 192.168.1.236 1099 <- -> 200.198.77.34 1099 [65.57.83.12 80] MAP 192.168.1.236 1098 <- -> 200.198.77.34 1098 [65.57.83.12 80] MAP 192.168.1.236 1097 <- -> 200.198.77.34 1097 [65.57.83.12 80] MAP 192.168.1.182 1650 <- -> 200.198.77.34 1650 [64.12.174.185 80] MAP 192.168.1.236 1096 <- -> 200.198.77.34 1096 [65.57.83.12 80] MAP 192.168.1.236 1095 <- -> 200.198.77.34 1095 [65.57.83.12 80] MAP 192.168.1.182 1649 <- -> 200.198.77.34 1649 [205.188.161.249 80] MAP 192.168.1.236 1094 <- -> 200.198.77.34 1094 [65.57.83.12 80] MAP 192.168.1.236 1093 <- -> 200.198.77.34 1093 [65.57.83.12 80] MAP 192.168.1.236 1092 <- -> 200.198.77.34 1092 [65.57.83.12 80] MAP 192.168.1.236 1091 <- -> 200.198.77.34 1091 [65.57.83.12 80] MAP 192.168.1.236 1090 <- -> 200.198.77.34 1090 [65.57.83.12 80] MAP 192.168.1.236 1089 <- -> 200.198.77.34 1089 [65.57.83.12 80] MAP 192.168.1.236 1088 <- -> 200.198.77.34 1088 [65.57.83.12 80] MAP 192.168.1.236 1087 <- -> 200.198.77.34 1087 [65.57.83.12 80] MAP 192.168.1.236 1086 <- -> 200.198.77.34 1086 [206.65.183.110 80] MAP 192.168.1.236 1084 <- -> 200.198.77.34 1084 [65.57.83.12 80] MAP 192.168.1.236 1083 <- -> 200.198.77.34 1083 [65.57.83.12 80] MAP 192.168.1.236 1082 <- -> 200.198.77.34 1082 [65.57.83.12 80] RDR 192.168.10.2 53 <- -> 200.198.77.34 53 [200.205.123.27 53] MAP 192.168.10.2 2411 <- -> 200.198.77.34 2411 [200.205.123.18 25] RDR 192.168.10.2 80 <- -> 200.198.77.35 80 [200.243.64.163 3483] RDR 192.168.10.2 25 <- -> 200.198.77.35 25 [213.203.59.59 3013] MAP 192.168.1.236 1078 <- -> 200.198.77.34 1078 [65.57.83.12 80] MAP 192.168.1.236 1077 <- -> 200.198.77.34 1077 [65.57.83.12 80] MAP 192.168.1.236 1076 <- -> 200.198.77.34 1076 [65.57.83.12 80] MAP 192.168.1.236 1075 <- -> 200.198.77.34 1075 [65.57.83.12 80] MAP 192.168.1.236 1074 <- -> 200.198.77.34 1074 [65.57.83.12 80] MAP 192.168.1.236 1073 <- -> 200.198.77.34 1073 [65.57.83.12 80] MAP 192.168.1.236 1072 <- -> 200.198.77.34 1072 [65.57.83.12 80] MAP 192.168.1.236 1071 <- -> 200.198.77.34 1071 [65.57.83.12 80] MAP 192.168.1.236 1070 <- -> 200.198.77.34 1070 [65.57.83.12 80] MAP 192.168.1.236 1069 <- -> 200.198.77.34 1069 [65.57.83.12 80] MAP 192.168.1.236 1068 <- -> 200.198.77.34 1068 [65.57.83.12 80] MAP 192.168.1.236 1067 <- -> 200.198.77.34 1067 [65.57.83.12 80] MAP 192.168.1.236 1066 <- -> 200.198.77.34 1066 [65.57.83.12 80] MAP 192.168.1.236 1065 <- -> 200.198.77.34 1065 [65.57.83.12 80] MAP 192.168.1.236 1064 <- -> 200.198.77.34 1064 [65.57.83.12 80] MAP 192.168.1.236 1063 <- -> 200.198.77.34 1063 [65.57.83.12 80] MAP 192.168.1.236 1062 <- -> 200.198.77.34 1062 [65.57.83.12 80] MAP 192.168.1.236 1061 <- -> 200.198.77.34 1061 [65.57.83.12 80] MAP 192.168.1.236 1060 <- -> 200.198.77.34 1060 [65.57.83.12 80] MAP 192.168.1.236 1059 <- -> 200.198.77.34 1059 [65.57.83.12 80] MAP 192.168.1.236 1058 <- -> 200.198.77.34 1058 [65.57.83.12 80] MAP 192.168.1.236 1057 <- -> 200.198.77.34 1057 [65.57.83.12 80] MAP 192.168.1.236 1056 <- -> 200.198.77.34 1056 [65.57.83.12 80] MAP 192.168.1.236 1055 <- -> 200.198.77.34 1055 [65.57.83.12 80] MAP 192.168.1.236 1054 <- -> 200.198.77.34 1054 [65.57.83.12 80] MAP 192.168.1.236 1053 <- -> 200.198.77.34 1053 [65.57.83.12 80] MAP 192.168.1.236 1052 <- -> 200.198.77.34 1052 [65.57.83.12 80] MAP 192.168.1.236 1051 <- -> 200.198.77.34 1051 [65.57.83.12 80] MAP 192.168.1.236 1050 <- -> 200.198.77.34 1050 [65.57.83.12 80] MAP 192.168.1.236 1049 <- -> 200.198.77.34 1049 [65.57.83.12 80] MAP 192.168.1.236 1048 <- -> 200.198.77.34 1048 [65.57.83.12 80] MAP 192.168.1.236 1047 <- -> 200.198.77.34 1047 [65.57.83.12 80] MAP 192.168.1.236 1046 <- -> 200.198.77.34 1046 [65.57.83.12 80] MAP 192.168.1.236 1045 <- -> 200.198.77.34 1045 [65.57.83.12 80] MAP 192.168.1.236 1043 <- -> 200.198.77.34 1043 [207.88.221.233 80] RDR 192.168.10.2 25 <- -> 200.198.77.35 25 [200.231.206.186 56831] MAP 192.168.1.138 1435 <- -> 200.198.77.34 1435 [200.230.198.76 25] MAP 192.168.1.182 1648 <- -> 200.198.77.34 1648 [205.188.161.249 80] RDR 192.168.10.2 25 <- -> 200.198.77.35 25 [149.244.249.1 61951] MAP 192.168.1.182 1647 <- -> 200.198.77.34 1647 [205.188.161.249 80] RDR 192.168.10.2 53 <- -> 200.198.77.35 53 [200.19.240.50 32772] MAP 192.168.1.236 1037 <- -> 200.198.77.34 1037 [207.68.172.246 80] MAP 192.168.1.236 1036 <- -> 200.198.77.34 1036 [207.68.172.246 80] MAP 192.168.1.236 1035 <- -> 200.198.77.34 1035 [207.68.177.126 80] MAP 192.168.1.182 1646 <- -> 200.198.77.34 1646 [205.188.161.248 80] MAP 192.168.1.236 1034 <- -> 200.198.77.34 1034 [207.68.172.246 80] MAP 192.168.1.182 1645 <- -> 200.198.77.34 1645 [205.188.161.249 80] MAP 192.168.1.236 1032 <- -> 200.198.77.34 1032 [207.68.172.246 80] MAP 192.168.1.236 1031 <- -> 200.198.77.34 1031 [207.68.172.246 80] MAP 192.168.1.182 1644 <- -> 200.198.77.34 1644 [205.188.161.248 80] MAP 192.168.1.182 1643 <- -> 200.198.77.34 1643 [205.188.161.248 80] MAP 192.168.1.182 1642 <- -> 200.198.77.34 1642 [205.188.161.248 80] MAP 192.168.1.182 1641 <- -> 200.198.77.34 1641 [205.188.161.249 80] MAP 192.168.1.182 1640 <- -> 200.198.77.34 1640 [205.188.161.249 80] MAP 192.168.1.182 1639 <- -> 200.198.77.34 1639 [205.188.161.249 80] MAP 192.168.1.182 1638 <- -> 200.198.77.34 1638 [205.188.161.248 80] MAP 192.168.1.182 1635 <- -> 200.198.77.34 1635 [205.188.161.248 80] MAP 192.168.1.182 1634 <- -> 200.198.77.34 1634 [205.188.161.249 80] MAP 192.168.1.182 1637 <- -> 200.198.77.34 1637 [205.188.161.248 80] MAP 192.168.1.182 1636 <- -> 200.198.77.34 1636 [205.188.161.248 