ifconfig (re1=LAN re2=WAN) re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=389b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC> ether 00:1d:7d:0d:25:80 inet 192.168.25.4 netmask 0xffffff00 broadcast 192.168.25.255 media: Ethernet autoselect (100baseTX <full-duplex>) status: active re2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=389b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC> ether 00:1d:0f:be:93:e5 inet 192.168.1.64 netmask 0xffffff00 broadcast 192.168.1.255 media: Ethernet autoselect (100baseTX <full-duplex>) status: active netstat -nr Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.1 UGS 11 17360 re2 127.0.0.1 link#4 UH 0 12 lo0 192.168.1.0/24 link#3 U 0 241 re2 192.168.1.64 link#3 UHS 0 114 lo0 192.168.25.0/24 link#2 U 4 30202 re1 192.168.25.4 link#2 UHS 0 0 lo0 ipfw show 00005 63367 23159498 allow log ip from any to any via re1 00010 32 1920 allow log ip from any to any via lo0 00015 0 0 check-state 00110 0 0 allow log tcp from any to 192.168.1.1 dst-port 53 out via re2 setup keep-state 00111 412 42103 allow log udp from any to 192.168.1.1 dst-port 53 out via re2 keep-state 00112 409 20724 allow log tcp from 192.168.25.23 to any out via re2 setup keep-state 00113 0 0 allow log tcp from 192.168.25.23 to any out via re0 setup keep-state 00200 29123 13793875 allow log tcp from any to any dst-port 80 out via re2 setup keep-state 00220 1048 431997 allow log tcp from any to any dst-port 443 out via re2 setup keep-state 00230 0 0 allow log tcp from any to any dst-port 25 via re2 setup keep-state 00231 0 0 allow log tcp from any to any dst-port 110 via re2 setup keep-state 00240 0 0 allow log tcp from me to any out via re0 setup uid root keep-state 00250 0 0 allow log icmp from any to any out via re0 keep-state 00251 8 672 allow log icmp from any to any out via re2 keep-state 00260 0 0 allow log tcp from any to any dst-port 37 out via re2 setup keep-state 00280 0 0 allow log tcp from any to any dst-port 22 out via re2 setup keep-state 00281 0 0 allow log tcp from any to any dst-port 22 out via re0 setup keep-state 00290 0 0 allow log tcp from any to any dst-port 43 out via re2 setup keep-state 00299 1754 124034 deny log ip from any to any out via re2 00300 0 0 deny log ip from any to any out via re0 00301 0 0 deny log ip from 172.16.0.0/12 to any in via re0 00302 0 0 deny log ip from 10.0.0.0/8 to any in via re0 00303 0 0 deny log ip from 127.0.0.0/8 to any in via re0 00304 0 0 deny log ip from 0.0.0.0/8 to any in via re0 00305 0 0 deny log ip from 169.254.0.0/16 to any in via re0 00306 0 0 deny log ip from 192.0.2.0/24 to any in via re0 00307 0 0 deny log ip from 204.152.64.0/23 to any in via re0 00308 0 0 deny log ip from 224.0.0.0/3 to any in via re0 00310 29 1044 deny log icmp from any to any in via re2 00310 20 1280 deny log icmp from any to any in via re0 00315 0 0 deny log tcp from any to any dst-port 113 in via re2 00315 0 0 deny log tcp from any to any dst-port 113 in via re0 00320 0 0 deny log tcp from any to any dst-port 137 in via re2 00321 0 0 deny log tcp from any to any dst-port 138 in via re2 00322 0 0 deny log tcp from any to any dst-port 139 in via re2 00323 0 0 deny log tcp from any to any dst-port 81 in via re2 00324 0 0 deny log tcp from any to any dst-port 137 in via re0 00325 0 0 deny log tcp from any to any dst-port 138 in via re0 00326 6 296 deny log tcp from any to any dst-port 139 in via re0 00327 0 0 deny log tcp from any to any dst-port 81 in via re0 00330 0 0 deny log ip from any to any frag in via re2 00331 0 0 deny log ip from any to any frag in via re0 00332 286 14488 deny log tcp from any to any established in via re2 00333 0 0 deny log tcp from any to any established in via re2 00410 0 0 allow log tcp from any to me dst-port 22 in via re2 setup limit src-addr 2 00411 0 0 allow log tcp from any to me dst-port 22 in via re0 setup limit src-addr 2 00420 0 0 allow log tcp from any to me dst-port 23 in via re2 setup limit src-addr 2 00499 631 30860 deny log ip from any to any in via re2 00999 20 1317 deny log ip from any to any 65535 0 0 deny ip from any to any 2010/1/5 Nilson <nil...@forge.com.br> > 2010/1/5 Bruno Torres Viana <btvi...@gmail.com>: > > Nilson, > > > > re1 é minha LAN, acredito que este pacote tem que passar mesmo... > > Em fim, não tenho muita intimidade com ipfw se puder ajudar.. > > Claro, por acaso nao tem chance de ser esse bloqueio na porta 25 > que os provedores estao implantando devido a determinacao do CGI-br? > > Mande mais dados: > > # ifconfig > # netstat -nr > # ipfw show > > -- > Nilson > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > -- ------------------------------- Bruno Torres Viana Analista de Segurança da Informaçao Contato: (27) 8823-0751 Todos nós somos ignorantes, porém em assuntos diferentes. Não seja ignorante por opção! ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd