Re: [freebsd] ipf ve no rules!

[=?iso-8859-9?Q?Mesut_G=DCLNAZ?=]

iki tane Eth kartı var üzerinde   su-2.05b# ifconfig fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500         inet 10.0.0.2 netmask 0xffffff00 broadcast 10.0.0.255         inet6 fe80::290:27ff:fe2e:9d75%fxp0 prefixlen 64 scopeid 0x1         ether 00:90:27:2e:9d:75         media: Ethernet autoselect (100baseTX <full-duplex>)         status: active rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500         inet 172.16.0.3 netmask 0xffffff00 broadcast 172.16.0.255         inet6 fe80::200:21ff:fe10:dfbf%rl0 prefixlen 64 scopeid 0x2         ether 00:00:21:10:df:bf         media: Ethernet autoselect (100baseTX <full-duplex>)         status: active lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384         inet6 ::1 prefixlen 128         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4         inet 127.0.0.1 netmask 0xff000000 su-2.05b#   rl0 olan LAN da kullanılan arabirim. fxp0 ise ADSL e eth dan bağlanan arabirim!   ADSL i şuan böyle kullanmak zorundayım. bridge olarak kurmaya daha sonra girişeceğim. öncelikle bu sorunu halletmem gerekli!   Teşekkürler! ----- Original Message ----- From: Devrim Sipahi To: [EMAIL PROTECTED] Sent: Tuesday, October 05, 2004 9:30 AM Subject: Re: [freebsd] ipf ve no rules! Merhaba, Kaçtane ethernet kartı var? kurallarda sadece fxp0 gözüküyor. Pts 04 Eki 2004 19:18 tarihinde, Mesut GÜLNAZ şunları yazmıştı: > bir firewall kurmaya çalıştım. > > kernel e > > options         IPFILTER                #ipfilter support > options         IPFILTER_LOG            #ipfilter logging > > desteğini verdim ve ona göre derledim > > rc.conf a > > ipfilter_enable="YES" > ipfilter_program="/sbin/ipf" > ipfilter_rules="/etc/ipf.rules" > ipfilter_flags="-E" > ipfs_enable="YES" > ipmon_enable="YES" > ipmon_program="/sbin/ipmon" > ipmon_flags="-Ds" > ipnat_enable="YES" > ipnat_program="/sbin/ipnat" > ipnat_rules="/etc/ipnat.rules" > ipnat_flags="" > > satırlarını ekledim > > daha sonra > > su-2.05b# ipf -Fa -f /etc/ipf.rules > su-2.05b# > > hata almadım... Ama sorun şu ki çalıştığını pek sanmıyorum! > > su-2.05b# ipf -Fa -f /etc/ipf.rules > su-2.05b# ipftest > no rules loaded > > > VE > > su-2.05b# ipfstat >  IPv6 packets:          in 0 out 10 >  input packets:         blocked 0 passed 378 nomatch 144 counted 0 short 0 > output packets:         blocked 0 passed 456 nomatch 65 counted 0 short 0 >  input packets logged:  blocked 0 passed 0 > output packets logged:  blocked 0 passed 0 >  packets logged:        input 0 output 0 >  log failures:          input 0 output 0 > fragment state(in):     kept 0  lost 0 > fragment state(out):    kept 0  lost 0 > packet state(in):       kept 0  lost 0 > packet state(out):      kept 0  lost 0 > ICMP replies:   0       TCP RSTs sent:  0 > Invalid source(in):     0 > Result cache hits(in):  209     (out):  366 > IN Pullups succeeded:   0       failed: 0 > OUT Pullups succeeded:  0       failed: 0 > Fastroute successes:    0       failures:       0 > TCP cksum fails(in):    0       (out):  0 > Packet log flags set: (0) >         none > > KURALLAR ise şöyle > > su-2.05b# cat /etc/ipf.rules > pass out quick on lo0 > pass in quick on lo0 > pass in on fxp0 > pass out on fxp0 > block in log quick on fxp0 proto tcp from any to any port = 135 > block in log quick on fxp0 proto tcp from any to any port = 137 > block in log quick on fxp0 proto tcp from any to any port = 138 > block in log quick on fxp0 proto tcp from any to any port = 139 > block in log quick on fxp0 proto tcp from any to any port = 445 > block in log quick on fxp0 proto tcp from any to any port = 707 > block in log quick on fxp0 proto tcp from any to any port = 1214 > block in log quick on fxp0 proto tcp from any to any port = 4829 > block out log quick on fxp0 proto tcp from any to any port = 135 > block out log quick on fxp0 proto tcp from any to any port = 137 > block out log quick on fxp0 proto tcp from any to any port = 138 > block out log quick on fxp0 proto tcp from any to any port = 139 > block out log quick on fxp0 proto tcp from any to any port = 445 > block out log quick on fxp0 proto tcp from any to any port = 707 > block out log quick on fxp0 proto tcp from any to any port = 1214 > block out log quick on fxp0 proto tcp from any to any port = 4829 > pass in log quick on fxp0 proto tcp from xxx.xxx.xxx.xxx to any port 4659 > >< 4713 flags S keep state pass out log quick on fxp0 proto tcp from > xxx.xxx.xxx.xxx to any port 4659 >< 4713 flags S keep state block in log > quick on fxp0 proto tcp from any to any port 4659 >< 4713 block out log > quick on fxp0 proto tcp from any to any port 4659 >< 4713 > > VE > > su-2.05b# ls -l /etc/ipf.rules > -rw-r--r--  1 root  wheel  1448 Oct  4 18:40 /etc/ipf.rules > su-2.05b# > > sorun ne olabilir? > > teşekkürler! --------------------------------------------------------------------- Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti. http://www.acikkod.com/freebsd.php To unsubscribe, e-mail: [EMAIL PROTECTED] Liste arsivi: http://lists.enderunix.org ve http://www.mail-archive.com/[EMAIL PROTECTED]