IPFW + IPNAT

Juraj Petrik juro at software602.sk
Wed Oct 30 13:40:56 CET 2002


Ahojte,
uz si skutocne neviem rady,
nainstaloval som si FBSD 4.7 mini
k tomu doinstalovane nejake programy + porty + aktualizovany CVSUPom src,
skompilovany kernel s pridanymi options:
options         IPFILTER
options         IPFILTER_LOG
options         IPFILTER_DEFAULT_BLOCK
options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=100
options         IPFIREWALL_FORWARD
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         RANDOM_IP_ID
options         IPDIVERT
options         DUMMYNET
options         VESA
 
v /etc/rc.conf mam:
hostname="bla.bla.sk"
defaultrouter="x.x.x.x"
ifconfig_rl0="inet x.x.x.y netmask 255.255.255.248"
ifconfig_rl1="inet 192.168.1.22 netmask 255.255.255.0"
gateway_enable="YES"
portmap_enable="NO"
kern_securelevel="2"
kern_securelevel_enable="NO"
icmp_drop_redirects="YES"
icmp_bmcastecho="NO"
nfs_reserved_port_only="YES"
nfs_server_enable="NO"
sshd_enable="YES"
sshd_flags="-4"
sshd_program="/usr/sbin/sshd"
nisdomainname="NO"
linux_enable="NO"
lpd_enable="NO"
saver="NO"
check_quoptes="NO"
usbd_enable="NO"
inetd_enable="YES"
sendmail_enable="NO"
check_quotes="NO"
syslogd_flags="-4ns"
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.conf"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.conf"
ipmon_enabled="YES"
ipmon_flags="-Dns" 

v /etc/ipf.conf mam
pass in all
pass out all

v /etc/ipnat.conf mam:
# rl0 WAN
# rl1 LAN

rdr rl0 0.0.0.0/0 port 80 -> 192.168.1.35 port 80 tcp
rdr rl0 0.0.0.0/0 port 25 -> 192.168.1.35 port 25 tcp

map rl0 192.168.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map rl0 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp 40000:60000
map rl0 192.168.1.0/24 -> 0.0.0.0/32

v /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet.ip.check_interface=1
#net.inet.ip.redirect=0
#net.inet.ip.sourceroute=0
#net.inet.ip.accept_sourceroute=0
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.tcp.recvspace=57344
net.inet.tcp.sendspace=32768
net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=1
net.inet.icmp.bmcastecho=0
net.inet.icmp.maskrepl=0
net.link.ether.inet.max_age=1200 
kern.ipc.somaxconn=1024
kern.maxfiles=8192
net.inet.ip.portrange.first=25000
net.inet.ip.portrange.last=49151 

Z vnutornej siete sa dostanem v pohode na internet,
ale ked zadam vonkajsiu IP s portom 80 mal by sa udiat redirect,
nejde mi to, ani vo verzii 4.6.2 mi to neslo....

kde robim chybu???

Diki za kazdu dobru radu...
IPFIREWALL tam mam, lebo neskor chcem pozit aj DUMMYNET

-juro-



More information about the Users-l mailing list