80] MAP 192.168.1.182 1633 <- -> 200.198.77.34 1633 [205.188.161.249 80] MAP 192.168.1.236 1030 <- -> 200.198.77.34 1030 [207.68.172.246 80] MAP 192.168.1.236 1028 <- -> 200.198.77.34 1028 [207.46.197.101 80] MAP 192.168.1.142 1046 <- -> 200.198.77.34 1046 [64.12.174.185 80] MAP 192.168.1.142 1045 <- -> 200.198.77.34 1045 [207.200.89.225 80] MAP 192.168.1.142 1044 <- -> 200.198.77.34 1044 [207.200.89.225 80] MAP 192.168.1.142 1043 <- -> 200.198.77.34 1043 [207.200.89.225 80] MAP 192.168.1.182 1632 <- -> 200.198.77.34 1632 [205.188.161.249 80] MAP 192.168.1.142 1042 <- -> 200.198.77.34 1042 [207.200.89.225 80] MAP 192.168.1.142 1041 <- -> 200.198.77.34 1041 [207.200.89.225 80] MAP 192.168.1.142 1040 <- -> 200.198.77.34 1040 [207.200.89.225 80] MAP 192.168.1.142 1039 <- -> 200.198.77.34 1039 [207.200.89.225 80] MAP 192.168.1.142 1038 <- -> 200.198.77.34 1038 [207.200.89.225 80] MAP 192.168.1.182 1631 <- -> 200.198.77.34 1631 [205.188.161.248 80] MAP 192.168.1.138 1434 <- -> 200.198.77.34 1434 [200.230.198.76 25] MAP 192.168.1.138 1432 <- -> 200.198.77.34 1432 [200.246.5.85 110] MAP 192.168.1.182 1630 <- -> 200.198.77.34 1630 [205.188.161.249 80] MAP 192.168.1.182 1629 <- -> 200.198.77.34 1629 [205.188.161.248 80] MAP 192.168.1.182 1628 <- -> 200.198.77.34 1628 [205.188.161.248 80] MAP 192.168.1.182 1627 <- -> 200.198.77.34 1627 [205.188.161.248 80] MAP 192.168.1.211 2635 <- -> 200.198.77.34 2635 [200.185.15.114 80] MAP 192.168.1.211 2634 <- -> 200.198.77.34 2634 [64.58.77.172 80] MAP 192.168.1.211 2633 <- -> 200.198.77.34 2633 [64.58.77.172 80] MAP 192.168.1.211 2632 <- -> 200.198.77.34 2632 [200.185.15.114 80] MAP 192.168.1.211 2631 <- -> 200.198.77.34 2631 [200.185.15.115 80] MAP 192.168.1.182 1626 <- -> 200.198.77.34 1626 [205.188.161.249 80] MAP 192.168.1.182 1625 <- -> 200.198.77.34 1625 [205.188.161.249 80] MAP 192.168.1.182 1624 <- -> 200.198.77.34 1624 [205.188.161.249 80] MAP 192.168.1.182 1623 <- -> 200.198.77.34 1623 [205.188.161.248 80] MAP 192.168.1.182 1622 <- -> 200.198.77.34 1622 [205.188.161.248 80] MAP 192.168.1.182 1621 <- -> 200.198.77.34 1621 [205.188.161.248 80] MAP 192.168.1.182 1620 <- -> 200.198.77.34 1620 [205.188.161.248 80] MAP 192.168.1.182 1619 <- -> 200.198.77.34 1619 [205.188.161.249 80] MAP 192.168.1.182 1618 <- -> 200.198.77.34 1618 [205.188.161.249 80] MAP 192.168.1.138 1430 <- -> 200.198.77.34 1430 [200.246.5.85 110] MAP 192.168.1.182 1617 <- -> 200.198.77.34 1617 [205.188.161.249 80] MAP 192.168.1.155 1260 <- -> 200.198.77.34 1260 [200.198.184.38 80] MAP 192.168.1.155 1258 <- -> 200.198.77.34 1258 [200.198.184.52 80] MAP 192.168.1.155 1257 <- -> 200.198.77.34 1257 [200.198.184.52 80] MAP 192.168.1.211 2630 <- -> 200.198.77.34 2630 [64.58.77.172 80] MAP 192.168.1.211 2628 <- -> 200.198.77.34 2628 [200.185.15.114 80] MAP 192.168.1.211 2627 <- -> 200.198.77.34 2627 [200.185.15.90 80] MAP 192.168.1.182 1616 <- -> 200.198.77.34 1616 [205.188.161.249 80] MAP 192.168.1.182 1615 <- -> 200.198.77.34 1615 [205.188.161.249 80] MAP 192.168.1.155 1255 <- -> 200.198.77.34 1255 [208.184.29.70 80] MAP 192.168.1.155 1254 <- -> 200.198.77.34 1254 [209.225.52.25 80] MAP 192.168.1.155 1253 <- -> 200.198.77.34 1253 [209.225.52.25 80] MAP 192.168.1.155 1251 <- -> 200.198.77.34 1251 [209.225.52.22 80] MAP 192.168.1.155 1250 <- -> 200.198.77.34 1250 [209.225.52.22 80] MAP 192.168.1.155 1247 <- -> 200.198.77.34 1247 [200.226.136.81 80] MAP 192.168.1.155 1246 <- -> 200.198.77.34 1246 [200.226.136.81 80] MAP 192.168.1.211 2625 <- -> 200.198.77.34 2625 [64.58.77.173 80] MAP 192.168.1.211 2624 <- -> 200.198.77.34 2624 [200.185.15.115 80] MAP 192.168.1.211 2623 <- -> 200.198.77.34 2623 [200.185.15.90 80] RDR 192.168.10.2 25 <- -> 200.198.77.35 25 [200.231.206.186 52871] MAP 192.168.1.242 2380 <- -> 200.198.77.34 2380 [200.189.165.6 80] MAP 192.168.1.182 1614 <- -> 200.198.77.34 1614 [205.188.161.249 80] MAP 192.168.10.2 2395 <- -> 200.198.77.34 2395 [200.174.79.131 25] MAP 192.168.1.182 1613 <- -> 200.198.77.34 1613 [205.188.161.248 80] MAP 192.168.1.182 1612 <- -> 200.198.77.34 1612 [205.188.161.248 80] MAP 192.168.1.242 2379 <- -> 200.198.77.34 2379 [200.189.165.6 80] MAP 192.168.1.182 1611 <- -> 200.198.77.34 1611 [205.188.161.249 80] RDR 192.168.10.2 25 <- -> 200.198.77.35 25 [192.25.240.36 51817] RDR 192.168.10.2 53 <- -> 200.198.77.34 53 [63.120.179.2 12755] MAP 192.168.1.138 1429 <- -> 200.198.77.34 1429 [200.246.5.85 110] MAP 192.168.1.155 1244 <- -> 200.198.77.34 1244 [200.185.61.212 80] MAP 192.168.1.155 1242 <- -> 200.198.77.34 1242 [200.221.3.13 80] MAP 192.168.1.155 1241 <- -> 200.198.77.34 1241 [200.221.3.13 80] MAP 192.168.1.211 2620 <- -> 200.198.77.34 2620 [200.177.96.120 80] MAP 192.168.1.138 1427 <- -> 200.198.77.34 1427 [200.246.5.85 110] RDR 192.168.10.2 25 <- -> 200.198.77.35 25 [200.205.95.10 45794] MAP 192.168.1.211 2619 <- -> 200.198.77.34 2619 [200.177.96.120 80] RDR 192.168.10.2 53 <- -> 200.198.77.35 53 [200.205.125.57 53] MAP 192.168.1.182 1610 <- -> 200.198.77.34 1610 [64.12.174.185 80] MAP 192.168.1.182 1609 <- -> 200.198.77.34 1609 [205.188.161.249 80] MAP 192.168.1.211 2618 <- -> 200.198.77.34 2618 [200.177.96.120 80] MAP 192.168.1.211 2613 <- -> 200.198.77.34 2613 [200.185.15.93 80] MAP 192.168.1.211 2607 <- -> 200.198.77.34 2607 [200.221.31.136 80] RDR 192.168.10.2 53 <- -> 200.198.77.35 53 [64.12.66.8 42074] MAP 192.168.1.195 1084 <- -> 200.198.77.34 1084 [200.231.206.30 119] RDR 192.168.10.2 53 <- -> 200.198.77.35 53 [192.111.39.1 3855] RDR 