IPF + SQUID

pese27 at mysun.com pese27 at mysun.com
Tue Jul 10 18:13:20 CEST 2001


Takze sa opsravedlnujem a tentokrat naostro.
Predchadzajuci mail odo mna berte prosim ako moju blbost.

         PeSe



DObry den

mam jeden problem
mam FBSD 4.3R s 3xIntelPCI 10/100 NIC
196MB RAM a 2*30GB HDD
jedna NIC ma vonkajsiu adresu
(fxp2)
fxp0 a fxp1 su vnutorne

mam taky problem. 
na masine su IP Filtre s IP Nat a SQUID.
masina je pripojena na net len od 21.00 do 07.00
pravidelne sa mi deje to, ze sa mi  komplet vyhryznu sietove sluzby NS 
tak, ze ping a traceroute z vnutornej siete von ide, squid sa tvari ze 
bezi, ale to je vsetko.
vzdy musi rebootnut masinu na to aby to slo.

Neviete prosim, kde je chyba????
IPF rules prikladam 

#
# loopback 
# snad by som aj ...
#
pass in quick on lo0
pass out quick on lo0

#
# fxp2 navonok
# pustene tcp a udp plus icmp
#
pass out quick on fxp2 proto tcp from any to any keep state
pass out quick on fxp2 proto udp from any to any keep state
pass out quick on fxp2 proto icmp from any to any keep state
block out quick on fxp2 all

#
# fxp1 dovnutra jedno kridlo
#
block in quick on fxp1 proto tcp from any to any port = 80
block in quick on fxp1 proto udp from any to any port = 80
pass in on fxp1 all

pass out quick on fxp1 proto tcp from any to any 
pass out quick on fxp1 proto udp from any to any 
pass out quick on fxp1 proto icmp from any to any 

#
# fxp0 sak sietovka na druhe kridlo
#
block in quick on fxp0 proto tcp from any to any port = 80
block in quick on fxp0 proto udp from any to any port = 80
pass in on fxp2 all

pass out quick on fxp0 proto tcp from any to any 
pass out quick on fxp0 proto udp from any to any 
pass out quick on fxp0 proto icmp from any to any 



***************************
PeSe
***************************





More information about the Users-l mailing list