kurallariniz gayet normal, gerci hicbir istek bloklanmamis ama beklediginiz calismanin olmasi gerekiyor. Acaba bu firewallun onunde baska filtreleme yapan bir cihaz var mi? Firewall'in dis bacagini dinlediginizde(tcpdump) SMTP vs isteklerini gorebiliyor musunuz?
Pf ornek configurasyondan duzenlemey calistim <foo> degistirmeyi unutmusum oyle kalmis… configurasyonu da ekte gonderiyorum..
From: Huzeyfe Onal [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 23, 2006 2:23 PM
To: freebsd@lists.enderunix.org
Subject: Re: [FreeBSD] IPFW-NAT-FWD
Merhaba,
pass in on fxp0 proto tcp from any to <foo> port = http keep state
pass in on fxp0 proto udp from any to <foo> port = http keep state
kurallarindaki foo'lar nedir? tum kural aileniz bu mu? ek olarak pass/block li kurallara mutlaka log ekeyin ki problem ciktiginde hangi kuraldan dolayi cikiyor gorebiliriz.
2006/2/23, Abdullah OZTURK < [EMAIL PROTECTED]>:
Huzeyfe bey,
Sozunuzu tutup PF kurdum nat ve transparan squid gayet guzel calismakta RDR yonlendirme calismiyor… lutfen yardim….
pfctl –sa kismi sonucu asagidaki gibidir..
nat on fxp0 inet from 192.0.0.0/8 to any -> (fxp0) round-robin
rdr on fxp0 inet proto tcp from any to x.x.x.x port = smtp -> 192.168.1.2 port 25
rdr on fxp0 inet proto tcp from any to x.x.x.x port = pop3 -> 192.168.1.2 port 110
rdr on rl0 inet proto tcp from 192.168.1.0/24 to any port = http -> 127.0.0.1 port 3128
FILTER RULES:
pass in on rl0 inet proto tcp from any to 127.0.0.1 port = 3128 keep state
pass out on fxp0 inet proto tcp from any to any port = http keep state
pass in on fxp0 inet proto tcp from any to any port = smtp keep state
pass in on fxp0 proto tcp from any to <foo> port = http keep state
pass in on fxp0 proto udp from any to <foo> port = http keep state
From: Huzeyfe Onal [mailto: [EMAIL PROTECTED]]
Sent: Wednesday, February 08, 2006 10:31 AM
To: freebsd@lists.enderunix.org
Subject: Re: [FreeBSD] IPFW-NAT-FWD
Merhaba,
bence bu kadar ugrasi yerin bir adet PF(Packet Filter ) kurun, hem siz rahat edin hem FreeBSD makineniz rahat etsin ;-). Kurallarini yazmak da bu kadar karmasik ve uzun surmez2006/2/7, Abdullah OZTURK < [EMAIL PROTECTED]>:
Arkadaslar frebsd gonuldaslari mail server a yonlendirme isini bir turlu cozemedim 4.3 de normal calisan conf 6.0 da yukledim calismadi nat ve ipfwde conf larindan baska bir ayar mi var acaba
Rc.conf
…..
firewall_enable="YES"
firewall_type="/etc/ipfw/ipfw.conf"
#firewall_script="/etc/rc.firewall"
firewall_quiet="NO"
firewall_logging_enable="YES"
natd_enable="YES"
natd_interface="fxp0"
natd_flags="-f /etc/ipfw/natd.conf"
…..
ipfw.conf
add 00020 divert 8668 ip from any to any via fxp0
add 00021 pipe 1 ip from any to 192.168.1.128/25 out via rl0
pipe 1 config bw 200kbit/s
add 00022 fwd 192.168.1.2,25 tcp from any to any 25 in recv fxp0
add 00023 fwd 192.168.1.2,110 tcp from any to any 110 in recv fxp0
…..
…..
natd.conf
use_sockets
same_ports
interface fxp0
redirect_port tcp 192.168.1.2:25 25
redirect_port tcp 192.168.1.2:110 110
dynamic
--
Huzeyfe ÖNAL
---
First Turkish Qmail book is out! Go check it.
Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti.
http://www.acikakademi.com/catalog/qmail/
--
Huzeyfe ÖNAL
---
First Turkish Qmail book is out! Go check it.
Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti.
http://www.acikakademi.com/catalog/qmail/
---------------------------------------------------------------------
Cikmak icin, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://lists.enderunix.org
Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php
--
Huzeyfe ÖNAL
---
First Turkish Qmail book is out! Go check it.
Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti.
http://www.acikakademi.com/catalog/qmail/