192.168.10.2 53 <- -> 200.198.77.34 53 [200.18.76.17 1392] MAP 192.168.1.195 1082 <- -> 200.198.77.34 1082 [200.231.206.30 119] RDR 192.168.10.2 53 <- -> 200.198.77.34 53 [200.18.76.17 1389] MAP 192.168.10.2 2357 <- -> 200.198.77.34 2357 [209.185.243.135 25] RDR 192.168.10.2 53 <- -> 200.198.77.34 53 [200.201.133.20 1119] MAP 192.168.1.242 2376 <- -> 200.198.77.34 2376 [200.189.165.6 80] RDR 192.168.10.2 53 <- -> 200.198.77.34 53 [152.163.140.10 19117] RDR 192.168.10.2 53 <- -> 200.198.77.35 53 [152.163.140.11 19986] RDR 192.168.10.2 53 <- -> 200.198.77.35 53 [216.136.171.252 63553] RDR 192.168.10.2 53 <- -> 200.198.77.34 53 [216.136.171.252 63530] RDR 192.168.10.2 53 <- -> 200.198.77.34 53 [216.136.171.252 63518] MAP 192.168.1.195 1080 <- -> 200.198.77.34 1080 [216.148.218.197 80] MAP 192.168.1.195 1079 <- -> 200.198.77.34 1079 [216.148.218.197 80] MAP 192.168.10.2 2323 <- -> 200.198.77.34 2323 [200.196.255.186 25] MAP 192.168.1.130 1355 <- -> 200.198.77.34 1355 [213.203.58.52 80] MAP 192.168.1.174 1170 <- -> 200.198.77.34 1170 [207.25.71.163 80] MAP 192.168.1.205 1215 <- -> 200.198.77.34 1215 [164.109.51.98 80] MAP 192.168.1.233 1401 <- -> 200.198.77.34 1401 [200.201.129.12 80] MAP 192.168.1.233 1400 <- -> 200.198.77.34 1400 [200.201.129.12 80] MAP 192.168.1.233 1399 <- -> 200.198.77.34 1399 [200.201.129.12 80] RDR 192.168.10.2 25 <- -> 200.198.77.35 25 [200.212.154.148 3184] MAP 192.168.1.233 1238 <- -> 200.198.77.34 1238 [200.136.49.10 80] MAP 192.168.1.135 1065 <- -> 200.198.77.34 1065 [200.177.100.70 80] MAP 192.168.1.149 1157 <- -> 200.198.77.34 1157 [200.208.28.211 80] MAP 192.168.1.149 1131 <- -> 200.198.77.34 1131 [200.244.143.232 8080] MAP 192.168.1.216 1221 <- -> 200.198.77.34 1221 [207.68.182.59 80] MAP 192.168.1.138 1311 <- -> 200.198.77.34 1311 [200.221.3.13 80] MAP 192.168.10.2 4520 <- -> 200.198.77.34 4520 [200.173.157.194 25] MAP 192.168.1.193 1040 <- -> 200.198.77.34 1040 [200.244.143.232 8080] MAP 192.168.1.169 1987 <- -> 200.198.77.34 1987 [200.221.2.6 80] MAP 192.168.1.160 1042 <- -> 200.198.77.34 1042 [209.73.225.9 80] MAP 192.168.1.160 1041 <- -> 200.198.77.34 1041 [209.73.225.9 80] MAP 192.168.1.140 1083 <- -> 200.198.77.34 1083 [170.66.1.150 443] MAP 192.168.1.201 1031 <- -> 200.198.77.34 1031 [64.4.13.66 1863] RDR 192.168.10.2 80 <- -> 200.198.77.35 80 [200.176.82.31 1210] MAP 192.168.1.175 1332 <- -> 200.198.77.34 1332 [200.221.6.8 80] RDR 192.168.10.2 25 <- -> 200.198.77.35 25 [200.165.15.111 10017] RDR 192.168.10.2 25 <- -> 200.198.77.35 25 [200.165.15.111 10032] RDR 192.168.10.2 25 <- -> 200.198.77.35 25 [200.165.15.111 10064] RDR 192.168.10.2 25 <- -> 200.198.77.35 25 [200.165.15.111 10044] RDR 192.168.10.2 80 <- -> 200.198.77.36 80 [200.57.51.36 3289] RDR 