adiciona no seu kernel custom: options IPFIREWALL_FORWARD
E recompila teu kernel e corre pro abraco! :D 2009/10/26 Alexandre Proença <alexan...@levier.com.br>: > Bom dia a todos da lista, > Alterei meu banco de dados mysql para outro servidor, para nao ter que > mudar em minhas aplicações que sao muitas o endereço de conexão do > banco, tive a ideia de fazer um port-forwarding no meu server antigo > então teoricamente tudo que chega na porta 3306 do meu servidor antigo > ele repassaria para a mesma porta de meu novo servidor, porem estou com > uma mensagem de erro na hora de aplicar a regra de fwd, seguem abaixo as > informações pertinetes > > *FreeBSD venus.xxxxxxx.com.br 7.2-RELEASE FreeBSD 7.2-RELEASE* > > *[r...@venus /etc/rc.d]# sysctl -a | grep net.inet.ip* > net.inet.ip.portrange.randomtime: 45 > net.inet.ip.portrange.randomcps: 10 > net.inet.ip.portrange.randomized: 1 > net.inet.ip.portrange.reservedlow: 0 > net.inet.ip.portrange.reservedhigh: 1023 > net.inet.ip.portrange.hilast: 65535 > net.inet.ip.portrange.hifirst: 49152 > net.inet.ip.portrange.last: 65535 > net.inet.ip.portrange.first: 49152 > net.inet.ip.portrange.lowlast: 600 > net.inet.ip.portrange.lowfirst: 1023 > net.inet.ip.forwarding: 1 > net.inet.ip.redirect: 1 > net.inet.ip.ttl: 64 > net.inet.ip.rtexpire: 3600 > net.inet.ip.rtminexpire: 10 > net.inet.ip.rtmaxcache: 128 > net.inet.ip.sourceroute: 0 > net.inet.ip.intr_queue_maxlen: 50 > net.inet.ip.intr_queue_drops: 0 > net.inet.ip.accept_sourceroute: 0 > net.inet.ip.keepfaith: 0 > net.inet.ip.gifttl: 30 > net.inet.ip.same_prefix_carp_only: 0 > net.inet.ip.subnets_are_local: 0 > net.inet.ip.fastforwarding: 0 > net.inet.ip.maxfragpackets: 800 > net.inet.ip.maxfragsperpacket: 16 > net.inet.ip.fragpackets: 0 > net.inet.ip.check_interface: 0 > net.inet.ip.random_id: 0 > net.inet.ip.sendsourcequench: 0 > net.inet.ip.process_options: 1 > net.inet.ip.fw.dyn_keepalive: 1 > net.inet.ip.fw.dyn_short_lifetime: 5 > net.inet.ip.fw.dyn_udp_lifetime: 10 > net.inet.ip.fw.dyn_rst_lifetime: 1 > net.inet.ip.fw.dyn_fin_lifetime: 1 > net.inet.ip.fw.dyn_syn_lifetime: 20 > net.inet.ip.fw.dyn_ack_lifetime: 300 > net.inet.ip.fw.static_count: 15 > net.inet.ip.fw.dyn_max: 4096 > net.inet.ip.fw.dyn_count: 0 > net.inet.ip.fw.curr_dyn_buckets: 256 > net.inet.ip.fw.dyn_buckets: 256 > net.inet.ip.fw.tables_max: 128 > net.inet.ip.fw.default_rule: 65535 > net.inet.ip.fw.verbose_limit: 0 > net.inet.ip.fw.verbose: 1 > net.inet.ip.fw.one_pass: 1 > net.inet.ip.fw.autoinc_step: 100 > net.inet.ip.fw.enable: 1 > > *Regras de IPFW* > > enable verbose > enable one_pass > # add pass ip from any to any > #add divert natd ip from any to any via xl0 > add divert natd ip from 192.168.200.0/22 to any out via xl0 > add divert natd ip from any to me in via xl0 > add pass udp from any to any > add pass ip from 192.168.0.0/16 to 192.168.0.0/16 > add pass icmp from any to any > #add pass tcp from any to any > 20,21,22,23,53,80,3306,2222,8806,5432,1024-65000 setup > add pass tcp from any to any > 13,20,21,22,23,53,80,3306,2222,8806,5432,8886,1024-65000 via xl0 > add pass tcp from any > 13,20,21,22,23,53,80,3306,2222,8806,5432,8886,1024-65000 to any via sk0 > add pass tcp from any to any > 13,20,21,22,23,53,80,3306,2222,8806,5432,8886,1024-65000 via sk0 > add deny tcp from any to any 587,2401,2049,512,513,514,445,79,111 via sk0 > add pass tcp from any to any out via xl0 > add pass tcp from any to any via xl0 established > #add deny ip from any to any via xl0 > add fwd 192.168.200.40,3306 tcp from any to any 3306 via xl0 > > Mensagem de erro > > [r...@venus /etc/rc.d]# /etc/rc.d/ipfw restart > net.inet.ip.fw.enable: 1 -> 0 > Stopping natd. > Waiting for PIDS: 75962, 75962, 75962, 75962, 75962. > Starting natd. > Loading /lib/libalias_cuseeme.so > Loading /lib/libalias_ftp.so > Loading /lib/libalias_irc.so > Loading /lib/libalias_nbt.so > Loading /lib/libalias_pptp.so > Loading /lib/libalias_skinny.so > Loading /lib/libalias_smedia.so > Flushed all rules. > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 00400 divert 8668 ip from 192.168.200.0/22 to any out via xl0 > 00500 divert 8668 ip from any to me in via xl0 > 00600 allow udp from any to any > 00700 allow ip from 192.168.0.0/16 to 192.168.0.0/16 > 00800 allow icmp from any to any > 00900 allow tcp from any to any dst-port > 13,20,21,22,23,53,80,3306,2222,8806,5432,8886,1024-65000 via xl0 > 01000 allow tcp from any > 13,20,21,22,23,53,80,3306,2222,8806,5432,8886,1024-65000 to any via sk0 > 01100 allow tcp from any to any dst-port > 13,20,21,22,23,53,80,3306,2222,8806,5432,8886,1024-65000 via sk0 > 01200 deny tcp from any to any dst-port > 587,2401,2049,512,513,514,445,79,111 via sk0 > 01300 allow tcp from any to any out via xl0 > 01400 allow tcp from any to any via xl0 established > *Line 18: getsockopt(IP_FW_ADD): Invalid argument* > Firewall rules loaded. > net.inet.ip.fw.enable: 0 -> 1 > > Alguem tem alguma ideia ou ja passou por este problema ?? > Desde já agradeço > > > -- > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd