Huzeyfe Bey, Biraz araya giriyorum ozur dilerim. Bu aralar ben de bu tip bir yapi ile ugrasiyorum. Ozellikle NAT ve rdr ile ilgili bir hayli ugrastim. Ustteki kuralin alttaki kurala baskin oldugunu soylemissiniz bu aklima takildi. Bana mantikli ve calismasi gereken kurallar gibi geliyor. Dusunce sistematiginde bir hata mi yapiyorum diye merak ettim.
Saygilarimla.. --- Huzeyfe Onal <[EMAIL PROTECTED]> wrote: > Isletim sisteminiz/surumu ne? PF'in bugi olabilir > belki. > > yazdiginiz iki nat kuralindan ustteki kural alttaki > kurala baskin oldugu > icin ikinci nat kurali islemez. > > > > On 11/27/06, Muammer Dogan <[EMAIL PROTECTED]> > wrote: > > > > No nat kuralini uste yazdigimda makina > kilitleniyor ve cihazi kapatip > > acmak zorunda kaliyorum. > > > > > > ------------------------------ > > > > *From:* Huzeyfe Onal > [mailto:[EMAIL PROTECTED] > > *Sent:* 27 Kasým 2006 Pazartesi 16:18 > > *To:* freebsd@lists.enderunix.org > > *Subject:* Re: [FreeBSD] FW: pf prob. > > > > > > > > merhabalar, > > > > PF'de NAT kurallarinin isleyis sirasi yukaridan > asagiya dogrudur. Dolayisi > > ile no nat kuralini daha one yazmamiz gerekir. > > > > On 11/27/06, *Muammer Dogan* > <[EMAIL PROTECTED]> wrote: > > > > Merhaba > > > > > > > > Merhaba asagidaki gibi bir yapiya > sahibim ipfw kullaniyorum ama > > pf'e gecmek istiyorum. Localde bulunan serverlarim > LL uzerinden farkli > > iplerle natlanarak internete cikiyor. Asagidaki > kurallar ile pf'i aktif > > ettigimde tum makinalar sorunsuz internete > cikiyor. Fakat server gurubundaki > > makinalar dogru olarak route edilmesine ragmen > natlanarak route edildiginden > > sorunlar cikiyor. "no nat" satirinda yada > kurallarda bir yanlislik yapiyor > > olabilirmiyim. Boyle bir system icin sizinde > tavsiyelerinizi almak isterim. > > Yardimlariniz icin simdiden tesekkurler, > > > > > > > > > > > > Iyi calismalar > > > > Muammer > > > > > > > > > > > > > > > > 10.11.1.3 Adsl ----------| > > > > | > 10.11.1.5 > > > > |----------------| > FreeBSD > > |------------------ LAN 192.168.0.0/24 > > > > | > 192.168.0.5 > > > > 10.11.1.4 LL -------------| > > > > > > > > > > > > > > > > > > > > > > > > > ################################################### > > > > > > > > ext_if="bge0" > > > > int_if="vr0" > > > > ext_ip="10.11.1.5 " > > > > int_ip=" 192.168.0.5" > > > > lan_net=" 192.168.0.0/24" > > > > > > > > LL="10.11.1.4 " > > > > UsR="10.11.1.3 " > > > > > > > > SERVERS="{ 192.168.0.11, 192.168.0.30, > 192.168.0.31, 192.168.0.33, > > 192.168.0.114/28, 192.168.0.137, 192.168.0.140, > 192.168.0.141}" > > > > > > > > > > > > set limit { frags 30000, states 25000 } > > > > set loginterface $ext_if > > > > scrub in all > > > > > > > > nat on $ext_if from $lan_net to any -> ($ext_if) > > > > no nat on $ext_if from $SERVERS to any > > > > ################################## > > > > > > pass in on $int_if from $lan_net to any > > > > pass out on $int_if from any to $lan_net > > > > > > > > pass in quick on $int_if from $lan_net to $int_if > > > > > > > > pass in on $int_if route-to ($ext_if $LL) proto > tcp from $SERVERS to any > > flags S/SA modulate state > > > > pass in on $int_if route-to ($ext_if $LL) proto { > udp, icmp} from $SERVERS > > to any keep state > > > > > > > > ############################ > > > > pass in on $ext_if all > > > > pass out on $ext_if all > > > > #block in on $ext_if all > > > > > > > > pass out on $ext_if proto tcp from any to any > flags S/SA modulate state > > > > pass out on $ext_if proto { udp, icmp } from any > to any keep state > > > > > > > > pass in on $ext_if proto tcp from any to $ext_ip > port {22, 80, 1723} flags > > S/SA modulate state #ssh, www, vpn > > > > pass in on $ext_if proto icmp from any to $ext_ip > keep state > > > > pass in on $ext_if proto tcp from any to > 192.168.0.141 port {25, 110, 80} > > flags S/SA modulate state > > > > > > > > > > > > > > > > > > -- > > Huzeyfe ÖNAL > > EnderUnix Core Team Member > > [EMAIL PROTECTED] > === message truncated === ____________________________________________________________________________________ Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com --------------------------------------------------------------------- Cikmak icin, e-mail: [EMAIL PROTECTED] Liste arsivi: http://lists.enderunix.org Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php
