Herkese Merhaba,
Huzeyfe Bey inetd.conf dosyasinda ilgili satir var ve inetd enable
durumda.
pf.conf'ta istediginiz degisikligi yaptim fakat daha once gonderdiginiz
satiri ekledigimde o satira hata veriyor ve conf dosyasini yuklemiyor.
pf.conf'un tam icerigini asagiya past ediyorum hata veren satirin
basinda #
isareti var ve satirin icinde olmasi gereken \ isareti yok basina #
koymama
ragmen \ olursa yine hata verdiriyor.Server cvsup ile guncellene
biliyor,
yani serverdan ftp sitelerine erisebiliyorum fakat gateway olarak bu
serveri
kullanan pc'ler http sitelere normal erisebilirken ftp sitelerine
erisemiyor.
Bedreddin beyde ayni yapiyi kullaniyormus kendisinden pf.conf
dosyasinin
icerigini isteyip denedim onunlada basaramadim.Kesin bir yerde bir hata
yaptim ama bir turlu bulamadim.pf.conf asagida sorunumun cozumune isik
tutacak ilave bilgi gerekirse onlarida gonderebilirim.
Hepinize iyi calismalar.
L: 1 C: 1
=====================================================================
###################################################
# Macros
###################################################
lan_net = "192.168.1.0/24"
int_if = "re0"
ext_if = "re1"
me="192.168.1.99"
admins = "192.168.1.24"
###################################################
# Set Optimizations
###################################################
set limit { frags 30000, states 25000 }
set loginterface $ext_if
scrub in all
###################################################
# Nat Rules
###################################################
nat on $ext_if from $lan_net to any -> ($ext_if)
rdr on $int_if proto tcp from any to any port www -> 127.0.0.1 port
8080
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
###################################################
# Firewall Rules
###################################################
block in on $ext_if all
block in log-all on $ext_if
#pass in all
#pass out all
#pass in on $ext_if inet proto tcp from any port 21 to $ext_if port >
49151
user proxy flags S/SA keep state
#pass in on $ext_if inet proto tcp from port 20 to ($ext_if) user
proxy
flags S/SA keep state
#pass in on $ext_if proto tcp from $admins to any flags S/SA keep state
pass out on $ext_if proto tcp from any to any flags S/SA modulate state
pass out on $ext_if proto { udp, icmp } from any to any keep state
----- Original Message -----
From: "Huzeyfe Onal" <[EMAIL PROTECTED]>
To: <freebsd@lists.enderunix.org>
Sent: 13 Eylül 2005 Salı 18:21
Subject: Re: [FreeBSD] PF + Transparan Proxy
> merhaba,
> Firewall makinesinde ftp-proxy uygulamasi 21. portu mu dinliyor?
> /etc/inetd.conf dosyasinda
> 127.0.0.1:8021 stream tcp nowait root
> /usr/libexec/ftp-proxy
> ftp-proxy -n -t 300
> seklinde bir satir varsa onundeki # kaldirin , inetd'yi yeniden
> baslatin
> ve
> rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 21
> satirini
>
> rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port
> 8021
> haline getirin. Bu arada kurallar tam degil sanirim zira
> gonderdiginiz
> kurallara gore kullanicilarin internete erisimi de olmamali. rdr ve
> nat kurallari icin gecis izni gozukmuyor..
>
>
> Bir onceki gonderdigim maildeki kurali da eklemeniz gerekmekte...
> 13.09.2005 tarihinde KEMAL FIRAT <[EMAIL PROTECTED]> yazmış:
>> Merhabalar,
>>
>> Internet baglantimi bu server uzerinden yaptigim zaman ftp
>> sitelerine
>> baglanamiyorum.Gelen hata ekrani proxy'den gelmiyor.Firewall'a
>> takiliyorum.
>> rc.conf dosyasinin icerigi asagida.
>>
>> Tesekkur ederim......
>>
>> int_if = "re0"
>> ext_if = "re1"
>> nat on $ext_if from $lan_net to any -> ($ext_if)
>> rdr on $int_if proto tcp from any to any port www -> 127.0.0.1 port
>> 8080
>> #
>> Transparent Proxy
>> rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port
>> 21
>> block in on $ext_if all
>> block in log-all on $ext_if
>> pass out on $ext_if proto tcp from any to any flags S/SA modulate
>> state
>> pass out on $ext_if proto { udp, icmp } from any to any keep state
>>
>>
>> ----- Original Message -----
>> From: "Huzeyfe Onal" <[EMAIL PROTECTED]>
>> To: <freebsd@lists.enderunix.org>
>> Sent: 09 Eylül 2005 Cuma 17:46
>> Subject: Re: [FreeBSD] PF + Transparan Proxy
>>
>>
>> > merhaba,
>> > ipucu tam olarak aciklamiyor olayi. Sadece passive ftp durumu icin
>> > gecerli oradaki cozum. Aktif ftp icin ftp sunucununda ters bir
>> > baglanti olusturmasi gerekiyor. Aktif ftp'nin de calisabilmesi
>> > icin
>> > asagidaki kurali uygun bir sekilde ekleyin
>> >
>> > pass in on $ext_if inet proto tcp from port 20 to ($ext_if) \
>> > user proxy flags S/SA keep state
>> >
>> > ps: kurallarinizi gonderebilirseniz daha hizli cozum bulma
>> > sansimiz
>> > olur
>> >
>> >
>> > 09.09.2005 tarihinde KEMAL FIRAT <[EMAIL PROTECTED]>
>> > yazmış:
>> >> Huzeyfe Bey aslinda sizin ipucunuda denedim fakat calistiramadim.
>> >> Serverin FreeBSD olmasi bir sorun yaratirmi, ipucu OpenBSD icin
>> >> girilmis
>> >> oldugu icin ilk denemede calistiramayinca vazgecmistim.
>> >>
>> >> ----- Original Message -----
>> >> From: "Huzeyfe Onal" <[EMAIL PROTECTED]>
>> >> To: <freebsd@lists.enderunix.org>
>> >> Sent: 09 Eylül 2005 Cuma 17:04
>> >> Subject: Re: [FreeBSD] PF + Transparan Proxy
>> >>
>> >>
>> >> > merhaba,
>> >> > ftp icin squid kullanmayin. OpenBSD ile birlikte gelen
>> >> > ftp-proxy
>> >> > uygulamasini kullanmayi deneyin. ftp-proxy kullanimi icin
>> >> > http://ipucu.enderunix.org/view.php?id=601&lang=tr adresine
>> >> > bakabilirsiniz.
>> >> >
>> >> > 09.09.2005 tarihinde KEMAL FIRAT <[EMAIL PROTECTED]>
>> >> > yazmış:
>> >> >>
>> >> >> Hazir soru sormaya baslamisken bir soru daha....
>> >> >> Umarim biraz onceki gibi dikkatsizligimden(2 gundur bununla
>> >> >> ugrasiyordum)
>> >> >> kaynaklanmiyordur.
>> >> >>
>> >> >> Pf ve Transparan proxy kurulu serverim uzerinden disariya ftp
>> >> >> portundan
>> >> >> baglanti saglayamadim.
>> >> >> pf.conf 'tan www portlarini proxynin 8080 nolu portuna
>> >> >> yonlendirdim
>> >> >> internet
>> >> >> baglantisinda bir sorun yok.Fakat ftp portunu yonlendirdigimde
>> >> >> squid.conf'ta
>> >> >> Safe port listesinde olmasina ragmen disari cikamiyorum.
>> >> >>
>> >> >> # pf.conf nat rules
>> >> >> nat on $ext_if from $lan_net to any -> ($ext_if)
>> >> >> rdr on $int_if proto tcp from any to any port www -> 127.0.0.1
>> >> >> port
>> >> >> 8080
>> >> >> rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1
>> >> >> port
>> >> >> 21
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >> > --
>> >> > Huzeyfe ÖNAL
>> >> > ---
>> >> > First Turkish Qmail book is out! Go check it.
>> >> > Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti.
>> >> > http://www.acikakademi.com/catalog/qmail/
>> >> >
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> Cikmak icin, e-mail: [EMAIL PROTECTED]
>> >> Liste arsivi: http://lists.enderunix.org
>> >> Turkiye'nin ilk FreeBSD kitabi:
>> >> http://www.acikakademi.com/freebsd.php
>> >>
>> >>
>> >>
>> >
>> >
>> > --
>> > Huzeyfe ÖNAL
>> > ---
>> > First Turkish Qmail book is out! Go check it.
>> > Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti.
>> > http://www.acikakademi.com/catalog/qmail/
>> >
>>
>>
>> ---------------------------------------------------------------------
>> Cikmak icin, e-mail: [EMAIL PROTECTED]
>> Liste arsivi: http://lists.enderunix.org
>> Turkiye'nin ilk FreeBSD kitabi:
>> http://www.acikakademi.com/freebsd.php
>>
>>
>>
>
>
> --
> Huzeyfe ÖNAL
> ---
> First Turkish Qmail book is out! Go check it.
> Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti.
> http://www.acikakademi.com/catalog/qmail/
>
---------------------------------------------------------------------
Cikmak icin, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://lists.enderunix.org
Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php