Bu durumda tek kart ile spoof onlenemez sonucu cikiyor.(router imizda boyle
bir fonksiyon yok ise)
-----Original Message-----
From: M.Sinan BEYRIBEY [mailto:[EMAIL PROTECTED]
Sent: 28 October 2004 10:27
To: [EMAIL PROTECTED]
Subject: Re: [freebsd] IP FILTER PROBLEM
Rica ederim, sevindim düzelmesine.
Sizin bu IP adresini kullanan bir LAN da oldugunuzu dusunursek, Spoof onlemi
bir önceki gatewayde, ya da daha dogrusu nat yapan cihazınızda olmalı.
Eğer siz bu freebsd makinayı
Internet -> router -> freebsd -> lan
seklinde kullanmak istiyorsanız, 2 adet NIC kullanıp router tarafında spoof
onlemelisiniz.
Cisco routerlarda non routable ip ler icin blocklama ozelligi vardi sanirim.
Bir sekilde aktive ediliyordu, bir ccna, ccnp ye sormak faydali olur.
Iyi calismalar.
----- Original Message -----
From: "Abdullah ÖZTÜRK" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 28, 2004 9:18 AM
Subject: RE: [freebsd] IP FILTER PROBLEM
Evet bu sekilde oldu,
Cok tsk ederim super
spoofing icin bir problem olusturur mu acaba bu satirlari kaldirmam.
Ekstra bir satir eklemem gerekir mi?
saygilar
-----Original Message-----
From: M.Sinan BEYRIBEY [mailto:[EMAIL PROTECTED]
Sent: 28 October 2004 09:27
To: [EMAIL PROTECTED]
Subject: Re: [freebsd] IP FILTER PROBLEM
Üstad afedersiniz ama rl0 üzerinde 192.168.0.0/16 yı blockluyorsunuz.
Eğer sorununuz dışarıdan bağlantının kesilmesi ise (212 li IP ye yonelik
soyluyorum), benim cevabım yanlış olacaktır,
Ancak LAN'da yapmaya çalışıyorsanız,
block in quick on rl0 from 192.168.0.0/16 to any
satırını kaldırınız, hatta denemek için ipf.rules dosyanızdaki butun
192.168. blocklarını kaldırınız.
Saygılar.
----- Original Message -----
From: "Abdullah ÖZTÜRK" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 28, 2004 6:29 AM
Subject: RE: [freebsd] IP FILTER PROBLEM
Slm list,
Hala firewall'a bir cozum bulamadim, ipf.rules ve ipnat.rules dosyalarina
kurallari girince makinanin butun baglantilari kesiliyor bakmadigim yer
kalmadi
ifconfig
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 212.248.98.43 netmask 0xfffffff8 broadcast 212.248.98.47
inet 192.168.1.90 netmask 0xffffff00 broadcast 192.168.1.255
inet 192.168.1.91 netmask 0xffffffff broadcast 192.168.1.91
inet 192.168.1.92 netmask 0xffffffff broadcast 192.168.1.92
inet 192.168.1.93 netmask 0xffffffff broadcast 192.168.1.93
inet 192.168.1.94 netmask 0xffffffff broadcast 192.168.1.94
inet 192.168.1.95 netmask 0xffffffff broadcast 192.168.1.95
ether 00:50:ba:b2:79:e0
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
-----Original Message-----
From: Engin ÖZTÜRK [mailto:[EMAIL PROTECTED]
Sent: 27 October 2004 14:05
To: [EMAIL PROTECTED]
Subject: Re: [freebsd] IP FILTER PROBLEM
ifconfig dediginizde ethernetiniz nedir loopbackniz nedir
fxp0 ethernet , rl0 loopback gibi
bunlari netlestirin ve en basitten zora dogru gidin.. yasaklardan once
calisiyormuya bakin..
ayrica tum bloklariniza log ekleyin..
log eklediginizde /var/log/messages e hangi portla ilgili hata dusuyor
bakin.. gibi..
----- Original Message -----
From: "Abdullah ÖZTÜRK" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 27, 2004 12:54 PM
Subject: RE: [freebsd] IP FILTER PROBLEM
Oncelikle cevap verdiginiz icin tsk ederim,
Sizin gondermis oldugunuz konf. U da hazirladim calistirdim ondan sonra yine
ayni problem butun baglantilar kesildi Tekrar file ini icini bosaltarak
yeniden baslattim hala sorunu gideremedim.
-----Original Message-----
From: Engin ÖZTÜRK [mailto:[EMAIL PROTECTED]
Sent: 27 October 2004 11:05
To: [EMAIL PROTECTED]
Subject: Re: [freebsd] IP FILTER PROBLEM
burada loopback hic yok hep ethernet sorun oncelikle burada basliyor
inceleyip kendinize uyarlayin..
sonra gecmelisiniz her degisiklik sonrasi
# ipf -Fa -f /etc/ipf.rules; ipnat -CF -f /etc/ipnat.rules; ipf -Fa -f
/etc/ipf.rules -E
pass out quick on lo0
pass in quick on lo0
#fxp0 -ethernet
block in quick on fxp0 all with opt lsrr block in quick on fxp0 all with opt
ssrr
#
block in quick on fxp0 proto tcp from any to any flags FUP block in quick
proto tcp all flags FUP
## Default is block all, so i didn't specifically blocked icmp ## block
non-routable for spoofing protection -- block in quick on fxp0 from
192.168.0.0/16 to any block in quick on fxp0 from 172.16.0.0/12 to any block
in quick on fxp0 from 10.0.0.0/8 to any block in quick on fxp0 from
127.0.0.0/8 to any block in quick on fxp0 from any to 192.168.0.0/32 block
in quick on fxp0 from any to 192.168.0.255/32 block in quick on fxp0 from
any to 172.16.0.0/32 block in quick on fxp0 from any to 172.16.255.255/32
block out quick on fxp0 from any to 192.168.0.0/16 block out quick on fxp0
from any to 172.16.0.0/12 block out quick on fxp0 from any to 10.0.0.0/8
block out quick on fxp0 from any to 127.0.0.0/8
block in log quick on fxp0 proto icmp from any to any icmp-type 0 block in
log quick on fxp0 proto icmp from any to any icmp-type 3 block in log quick
on fxp0 proto icmp from any to any icmp-type 8 block in log quick on fxp0
proto icmp from any to any icmp-type 11
#block in log quick on fxp0 proto icmp from any to any icmp-type redir
# izinler
pass in quick on fxp0 proto tcp from any to 192.168.0.248 port = 25 flags S
keep state pass in quick on fxp0 proto tcp from any to 192.168.0.248 port =
110 flags S keep state pass in quick on fxp0 proto tcp from any to
192.168.0.248 port = 80 flags S keep state
#
pass out quick on fxp0 proto tcp from any to any keep state pass out quick
on fxp0 proto udp from any to any keep state pass out quick on fxp0 proto
icmp from any to any keep state
#ilgili porta erisim
pass in quick on xl0 proto tcp from 192.168.0.224/32 to any port = 10000
block in log quick on xl0 proto tcp from any to any port = 10000
pass in quick on xl0 proto tcp from 192.168.0.224/32 to any port = 3306
block in log quick on xl0 proto tcp from any to any port = 3306
pass in quick on xl0 proto tcp from 192.168.0.224/32 to any port = 22 block
in log quick on xl0 proto tcp from any to any port = 22
pass in quick on xl0 proto tcp from 192.168.0.224/32 to any port = 21
block in log quick on xl0 proto tcp from any to any port = 21
pass in quick on xl0 proto tcp from 213.194.65.15/32 to any port = 53 pass
in quick on xl0 proto tcp from 213.194.65.36/32 to any port = 53 pass in
quick on xl0 proto tcp from 192.168.0.0/24 to any port = 53 block in log
quick on xl0 proto tcp from any to any port = 53
pass in quick on xl0 proto tcp from 192.168.0.0/24 to any port = 3128
block in log quick on xl0 proto tcp from any to any port = 3128
pass in quick on xl0 proto tcp from any to any port = 110 pass in quick on
xl0 proto tcp from any to any port = 25 # block in quick on xl0 proto tcp
from 80.58.0.0/16 to any port = 80 block in quick on xl0 proto tcp from
213.172.32.0/19 to any port = 80 block in quick on xl0 proto tcp from
62.174.0.0/15 to any port = 80 pass in quick on xl0 proto tcp from any to
any port = 80 # block return-rst in quick on fxp0 proto tcp from any to any
# block return-icmp-as-dest(port-unr) in quick on fxp0 proto udp from any to
any # block in log quick on fxp0 proto icmp from any to any
----- Original Message -----
From: "Abdullah ÖZTÜRK" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 27, 2004 9:53 AM
Subject: RE: [freebsd] IP FILTER PROBLEM
Son durum takip acisindan kolay olur diyerek dosyalari ekleyerek
gonderiyorum.
Simdiden tsk ler
-----Original Message-----
From: Engin ÖZTÜRK [mailto:[EMAIL PROTECTED]
Sent: 27 October 2004 10:24
To: [EMAIL PROTECTED]
Subject: Re: [freebsd] IP FILTER PROBLEM
tam gonderirmisiniz su anki durumunu
----- Original Message -----
From: "Abdullah ÖZTÜRK" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 27, 2004 9:19 AM
Subject: RE: [freebsd] IP FILTER PROBLEM
asagidaki kurali dediginiz gibi ekledim ama yine calismiyor. Ssh icin de
ayni kurali uyguladim rule eklendi ve file degistirildi diyor ama calismiyor
-----Original Message-----
From: Engin ÖZTÜRK [mailto:[EMAIL PROTECTED]
Sent: 27 October 2004 09:40
To: [EMAIL PROTECTED]
Subject: Re: [freebsd] IP FILTER PROBLEM
Dogrudur
ipfilter v3.4.31 onceki surum hangsisiydi animsamiyorum ama orada bu sizin
7.satir sorunsuz calisiyordu siz buyuk olasilikla v3.4.31 ve/ya ustu
kullaniyorsunuz
pass in quick on rl0 proto tcp from 192.168.1.1/32 to any port = 3128
block in log quick on rl0 proto tcp from any to any port = 3128
satirlar cok kayik gelmis tam okuyamadim ama ustteki satiri yazin
calisacaktir..
ve diger portlari da ayni sekilde.. ustte 192.168.1.1 icin proxy izni
veriyoruz diger her yere yasak
----- Original Message -----
From: "Abdullah ÖZTÜRK" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 27, 2004 8:29 AM
Subject: RE: [freebsd] IP FILTER PROBLEM
> Oncelikle vermis oldugunuz cevap dolayi tsk ederim USTAD;
>
> Kitabinizi da aldim buyuk zevkle bilgi almaya calisiyorum
>
> Bu satirdan bahsediyorsunuz bu degeri uygulanis bicimini
> http://www.enderunix.org/docs/ipfilter.html bu adresden almistim
> asagida
ki
> satiri;
> block return-icmp(port-unr) in quick on rl0 from any to any port = 113
>
> Su sekilde degistirdim
> block return-icmp(port-unr) in quick on rl0 proto tcp from any to any
> port
=
> 113
>
> Diye degistirdim 192.168.1.11 numarali makinamdan ssh ve squid proxy
> 3128 portundan ve qmail 110 ve 25 numarali portlarin hic birinden
baglanamiyorum.
>
> Firewall calisti ama ben bile giremiyorum
>
>
> -----Original Message-----
> From: Murat Balaban [mailto:[EMAIL PROTECTED]
> Sent: 27 October 2004 09:04
> To: [EMAIL PROTECTED]
> Subject: Re: [freebsd] IP FILTER PROBLEM
>
>
>
> 7. satirdaki kuralinizda port kullanmissiniz, ama proto ile hangi
> protokol oldugunu belirtmemissiniz.
> Bazi protokoller port kavramina sahip degildir cunku (e.g. ICMP).
>
> On Wed, Oct 27, 2004 at 08:51:20AM +0400, Abdullah ?ZT?RK wrote:
> > slm list,
> >
> > ip filter kurdum
> >
> > ipf -Fa -f /etc/ipf.rules -E
> > 7: cannot use port and neither tcp or udp
> > ipf: /etc/ipf.rules: parse error (-1), quitting gibi bir hata
> > aliyorum
> >
> > yardim edebilirseniz sevinirim.
> >
> >
> > simdiden tsk ler
> >
> >
> >
> >
> > ipf.rules dosyasi;
> >
> > pass out quick on lo0
> > pass in quick on lo0
> >
> > block in quick on rl0 all with opt lsrr block in quick on rl0 all
> > with opt ssrr block in quick on rl0 proto tcp from any to any flags
> > FUP block return-icmp(port-unr) in quick on rl0 from any to any port
> > = 113 ##
> >
> > ##
> > ## block non-routable for spoofing protection -- block in quick on
> > rl0 from 192.168.0.0/16 to any block in quick on rl0 from
> > 172.16.0.0/12 to any block in quick on rl0 from 10.0.0.0/8 to any
> > block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0
> > from any to
> > 192.168.0.0/32 block in quick on rl0 from any to 192.168.0.255/32
> > block in quick on rl0 from any to 172.16.0.0/32 block in quick on
> > rl0 from any to 172.16.255.255/32 block out quick on rl0 from any to
> > 192.168.0.0/16 block out quick on rl0 from any to 172.16.0.0/12
> > block out quick on rl0 from any to 10.0.0.0/8 block out quick on rl0
> > from any to 127.0.0.0/8 ##
> >
> > ##
> > pass in quick on rl0 proto icmp from any to 192.168.0.0/24 icmp-type
> > 0 pass in quick on rl0 proto icmp from any to 192.168.0.0/24
> > icmp-type
> > 11 ## for web server pass in quick on rl0 proto tcp from any to
> > 192.168.1.90 port = 80 flags S keep state ## for smtp servers pass
> > in quick on rl0 proto tcp from any to 192.168.1.90 port = 25 flags S
> > keep state pass in quick on rl0 proto tcp from any to 192.168.1.90
> > port =
> > 25 flags S keep state ## pop3 for smtp servers pass in quick on rl0
> > proto tcp from any to 192.168.1.90 port = 110 flags S keep state
> > pass in quick on rl0 proto tcp from any to 192.168.1.90 port = 110
> > flags S keep state ## ssh sadece apache.cslab.itu.edu.tr 'den pass
> > in quick on rl0 proto tcp from 192.168.1.0/24 to 192.168.1.90 port =
> > 22 flags S keep state
> >
> >
> >
> >
> > ## disari cikisa kayitsiz sartsiz izin veriyoruz:
> > pass out quick on rl0 proto tcp from any to any keep state pass out
> > quick on rl0 proto udp from any to any keep state pass out quick on
> > rl0 proto icmp from any to any keep state ## diger butun tcp
> > paketler icin by-default tcp reset paketi yolluyoz.
> > block return-rst in quick on rl0 proto tcp from any to any ##
> > icmp'ler icin de port unreachable, hem de destination adresi source
> > adres
> > yaparak:
> > block return-icmp-as-dest(port-unr) in quick on rl0 proto udp from
> > any to any ## icmp'leri de bloke edip logluyoruz.
> > block in log quick on rl0 proto icmp from any to any
> >
> >
>
>
>
> --
> Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
> http://www.acikkod.com/freebsd.php
>
>
> ---------------------------------------------------------------------
> Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
> http://www.acikkod.com/freebsd.php
>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> Liste arsivi: http://lists.enderunix.org ve
> http://www.mail-archive.com/[EMAIL PROTECTED]
>
>
>
>
>
>
>
> ---------------------------------------------------------------------
> Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
> http://www.acikkod.com/freebsd.php
>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> Liste arsivi: http://lists.enderunix.org ve
http://www.mail-archive.com/[EMAIL PROTECTED]
>
>
>
---------------------------------------------------------------------
Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
http://www.acikkod.com/freebsd.php
To unsubscribe, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://lists.enderunix.org ve
http://www.mail-archive.com/[EMAIL PROTECTED]
---------------------------------------------------------------------
Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
http://www.acikkod.com/freebsd.php
To unsubscribe, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://lists.enderunix.org ve
http://www.mail-archive.com/[EMAIL PROTECTED]
---------------------------------------------------------------------
Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
http://www.acikkod.com/freebsd.php
To unsubscribe, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://lists.enderunix.org ve
http://www.mail-archive.com/[EMAIL PROTECTED]
----------------------------------------------------------------------------
----
> ---------------------------------------------------------------------
> Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
> http://www.acikkod.com/freebsd.php
>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> Liste arsivi: http://lists.enderunix.org ve
http://www.mail-archive.com/[EMAIL PROTECTED]
>
---------------------------------------------------------------------
Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
http://www.acikkod.com/freebsd.php
To unsubscribe, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://lists.enderunix.org ve
http://www.mail-archive.com/[EMAIL PROTECTED]
---------------------------------------------------------------------
Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
http://www.acikkod.com/freebsd.php
To unsubscribe, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://lists.enderunix.org ve
http://www.mail-archive.com/[EMAIL PROTECTED]
---------------------------------------------------------------------
Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
http://www.acikkod.com/freebsd.php
To unsubscribe, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://lists.enderunix.org ve
http://www.mail-archive.com/[EMAIL PROTECTED]
----------------------------------------------------------------------------
----
> ---------------------------------------------------------------------
> Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
> http://www.acikkod.com/freebsd.php
>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> Liste arsivi: http://lists.enderunix.org ve
> http://www.mail-archive.com/[EMAIL PROTECTED]
>
---------------------------------------------------------------------
Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
http://www.acikkod.com/freebsd.php
To unsubscribe, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://lists.enderunix.org ve
http://www.mail-archive.com/[EMAIL PROTECTED]
---------------------------------------------------------------------
Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
http://www.acikkod.com/freebsd.php
To unsubscribe, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://lists.enderunix.org ve
http://www.mail-archive.com/[EMAIL PROTECTED]
---------------------------------------------------------------------
Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
http://www.acikkod.com/freebsd.php
To unsubscribe, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://lists.enderunix.org ve
http://www.mail-archive.com/[EMAIL PROTECTED]
---------------------------------------------------------------------
Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
http://www.acikkod.com/freebsd.php
To unsubscribe, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://lists.enderunix.org ve http://www.mail-archive.com/[EMAIL
PROTECTED]
