[FreeBSD] Clamav Dansguardian
mrb, freebsd 6.2 sistem üzerine squid 2.6.9 clamav 0.90 ve dansguardian 2.9.8.2 kurmaya çalisiyorum squid ve clamavi kurdum problemsiz olarak çalisiyor fakat dansguardiani enable clamd ve Enable ClamAV library support (libclamav) seklinde kurmaya çalistigimda asagidaki hatayi aliyorum. yanliz enable clamd seklinde kurarsam bir problem yok enable clamav library de eklersem hata aliyorum. contentscanners/clamav.cpp: In member function `virtual int clamavinstance::init(void*)': contentscanners/clamav.cpp:275: error: `cl_loaddbdir' was not declared in this scope *** Error code 1 Stop in /usr/ports/www/dansguardian-devel/work/dansguardian-2.9.8.2/src. *** Error code 1 Stop in /usr/ports/www/dansguardian-devel/work/dansguardian-2.9.8.2. *** Error code 1 Stop in /usr/ports/www/dansguardian-devel/work/dansguardian-2.9.8.2. *** Error code 1 Stop in /usr/ports/www/dansguardian-devel. *** Error code 1 Stop in /usr/ports/www/dansguardian-devel. saygilar veysi gümüs
[FreeBSD] Clamav 0.90 Rar uzantili dosyalar
Mrb, Freebsd 6.1 üzerine kurulu squid dansguardian clamav la calisan bir sistemde bundan 1 kac gun once clamav in versiyonunu 0.87 den 0.90.2 yukseltim simdi rar uzantili dosyalari dansguardian indirmeye clistigimda loglarda WARNING: Could not perform virus scan! clamav.log da ise/tmp/tfgFDYv4: Not supported data format ERROR gibi hatalar aliyorum bundan onceki clamav 0.87 rar uzantili dosyalari indiriken problem yoktu clamav calisiyor durumda Saygilar Veysi
Re: [FreeBSD] port bazli routing
mrb, dediğiniz gibi firewall kurallarını düzenledim.ic agdan disaridaki bir mail serverin 25. portuna baglanabiliyorum.bu seferde ic agdan firewall makinemin,mail server ikiside ayni makine 25.portuna baglanamiyorum ve firewall makinem uzerinden disaridaki bir mailserver a baglandigimda log kardan pass out olarak görebiliyorum fakat baglanamiyorum. saygilar - Original Message - From: Huzeyfe Onal To: freebsd@lists.enderunix.org Sent: Monday, November 13, 2006 10:40 AM Subject: Re: [FreeBSD] port bazli routing Merhabalar, *** pass in log on $int_if route-to \ { ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto tcp from $fwips to any flags S/SA modulate state pass in log on $int_if route-to \ { ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto { udp, icmp } from $fwips to any keep state pass in quick log on $int_if route-to ($ext_if2 $ext_gw2) proto tcp from $fwips to any port 25 keep state bu kurallarin bir islevi yok silebilirsiniz. $fwip'lerinden int_if uzerine herhangi bir paket gelmez. #Port Bazli Routing kismina "sadece "asagidaki kurallari eklerseniz calisacaktir. pass out quick on $ext_if route-to ($ext_if2 $ext_gw2) proto tcp from $fwips to any port 25 keep state pass out quick on $ext_if2proto tcp from $fwips to any port 25 keep state pass in quick log on $int_if route-to ($ext_if2 $ext_gw2) proto tcp from $lan_net to any port 25 keep state loglarda gorunen bloklar pfsync'den kaynaklaniyor . ifconfig pfsync0 down komutu ile pfsync arabirimini kapatabilirsiniz. On 11/13/06, Veysi Gümüs [EMAIL PROTECTED] wrote: mrb; evet iç ag kullanicilarini ve mail serverimdan disari giden smtp isteklerini istedigim interface den gecirmek. - Original Message - From: Huzeyfe Onal To: freebsd@lists.enderunix.org Sent: Sunday, November 12, 2006 1:35 PM Subject: Re: [FreeBSD] port bazli routing merhaba, yapmak istediginiz tam olarak ney? Ic ag kullanicilarinin disaridaki smtp sunucuya baglantilarini mi baska interface uzerinden cikarmaya calisiyorsunuz yoksa mail sunucudan giden istekleri mi yonlendirmek istiyorsunuz? iyi calismalar... On 11/11/06, Veysi Gümüs [EMAIL PROTECTED] wrote: Mrb, PF port bazinda routing yapmak istiyorum.yazmis oldugum kurallarda ise hala default gw den cikmaya calisiyor. 25 port giden isteklerimi su interfaceden cikmasini istyorum.yazmis oldugum kurallarda nasil bir yanlislik yapmis olabilirim. ikinci bir sorun ise pflog da surekli bir blocklama var neyi blocklamaya calistigini bulamadim.kurallar ve logtaki block satirlariniasagi satirlarda yazdim Saygilar Veysi GUMUS Macros###lan_net = "{ 10.0.0.0/24, 10.0.2.0/24, 10.0.3.0/24, 10.0.4.0/24 }"int_if = "bge0"ext_if = "vr0"ext_if2 = "vr1" ext_gw1 = "192.168.100.213"ext_gw2 = " 192.168.110.25"fwips = "{127.0.0.1, 10.0.0.2, 192.168.100.212, 192.168.110.26}"###Tanimlar##table msn persist file "/usr/local/etc/fw/msn"table kamera persist file "/usr/local/etc/fw/kamera" table ftp persist file "/usr/local/etc/fw/ftp"table sigorta persist file "/usr/local/etc/fw/sigorta"table banka persist file "/usr/local/etc/fw/banka"table fbs persist file "/usr/local/etc/fw/fbs" Set Optimizations###set limit { frags 3, states 25000 }set loginterface $ext_ifscrub in all ###Nat Kurallari##nat on $ext_if from $lan_net to any - ($ext_if)nat on $ext_if2 from $lan_net to any - ($ext_if2) rdr on $int_if proto tcp from any to any port 80 - 10.0.0.2 port 8080 ###Firewall Kurallari## block in log all block out log allpass in quick on lo0 allpass out quick on lo0 all pass in log on $int_if route-to \ { ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-ro
Re: [FreeBSD] port bazli routing
mrb, dediğiniz gibi firewall kurallarını düzenledim.ic agdan disaridaki bir mail serverin 25. portuna baglanabiliyorum.bu seferde ic agdan firewall makinemin,mail server ikiside ayni makine 25.portuna baglanamiyorum ve firewall makinem uzerinden disaridaki bir mailserver a baglandigimda log kardan pass out olarak görebiliyorum fakat baglanamiyorum. saygilar - Original Message - From: Huzeyfe Onal To: freebsd@lists.enderunix.org Sent: Monday, November 13, 2006 10:40 AM Subject: Re: [FreeBSD] port bazli routing Merhabalar, *** pass in log on $int_if route-to \ { ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto tcp from $fwips to any flags S/SA modulate state pass in log on $int_if route-to \ { ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto { udp, icmp } from $fwips to any keep state pass in quick log on $int_if route-to ($ext_if2 $ext_gw2) proto tcp from $fwips to any port 25 keep state bu kurallarin bir islevi yok silebilirsiniz. $fwip'lerinden int_if uzerine herhangi bir paket gelmez. #Port Bazli Routing kismina "sadece "asagidaki kurallari eklerseniz calisacaktir. pass out quick on $ext_if route-to ($ext_if2 $ext_gw2) proto tcp from $fwips to any port 25 keep state pass out quick on $ext_if2proto tcp from $fwips to any port 25 keep state pass in quick log on $int_if route-to ($ext_if2 $ext_gw2) proto tcp from $lan_net to any port 25 keep state loglarda gorunen bloklar pfsync'den kaynaklaniyor . ifconfig pfsync0 down komutu ile pfsync arabirimini kapatabilirsiniz. On 11/13/06, Veysi Gümüs [EMAIL PROTECTED] wrote: mrb; evet iç ag kullanicilarini ve mail serverimdan disari giden smtp isteklerini istedigim interface den gecirmek. - Original Message - From: Huzeyfe Onal To: freebsd@lists.enderunix.org Sent: Sunday, November 12, 2006 1:35 PM Subject: Re: [FreeBSD] port bazli routing merhaba, yapmak istediginiz tam olarak ney? Ic ag kullanicilarinin disaridaki smtp sunucuya baglantilarini mi baska interface uzerinden cikarmaya calisiyorsunuz yoksa mail sunucudan giden istekleri mi yonlendirmek istiyorsunuz? iyi calismalar... On 11/11/06, Veysi Gümüs [EMAIL PROTECTED] wrote: Mrb, PF port bazinda routing yapmak istiyorum.yazmis oldugum kurallarda ise hala default gw den cikmaya calisiyor. 25 port giden isteklerimi su interfaceden cikmasini istyorum.yazmis oldugum kurallarda nasil bir yanlislik yapmis olabilirim. ikinci bir sorun ise pflog da surekli bir blocklama var neyi blocklamaya calistigini bulamadim.kurallar ve logtaki block satirlariniasagi satirlarda yazdim Saygilar Veysi GUMUS Macros###lan_net = "{ 10.0.0.0/24, 10.0.2.0/24, 10.0.3.0/24, 10.0.4.0/24 }"int_if = "bge0"ext_if = "vr0"ext_if2 = "vr1" ext_gw1 = "192.168.100.213"ext_gw2 = " 192.168.110.25"fwips = "{127.0.0.1, 10.0.0.2, 192.168.100.212, 192.168.110.26}"###Tanimlar##table msn persist file "/usr/local/etc/fw/msn"table kamera persist file "/usr/local/etc/fw/kamera" table ftp persist file "/usr/local/etc/fw/ftp"table sigorta persist file "/usr/local/etc/fw/sigorta"table banka persist file "/usr/local/etc/fw/banka"table fbs persist file "/usr/local/etc/fw/fbs" Set Optimizations###set limit { frags 3, states 25000 }set loginterface $ext_ifscrub in all ###Nat Kurallari##nat on $ext_if from $lan_net to any - ($ext_if)nat on $ext_if2 from $lan_net to any - ($ext_if2) rdr on $int_if proto tcp from any to any port 80 - 10.0.0.2 port 8080 ###Firewall Kurallari## block in log all block out log allpass in quick on lo0 allpass out quick on lo0 all pass in log on $int_if route-to \ { ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-ro
Re: [FreeBSD] port bazli routing
mrb; evet iç ag kullanicilarini ve mail serverimdan disari giden smtp isteklerini istedigim interface den gecirmek. - Original Message - From: Huzeyfe Onal To: freebsd@lists.enderunix.org Sent: Sunday, November 12, 2006 1:35 PM Subject: Re: [FreeBSD] port bazli routing merhaba, yapmak istediginiz tam olarak ney? Ic ag kullanicilarinin disaridaki smtp sunucuya baglantilarini mi baska interface uzerinden cikarmaya calisiyorsunuz yoksa mail sunucudan giden istekleri mi yonlendirmek istiyorsunuz? iyi calismalar... On 11/11/06, Veysi Gümüs [EMAIL PROTECTED] wrote: Mrb, PF port bazinda routing yapmak istiyorum.yazmis oldugum kurallarda ise hala default gw den cikmaya calisiyor. 25 port giden isteklerimi su interfaceden cikmasini istyorum.yazmis oldugum kurallarda nasil bir yanlislik yapmis olabilirim. ikinci bir sorun ise pflog da surekli bir blocklama var neyi blocklamaya calistigini bulamadim.kurallar ve logtaki block satirlariniasagi satirlarda yazdim Saygilar Veysi GUMUS Macros###lan_net = "{ 10.0.0.0/24, 10.0.2.0/24, 10.0.3.0/24, 10.0.4.0/24 }"int_if = "bge0"ext_if = "vr0"ext_if2 = "vr1" ext_gw1 = "192.168.100.213"ext_gw2 = " 192.168.110.25"fwips = "{127.0.0.1, 10.0.0.2, 192.168.100.212, 192.168.110.26}"###Tanimlar##table msn persist file "/usr/local/etc/fw/msn"table kamera persist file "/usr/local/etc/fw/kamera" table ftp persist file "/usr/local/etc/fw/ftp"table sigorta persist file "/usr/local/etc/fw/sigorta"table banka persist file "/usr/local/etc/fw/banka"table fbs persist file "/usr/local/etc/fw/fbs" Set Optimizations###set limit { frags 3, states 25000 }set loginterface $ext_ifscrub in all ###Nat Kurallari##nat on $ext_if from $lan_net to any - ($ext_if)nat on $ext_if2 from $lan_net to any - ($ext_if2) rdr on $int_if proto tcp from any to any port 80 - 10.0.0.2 port 8080 ###Firewall Kurallari## block in log all block out log allpass in quick on lo0 allpass out quick on lo0 all pass in log on $int_if route-to \ { ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto tcp from $fwips to any flags S/SA modulate state pass in log on $int_if route-to \ { ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto { udp, icmp } from $fwips to any keep state ###Port Bazli Routing## pass in quick log on $int_if route-to ($ext_if2 $ext_gw2) proto tcp from $fwips to any port 25 keep statepass out quick on $ext_if route-to ($ext_if2 $ext_gw2) proto tcp from $fwips to any port 25 keep state ###1.Adsl Uzerinden Gelisler##pass in quick log on $ext_if proto tcp from any to any port = 22 flags S/SApass out quick on $ext_if proto { tcp, udp, icmp } from $ext_if to any keep statepass out on $ext_if2 route-to ($ext_if $ext_gw1) from $ext_if to any keep state ###2.Adsl Uzerinden Gelisler##pass in quick log on $ext_if2 proto tcp from any to any port {25,80,110} flags S/SA pass out quick on $ext_if2 proto { tcp, udp, icmp } from $ext_if2 to any keep statepass out on $ext_if route-to ($ext_if2 $ext_gw2) from $ext_if2 to any keep state## #Localden Firewall Gelisler##pass in quick log on $int_if proto tcp from $lan_net to any port { 22, 25, 80, 110, 8080, 3128, 12200 } flags S/SA keep statepass in quick log on $int_if proto tcp from msn to any port = 1863 flags S/SA keep state pass in quick log on $int_if proto tcp from kamera to any port = 18082 flags S/SA keep statepass in quick log on $int_if proto tcp from sigorta to any port = 12173 flags S/SA keep statepass in quick log on $int_if proto tcp from banka to any port = 443 flags S/SA
[FreeBSD] port bazli routing
Mrb, PF port bazinda routing yapmak istiyorum.yazmis oldugum kurallarda ise hala default gw den cikmaya calisiyor. 25 port giden isteklerimi su interfaceden cikmasini istyorum.yazmis oldugum kurallarda nasil bir yanlislik yapmis olabilirim. ikinci bir sorun ise pflog da surekli bir blocklama var neyi blocklamaya calistigini bulamadim.kurallar ve logtaki block satirlariniasagi satirlarda yazdim Saygilar Veysi GUMUS Macros###lan_net = "{ 10.0.0.0/24, 10.0.2.0/24, 10.0.3.0/24, 10.0.4.0/24 }"int_if = "bge0"ext_if = "vr0"ext_if2 = "vr1"ext_gw1 = "192.168.100.213"ext_gw2 = "192.168.110.25"fwips = "{127.0.0.1, 10.0.0.2, 192.168.100.212, 192.168.110.26}"###Tanimlar##table msn persist file "/usr/local/etc/fw/msn"table kamera persist file "/usr/local/etc/fw/kamera"table ftp persist file "/usr/local/etc/fw/ftp"table sigorta persist file "/usr/local/etc/fw/sigorta"table banka persist file "/usr/local/etc/fw/banka"table fbs persist file "/usr/local/etc/fw/fbs" Set Optimizations###set limit { frags 3, states 25000 }set loginterface $ext_ifscrub in all ###Nat Kurallari##nat on $ext_if from $lan_net to any - ($ext_if)nat on $ext_if2 from $lan_net to any - ($ext_if2)rdr on $int_if proto tcp from any to any port 80 - 10.0.0.2 port 8080 ###Firewall Kurallari## block in log all block out log allpass in quick on lo0 allpass out quick on lo0 all pass in log on $int_if route-to \ { ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto tcp from $fwips to any flags S/SA modulate state pass in log on $int_if route-to \ { ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto { udp, icmp } from $fwips to any keep state ###Port Bazli Routing## pass in quick log on $int_if route-to ($ext_if2 $ext_gw2) proto tcp from $fwips to any port 25 keep statepass out quick on $ext_if route-to ($ext_if2 $ext_gw2) proto tcp from $fwips to any port 25 keep state ###1.Adsl Uzerinden Gelisler##pass in quick log on $ext_if proto tcp from any to any port = 22 flags S/SApass out quick on $ext_if proto { tcp, udp, icmp } from $ext_if to any keep statepass out on $ext_if2 route-to ($ext_if $ext_gw1) from $ext_if to any keep state ###2.Adsl Uzerinden Gelisler##pass in quick log on $ext_if2 proto tcp from any to any port {25,80,110} flags S/SApass out quick on $ext_if2 proto { tcp, udp, icmp } from $ext_if2 to any keep statepass out on $ext_if route-to ($ext_if2 $ext_gw2) from $ext_if2 to any keep state###Localden Firewall Gelisler##pass in quick log on $int_if proto tcp from $lan_net to any port { 22, 25, 80, 110, 8080, 3128, 12200 } flags S/SA keep statepass in quick log on $int_if proto tcp from msn to any port = 1863 flags S/SA keep statepass in quick log on $int_if proto tcp from kamera to any port = 18082 flags S/SA keep statepass in quick log on $int_if proto tcp from sigorta to any port = 12173 flags S/SA keep statepass in quick log on $int_if proto tcp from banka to any port = 443 flags S/SA keep state pass in quick log on $int_if proto tcp from fbs to any port = 33000 flags S/SA keep statepass in quick log on $int_if proto tcp from ftp to any port = 21 flags S/SA keep statepass in quick on $int_if proto { udp, icmp } from $lan_net to any keep state ###Firewalldan Gidisler##pass out quick log on $int_if proto tcp from $lan_net to any port { 22, 25, 80, 110, 8080, 12200 } flags S/SA keep statepass out quick log on $ext_if2 proto tcp from any to any port { 22, 25, 80, 110, 8080, 12200 } flags S/SA keep statepass out quick on $int_if proto { udp, icmp } from $lan_net to any keep state** log dosyasndaki blocklamalar sürekli tekrarliyor. tcpdump -eni pflog0 10:17:41.415182 rule 5/0(match): block out on vr0: 192.168.100.212 0.0.0.0: pfsync 45210:17:41.415190 rule 5/0(match): block out on vr0: 192.168.100.212 0.0.0.0: pfsync 22810:17:41.425677 rule 36/0(match): pass in on bge0: 10.0.0.21.3405
Re: [FreeBSD] freebsd pf
Huzeyfe mrb, yapmis oldugunuz yardimlardan dolayi tesekkur ederim.vermis oldugunuz bilgiler sayesinde suan firewall calisiyor.cok tesekkur ederim. Saygilar Veysi Gumus - Original Message - From: Huzeyfe Onal To: freebsd@lists.enderunix.org Sent: Saturday, November 04, 2006 11:00 AM Subject: Re: [FreeBSD] freebsd pf Merhaba,#1.Adsl Uzerinden Gelisler kismindaki pass out quick on $ext_if proto { udp, icmp } from $ext_if to any keep statekuralina tcp protokolunu de eklerseniz 1.baglantiya SSH yapabilirsiniz.pass out quick on $ext_if proto { tcp, udp, icmp } from $ext_if to any keep stateolmali kural..Ic agdan gelisler icin herhangibir kural yok. Asagidaki kurali eklersenz problem kalmayacaktir.pass in quick log on $int_if proto tcp from $lan_net to any port { 22, 25, 80, 110 } flags S/SA keep stateEk not: Kurallarinizdaki #Localden Firewall Gelisler kismi islevsiz gozukuyor. On 11/4/06, Veysi Gümüs [EMAIL PROTECTED] wrote: merhaba, kural tablomu soylediginiz yola gore yeniden duzenledim.disaridan 2.adsl uzerinden firewall makinaya 25,80,110 portlar acmistim problem olmadan ulasabiliyorum.fakat 1. adsl uzerinden ssh port acik olmasina ragmen ulasamiyorum.2.bir sorun ise kural taplosunu yukledigimde local makinelerden firewall makinesine ulasamiyorum 22 25 110 80 portlari kural tablosunda acmis durumdayim vermis oldugum rahatsizlik tan dolayida ozur dilerim.kural tablosunu en son halini tekrar asagiya yazdim saygilar. Macros###lan_net = "{ 10.0.0.0/24, 10.0.2.0/24 , 10.0.3.0/24, 10.0.4.0/24 }"int_if = "bge0"ext_if = "vr0"ext_if2 = "vr1"ext_gw1 = "192.168.100.213"ext_gw2 = " 192.168.110.25" ###Tanımlar##table msn persist file "/usr/local/etc/fw/msn"table kamera persist file "/usr/local/etc/fw/kamera"table ftp persist file "/usr/local/etc/fw/ftp"table sigorta persist file "/usr/local/etc/fw/sigorta"table banka persist file "/usr/local/etc/fw/banka" Set Optimizations###set limit { frags 3, states 25000 }set loginterface $ext_ifscrub in all ###Nat Kuralları##nat on $ext_if from $lan_net to any - ($ext_if)nat on $ext_if2 from $lan_net to any - ($ext_if2)rdr on $int_if proto tcp from any to any port 80 - 10.0.0.2 port 8080 ###Firewall Kuralları##block in allblock out allpass in on $int_if route-to \ { ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto tcp from $lan_net to any flags S/SA modulate state pass in on $int_if route-to \ { ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto { udp, icmp } from $lan_net to any keep state ###1.Adsl Uzerinden Gelisler##pass in quick log on $ext_if proto tcp from any to any port = 22 flags S/SApass out quick on $ext_if proto { udp, icmp } from $ext_if to any keep statepass out on $ext_if2 route-to ($ext_if $ext_gw1) from $ext_if to any keep state ###2.Adsl Uzerinden Gelisler##pass in quick log on $ext_if2 proto tcp from any to any port {25,80,110} flags S/SApass out quick on $ext_if2 proto { udp, icmp } from $ext_if2 to any keep statepass out on $ext_if route-to ($ext_if2 $ext_gw2) from $ext_if2 to any keep state ###Localden Firewall Gelisler##pass out quick log on $int_if proto tcp from msn to any port = 1863 flags S/SApass out quick log on $int_if proto tcp from kamera to any port = 18082 flags S/SApass out quick log on $int_if proto tcp from sigorta to any port = 12173 flags S/SApass out quick log on $int_if proto tcp from banka to any port = 443 flags S/SApass out quick log on $int_if proto tcp from ftp to any port = 21 flags S/SApass out quick log on $int_if proto tcp from any to any port { 22, 25, 80, 110 } flags S/SA - Original Message - From: Huzeyfe Onal To: freebsd@lists
Re: [FreeBSD] freebsd pf
Huzeyfe bey mrb, öncelikle yardimlariniz için tesekur ederim. freebsd ve pf'ye yeni başladigim için anlatmaya çalistiginiz olayı biraz daha detaylı anlatmanız mümkünmü ? kural dosyasinda bahsetmis oldugumuz kurallar yazili oldugu halde calismiyor pass out on $ext_if route-to ($ext_if2 $ext_gw2)from $ext_if2 to anypass out on $ext_if2 route-to ($ext_if $ext_gw1) from $ext_if to any saygilar... - Original Message - From: Huzeyfe Onal To: freebsd@lists.enderunix.org Sent: Friday, November 03, 2006 2:54 PM Subject: Re: [FreeBSD] freebsd pf Merhabalar,bahsettigim kural ic agdaki IP adresleri icin gecerli idi...Disaridan erisilememe problemi paketlerin diger hattan donmeye calismasindan kaynaklaniyor olabilir.Mesela disaridan ext2_if'ye gelen smtp paketleri geriye donerken default GWden gitmeye calisiyor, eger default GW ext2_if degilse calismamasi normal. Calismasi icin ext1_if'den gitmeye calisan cevaplari ext2_if'e yonlendirilmesi lazim. pass out quick on $ext_ifroute-to ($ext_if2 $ext_gw2)from $ext_if2 port 25 to any keep stateek olarak bu kural ailesi istediginiz isleri yapmak icin yeterli degil. Bastan olusturup adim adim yazmaniz daha iyi olur. On 11/3/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: evet smtp,pop,web,proxy firewall makine üzerinde çalışmakta ondan dolayırdr kuralı eklemedim söylediğiniz gibipass inquick on $int_if all kurallını iptal edip tekrar denedim fakatyinede ulaşamadım.saygılar-Cikmak icin, e-mail: [EMAIL PROTECTED]Liste arsivi: http://lists.enderunix.orgTurkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php-- Huzeyfe ÖNALEnderUnix Core Team Member[EMAIL PROTECTED]http://www.enderunix.org/huzeyfe+90 505 5260064---
[FreeBSD] Freebsd ve PF
Arkadalar mrb, Freebsd paket filter kullanarak internete cikiyoruz.Kullandigimiz sistemde 2 adsl mevcut 1. adsl uzerinden internet cikisini, 2. adsl üzerinden de mail trafii saglanmaktadir bizim sikintimiz ise pfde butun portlari blockladimizin vermis oldugumuz ipleri istedigimiz portu kullansin fakat asagida belirtmis oldugum kurallara gore herkes heryere girip cikabiliyor.Acaba nerde bir yanlislik yapmis olabilirim.kurallarin listesi asagida verilmistir. Saygilar Veysi GUMUS ### # Macros ### lan_net = "10.0.0.0/24" lan2_net = "10.0.2.0/24" lan3_net = "10.0.3.0/24" lan4_net = "10.0.4.0/24" int_if = "bge0" ext_if = "vr0" ext_if2 = "vr1" ext_gw1 = "192.168.100.213" nternet Saladmz ADSL ext_gw2 = "192.168.110.25" MAIL ALIP VERDIGIMIZ ADSL ## #Tanmlar ## table msn persist file "/usr/local/etc/fw/msn" table kamera persist file "/usr/local/etc/fw/kamera" table ftp persist file "/usr/local/etc/fw/ftp" table sigorta persist file "/usr/local/etc/fw/sigorta" table banka persist file "/usr/local/etc/fw/banka" ### # Set Optimizations ### set limit { frags 3, states 25000 } set loginterface $ext_if scrub in all ## #Nat Kurallar ## nat on $ext_if from $lan_net to any - ($ext_if) nat on $ext_if from $lan2_net to any - ($ext_if) nat on $ext_if from $lan3_net to any - ($ext_if) nat on $ext_if from $lan4_net to any - ($ext_if) nat on $ext_if2 from $lan_net to any - ($ext_if2) nat on $ext_if2 from $lan2_net to any - ($ext_if2) nat on $ext_if2 from $lan3_net to any - ($ext_if2) nat on $ext_if2 from $lan4_net to any - ($ext_if2) rdr on $int_if proto tcp from any to any port 80 - 10.0.0.2 port 8080 ## #Firewall Kurallar ## block in all block out all pass in quick on lo0 all pass out quick on lo0 all pass in quick on $int_if inet all pass out quick on $int_if inet all pass in on $int_if route-to \ { ($ext_if $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto tcp from $lan_net to any flags S/SA modulate state pass in on $int_if route-to \ { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto { udp, icmp } from $lan_net to any keep state pass out quick on $ext_if proto { udp, icmp } from any to any keep state pass out quick on $ext_if2 proto { udp, icmp } from any to any keep state pass out quick log on $ext_if proto tcp from msn to any port = 1863 flags S/SA pass out quick log on $ext_if proto tcp from kamera to any port = 18082 flags S/SA pass out quick log on $ext_if proto tcp from sigorta to any port = 12173 flags S/SA pass out quick log on $ext_if proto tcp from banka to any port = 443 flags S/SA pass out quick log on $ext_if proto tcp from ftp to any port = 21 flags S/SA pass in quick log on $ext_if proto tcp from any to any port = 22 flags S/SA pass in quick log on $ext_if2 proto tcp from any to any port = 25 flags S/SA pass in quick log on $ext_if2 proto tcp from any to any port = 110 flags S/SA pass out quick log on $ext_if2 proto tcp from any to any port = 25 flags S/SA pass out quick log on $ext_if2 proto tcp from any to any port = 110 flags S/SA pass out on $ext_if route-to ($ext_if2 $ext_gw2)from $ext_if2 to any pass out on $ext_if2 route-to ($ext_if $ext_gw1) from $ext_if to any