192.168.10.2 80 <- -> 200.198.77.35 80 [200.204.151.121 42723] RDR 192.168.10.2 80 <- -> 200.198.77.35 80 [200.204.151.121 56497] RDR 192.168.10.2 80 <- -> 200.198.77.35 80 [200.204.151.121 80] RDR 192.168.10.2 80 <- -> 200.198.77.35 80 [200.170.42.182 1340] :========== ipf.rules block in quick on rl0 from 192.168.0.0/24 to any block in quick from 172.16/12 to any block in quick from 10.0.0.0/8 to any block in quick from 0.0.0.0/8 to any block in quick from 169.254.0.0/16 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl1 from 127.0.0.0/8 to any block in quick on rl2 from 127.0.0.0/8 to any block in quick from 192.0.2.0/24 to any block in quick from 204.152.64.0/23 to any block in quick from 224.0.0.0/3 to any block in log quick on rl0 from any to 192.168.1.0/32 block in log quick on rl0 from any to 192.168.1.255/32 block in log quick on rl1 from any to any pass out on rl1 proto tcp from any to any keep state pass in quick on lo0 pass out quick on lo0 pass in quick on gif0 pass out quick on gif0 #pass in quick on rl1 #pass out quick on rl1 pass in quick on rl2 pass out quick on rl2 pass in quick on rl0 pass out quick on rl0 pass in quick proto tcp from any to any port = 22 keep state pass in quick on rl1 proto tcp from any to any port = 25 keep state pass in quick proto tcp from any to any port = 10000 keep state pass in quick on rl1 proto tcp/udp from 192.168.10.2 to 192.168.10.1 port = 53 keep state pass out quick on rl1 proto tcp from any to any keep state pass out quick on rl1 proto udp from any to any keep state block out quick on rl1 all block in quick on rl1 all pass out quick proto icmp from any to any keep state pass out quick proto tcp/udp from any to any keep state keep frags pass in quick proto tcp/udp from any to any keep state keep frags :=========== ipnat.conf map rl0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp map rl0 192.168.1.0/24 -> 0/32 map rl0 192.168.10.0/24 -> 0/32 proxy port ftp ftp/tcp map rl0 192.168.10.0/24 -> 0/32 rdr rl0 200.198.77.35/32 port 80 -> 192.168.10.2 port 80 rdr rl0 200.198.77.36/32 port 80 -> 192.168.10.2 port 80 rdr rl0 200.198.77.35/32 port 25 -> 192.168.10.2 port 25 rdr rl0 200.198.77.34/32 port 53 -> 192.168.10.2 port 53 rdr rl0 200.198.77.35/32 port 53 -> 192.168.10.2 port 53 rdr rl0 200.198.77.34/32 port 53 -> 192.168.10.2 port 53 udp rdr rl0 200.198.77.35/32 port 53 -> 192.168.10.2 port 53 udp #rdr rl0 200.198.77.35/32 port 110 -> 192.168.10.2 port 110 :========== end of files. TIA -- sauda��es, Irado Furioso com Tudo Linux (SuSE) User 179402 tortura � sempre instrumento do estado, dos pais, dos professores.. sempre algu�m se imagina ter poder acima dos demais. Viva a anarquia!!! _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
