Arkadaslar Merhaba,
daha öncede listede konu hakkinda sorularim olmustu ama hala çözemedigim bir
kaç durumu
sizlerle paylasmak istedim.
bir sunucu üzerinde hem proxy hemde mail server kurulu ve çalisir durumda.
simdi benim
yapmak istedigim ise bu sunucuda 2 adet dsl takill durumda packet filterla mail
sunucumun
mailleri gönderirken ve mailleri alirken adsl1 üzerinden
haberlessin,kullanicilariminda
internete çikarken veya baska kaynaklara ulasirkende adsl2 yi kullanmasin
istiyorum.
buna görede pf.conf umu düzenledim.bu noktada su sorunlarla karsilasiyorum
birincisi
disaridan mail sunucusuna telnet le baglanmaya çalistigimda baglanmiyor
loglarda ise pass
olarak görebiliyorum ama ayni sekilde sunucuma sshla baglandigimda adsl2
üzerinden hiçbir
problem yok adsl1 üzerinden 25,110 sunucuya yönlendirilmis durumda acaba gözden
kacirdigim veya bilmedigim bir seylerlemi var kural tablom asagidaki gibidir.
###################################################
# Macros
###################################################
lan_net = "{ 10.0.0.0/24, 10.0.2.0/24, 10.0.3.0/24, 10.0.4.0/24 }"
int_if = "bge0"
ext_if = "vr0"
ext_if2 = "vr1"
ext_gw1 = "192.168.100.213" (Proxy için)
ext_gw2 = "192.168.110.25" (Mail Trafigi için)
fwips = "{127.0.0.1, 10.0.0.2, 192.168.100.212, 192.168.110.26}"
##################################################
#Tanimlar
##################################################
table <msn> persist file "/usr/local/etc/fw/msn"
table <ftp> persist file "/usr/local/etc/fw/ftp"
###################################################
# Set Optimizations
###################################################
set limit { frags 30000, states 25000 }
set loginterface $ext_if
scrub in all
##################################################
#Nat Kurallari
##################################################
nat on $ext_if from $lan_net to any -> ($ext_if)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)
rdr on $int_if proto tcp from any to any port 80 -> 10.0.0.2 port 8080
##################################################
#Kurallar
##################################################
block in log-all all
block out log-all all
pass in quick on lo0 all
pass out quick on lo0 all
##################################################
#Route-to
##################################################
pass in on $int_if route-to { ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) }
round-robin from $lan_net to any keep state
pass out on $ext_if route-to ($ext_if2 $ext_gw2) from $ext_if2 to any keep
state
pass out on $ext_if2 route-to ($ext_if $ext_gw1) from $ext_if to any keep state
##################################################
#Port Bazli Routing
##################################################
pass out quick on $ext_if route-to ($ext_if2 $ext_gw2) proto tcp from $fwips
to any port 25 keep state
pass out quick on $ext_if2 proto tcp from $fwips to any port 25 keep state
pass in quick log on $int_if route-to ($ext_if2 $ext_gw2) proto tcp from
$lan_net to any port 25 keep state
##################################################
# Firewalla izin veriliyor ç?k??lar
##################################################
pass out quick on $ext_if proto {tcp,udp} from $fwips to any keep state
pass out quick on $ext_if2 proto {tcp,udp} from $fwips to any keep state
##################################################
#Lan_net ten Firewalla izin verilen Portlar
##################################################
pass in quick on $int_if proto tcp from $lan_net to any port {
22,25,80,110,8080,12200,443,444,53 } flags S/SA keep state
pass in quick on $int_if proto tcp from <msn> to any port = 1863 flags S/SA
keep state
pass in quick on $int_if proto tcp from <ftp> to any port = 21 flags S/SA keep
state
pass in quick on $int_if proto { udp, icmp } from $lan_net to any keep state
##################################################
#Ext_if2 Uzerinden Gelisler
##################################################
pass in quick log on $ext_if2 proto tcp from any to any port {25,80,110,53}
flags S/SA keep state
##################################################
#Ext_if Uzerinden Gelisler
##################################################
pass in quick log on $ext_if proto tcp from any to any port = 22 flags S/SA
keep state
