00001 0 0 allow ip from any to any via lo0 00001 0 0 deny ip from any to 127.0.0.0/8 00001 0 0 deny ip from 127.0.0.0/8 to any 00001 33 3148 deny log logamount 100 ip from any to any not verrevpath in 00002 0 0 deny ip from any to any in frag 00002 0 0 deny tcp from any to any dst-port 137-139 00002 0 0 deny tcp from any 137-139 to any 00002 7 1123 deny udp from any to any dst-port 137-139 00002 0 0 deny udp from any 137-139 to any 00002 0 0 deny tcp from any to any dst-port 445 00002 0 0 deny tcp from any 445 to any 00002 0 0 deny udp from any to any dst-port 445 00002 0 0 deny udp from any 445 to any 00002 0 0 deny tcp from any to any dst-port 1512 00002 0 0 deny tcp from any 1512 to any 00002 0 0 deny udp from any to any dst-port 1512 00002 0 0 deny udp from any 1512 to any 00002 0 0 deny icmp from any to any icmptypes 3 00002 0 0 deny icmp from any to any icmptypes 4 00002 0 0 deny icmp from any to any icmptypes 9 00002 0 0 deny icmp from any to any icmptypes 11 00002 0 0 deny icmp from any to any icmptypes 12 00090 0 0 skipto 65000 tcp from any to 200.141.128.76 00090 0 0 skipto 65000 tcp from any to 200.201.174.0/24 00100 0 0 fwd 127.0.0.1,3128 tcp from 192.168.1.0/24 to any dst-port 80 via rl0 00112 0 0 pipe 112 ip from 192.168.1.3 to any in via rl0 00113 0 0 pipe 113 ip from any to 192.168.1.3 out via rl0 01001 0 0 pipe 1001 ip from 192.168.1.2 to any in via rl0 01002 0 0 pipe 1002 ip from any to 192.168.1.2 out via rl0 01005 0 0 pipe 1005 ip from 192.168.1.4 to any in via xl0 01006 0 0 pipe 1006 ip from any to 192.168.1.4 out via xl0 01007 0 0 pipe 1007 ip from 192.168.1.10 to any in via xl0 01008 0 0 pipe 1008 ip from any to 192.168.1.10 out via xl0 01009 0 0 pipe 1009 ip from 192.168.1.11 to any in via xl0 01010 0 0 pipe 1010 ip from any to 192.168.1.11 out via xl0 01011 0 0 pipe 1011 ip from 192.168.1.12 to any in via xl0 01012 0 0 pipe 1012 ip from any to 192.168.1.12 out via xl0 01013 0 0 pipe 1013 ip from 192.168.1.13 to any in via xl0 01014 0 0 pipe 1014 ip from any to 192.168.1.13 out via xl0 01015 0 0 pipe 1015 ip from 192.168.1.14 to any in via xl0 01016 0 0 pipe 1016 ip from any to 192.168.1.14 out via xl0 01017 0 0 pipe 1017 ip from 192.168.1.15 to any in via xl0 01018 0 0 pipe 1018 ip from any to 192.168.1.15 out via xl0 01019 0 0 pipe 1019 ip from 192.168.1.35 to any in via xl0 01020 0 0 pipe 1020 ip from any to 192.168.1.35 out via xl0 01021 0 0 pipe 1021 ip from 192.168.1.36 to any in via xl0 01022 0 0 pipe 1022 ip from any to 192.168.1.36 out via xl0 01023 0 0 pipe 1023 ip from 192.168.1.37 to any in via xl0 01024 0 0 pipe 1024 ip from any to 192.168.1.37 out via xl0 01025 0 0 pipe 1025 ip from 192.168.1.38 to any in via xl0 01026 0 0 pipe 1026 ip from any to 192.168.1.38 out via xl0 01027 0 0 pipe 1027 ip from 192.168.1.39 to any in via xl0 01028 0 0 pipe 1028 ip from any to 192.168.1.39 out via xl0 01029 0 0 pipe 1029 ip from 192.168.1.40 to any in via xl0 01030 0 0 pipe 1030 ip from any to 192.168.1.40 out via xl0 01031 0 0 pipe 1031 ip from 192.168.1.41 to any in via xl0 01032 0 0 pipe 1032 ip from any to 192.168.1.41 out via xl0 01033 0 0 pipe 1033 ip from 192.168.1.43 to any in via xl0 01034 0 0 pipe 1034 ip from any to 192.168.1.43 out via xl0 01035 0 0 pipe 1035 ip from 192.168.1.44 to any in via xl0 01036 0 0 pipe 1036 ip from any to 192.168.1.44 out via xl0 01037 0 0 pipe 1037 ip from 192.168.1.45 to any in via xl0 01038 0 0 pipe 1038 ip from any to 192.168.1.45 out via xl0 01039 0 0 pipe 1039 ip from 192.168.1.46 to any in via xl0 01040 0 0 pipe 1040 ip from any to 192.168.1.46 out via xl0 01041 0 0 pipe 1041 ip from 192.168.1.47 to any in via xl0 01042 0 0 pipe 1042 ip from any to 192.168.1.47 out via xl0 01043 0 0 pipe 1043 ip from 192.168.1.48 to any in via xl0 01044 0 0 pipe 1044 ip from any to 192.168.1.48 out via xl0 01045 0 0 pipe 1045 ip from 192.168.1.50 to any in via xl0 01046 0 0 pipe 1046 ip from any to 192.168.1.50 out via xl0 01047 0 0 pipe 