[FreeBSD] pf
Arkadalar mrb, paket filter yazlmyla örnek msnde [EMAIL PROTECTED] msn kullansn [EMAIL PROTECTED] bu kullanc kullanmasn gibi tanmlar yapabiliyormuyuz. Veysi
[FreeBSD] ipfilter 3 ethernet
Arkadalar Mrb,Freebsd yüklü olan bir sistemde 3 adet ethernet kart bulunmaktadr.Bunlar (Adsl1--Vr0)+(Adsl2Vr1)+(ç A-Bgeo) Localdeki Makinelerin nternet Çkn Adsl1 yapyorum.Mail gidi/geliide Adsl2 üzerinden salanmaktadr.ben dardan adsl1 e ssh ve 80 portuna balanabiliyorum.sorun ise adsl2 üzerinde 80.veya herhangi bir porta balanmaya çaltmda ise içeri giremiyorum.ipmonla loglar kontrol ettiimde ise adsl2 nin bal olduu vr1 ethernetine kadar gelebiliyorum fakat ssh veya web dardan çalmyor.vr0 üzerinden geldiimde ise hiçbir problemim yok.aada rule ve nat tablomu bulunmaktadr.yardmc olacak arkadalara imdiden teekkür ederim.Veysi Gümüipf.rulespass in quick on bge0 allpass out quick on bge0 allpass in on vr0 allpass out on vr0 allpass in on vr1 allpass out on vr1 all
[FreeBSD] ipfilter 3 ethernet
Arkadaşlar Mrb,Freebsd yüklü olan bir sistemde 3 adet ethernet kartı bulunmaktadır.Bunlar (Adsl1--Vr0)+(Adsl2Vr1)+(İç Ağ-Bgeo) Localdeki Makinelerin İnternet Çıkışını Adsl1 yapıyorum.Mail gidiş/gelişide Adsl2 üzerinden sağlanmaktadır.ben dışarıdan adsl1 e ssh ve 80 portuna bağlanabiliyorum.sorun ise adsl2 üzerinde 80.veya herhangi bir porta bağlanmaya çalıştığımda ise içeri giremiyorum.ipmonla logları kontrol ettiğimde ise adsl2 nin bağlı olduğu vr1 ethernetine kadar gelebiliyorum fakat ssh veya web dışarıdan çalışmıyor.vr0 üzerinden geldiğimde ise hiçbir problemim yok.aşağıda rule ve nat tablomu bulunmaktadır.yardımcı olacak arkadaşlara şimdiden teşekkür ederim.Veysi Gümüşipf.rulespass in quick on bge0 allpass out quick on bge0 allpass in on vr0 allpass out on vr0 allpass in on vr1 allpass out on vr1 all
Re: [FreeBSD] ipfilter 3 ethernet
mrb, evet adls 1 default gateway im - Original Message - From: Muammer Dogan To: freebsd@lists.enderunix.org Sent: Wednesday, October 18, 2006 11:04 AM Subject: RE: [FreeBSD] ipfilter 3 ethernet Saniyorum default gateway adsl1 olmasi sebebiyle boyle bir sorun yasiyor olabilirsin. From: Veysi Gümüs [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 18, 2006 10:51 AMTo: freebsd@lists.enderunix.orgSubject: [FreeBSD] ipfilter 3 ethernet Arkadaşlar Mrb,Freebsd yüklü olan bir sistemde 3 adet ethernet kartı bulunmaktadır.Bunlar (Adsl1--Vr0)+(Adsl2Vr1)+(İç Ağ-Bgeo) Localdeki Makinelerin İnternet Çıkışını Adsl1 yapıyorum.Mail gidiş/gelişide Adsl2 üzerinden sağlanmaktadır.ben dışarıdan adsl1 e ssh ve 80 portuna bağlanabiliyorum.sorun ise adsl2 üzerinde 80.veya herhangi bir porta bağlanmaya çalıştığımda ise içeri giremiyorum.ipmonla logları kontrol ettiğimde ise adsl2 nin bağlı olduğu vr1 ethernetine kadar gelebiliyorum fakat ssh veya web dışarıdan çalışmıyor.vr0 üzerinden geldiğimde ise hiçbir problemim yok.aşağıda rule ve nat tablomu bulunmaktadır.yardımcı olacak arkadaşlara şimdiden teşekkür ederim.Veysi Gümüşipf.rulespass in quick on bge0 allpass out quick on bge0 allpass in on vr0 allpass out on vr0 allpass in on vr1 allpass out on vr1 all__ NOD32 1.1808 (20061017) Information __This message was checked by NOD32 antivirus system.http://www.eset.com