1047 ip from 192.168.1.52 to any in via xl0 01048 0 0 pipe 1048 ip from any to 192.168.1.52 out via xl0 01049 0 0 pipe 1049 ip from 192.168.1.53 to any in via xl0 01050 0 0 pipe 1050 ip from any to 192.168.1.53 out via xl0 01051 0 0 pipe 1051 ip from 192.168.1.55 to any in via xl0 01052 0 0 pipe 1052 ip from any to 192.168.1.55 out via xl0 01053 0 0 pipe 1053 ip from 192.168.1.56 to any in via xl0 01054 0 0 pipe 1054 ip from any to 192.168.1.56 out via xl0 01055 0 0 pipe 1055 ip from 192.168.1.57 to any in via xl0 01056 0 0 pipe 1056 ip from any to 192.168.1.57 out via xl0 01059 0 0 pipe 1059 ip from 192.168.1.59 to any in via xl0 01060 0 0 pipe 1060 ip from any to 192.168.1.59 out via xl0 01061 0 0 pipe 1061 ip from 192.168.1.60 to any in via xl0 01062 0 0 pipe 1062 ip from any to 192.168.1.60 out via xl0 01063 0 0 pipe 1063 ip from 192.168.1.61 to any in via xl0 01064 0 0 pipe 1064 ip from any to 192.168.1.61 out via xl0 65000 222 40016 divert 8668 ip from any to any via xl0 65500 1 44 deny log logamount 100 ip from any to any { src-ip 10.0.0.0/8 or dst-ip 10.0.0.0/8 } out via xl0 65500 0 0 deny log logamount 100 ip from any to any { src-ip 172.16.0.0/12 or dst-ip 172.16.0.0/12 } out via xl0 65500 0 0 deny log logamount 100 ip from any to any { src-ip 192.168.0.0/16 or dst-ip 192.168.0.0/16 } out via xl0 65535 237 41575 allow ip from any to any
----- Original Message ----- From: <[EMAIL PROTECTED]> To: ""Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)"" <freebsd@fug.com.br> Sent: Wednesday, January 23, 2008 12:47 AM Subject: Re: [FUG-BR] duvidas opa melhorando :) Digite ai: ipfw show e cole as regras de firewall. Alessandro Fortuna escreveu: > Amigo aqui eu tenho um switch 3Com que nele vao todos os meus cabos de > rede > tanto servidores como radios e cisco router, antigamente eu tinha um > servidor FreeBSD que ´até então antes de apresentar problemas de Hardware > nunca havia dado nenhum problema na rede, agora acabei de montar um > servidor > FreeBSD 6.2, quando coloco eu diretamente na placa de rede interna dele eu > navego normalmente mas quando eu coloco ele no switch que no caso todos os > clientes iram começar passar pelo meu servidor que ele faz nat para meus > clientes, ninguem consegue ping ele inclusive eu. > > xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > options=9<RXCSUM,VLAN_MTU> > inet 201.91.x.60 netmask 0xffffff00 broadcast 201.91.x.255 > ether 00:0a:0d:d4:5f:c5 > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > options=8<VLAN_MTU> > inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255 > ether 00:40:f4:61:66:2e > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500 > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 > inet6 ::1 prefixlen 128 > inet 127.0.0.1 netmask 0xff000000 > > > > 2008/1/22, [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > >> Seja mais objetivo, mostre os erros por completo... nao tem como >> adivinhar sua duvida... >> >> T+ >> >> Alessandro Fortuna escreveu: >> >>> Boa noite pessoal, monte um servidor FreeBSD com duas placas de rede uma >>> >> com ip real e outra com ip de rede interna, vem um cabo de rede direto >> que >> liga na placa de IP Real e outra placa de rede liga em um hub que ficam >> ligadas duas maquinas clientes, entao com nos dois o servidores o >> servidor >> funciona tranquilamente e quando eu coloco ele na rede para meus clientes >> navegarem eu nao consigo ping meu gateway que no caso eh ele e fica dando >> erros Kernel: arp: .... >> >>> alguém pode me ajudar, meu controle de banda eh feito por ipfw e squid >>> >> para cache de paginas. >> >>> ------------------------- >>> Histórico: http://www.fug.com.br/historico/html/freebsd/ >>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >>> >>> >> ------------------------- >> Histórico: http://www.fug.com.br/historico/html/freebsd/ >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> >> > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd