IPFW + IPNAT
Juraj Petrik
juro at software602.sk
Wed Oct 30 13:40:56 CET 2002
Ahojte,
uz si skutocne neviem rady,
nainstaloval som si FBSD 4.7 mini
k tomu doinstalovane nejake programy + porty + aktualizovany CVSUPom src,
skompilovany kernel s pridanymi options:
options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPFIREWALL_FORWARD
options IPFIREWALL_DEFAULT_TO_ACCEPT
options RANDOM_IP_ID
options IPDIVERT
options DUMMYNET
options VESA
v /etc/rc.conf mam:
hostname="bla.bla.sk"
defaultrouter="x.x.x.x"
ifconfig_rl0="inet x.x.x.y netmask 255.255.255.248"
ifconfig_rl1="inet 192.168.1.22 netmask 255.255.255.0"
gateway_enable="YES"
portmap_enable="NO"
kern_securelevel="2"
kern_securelevel_enable="NO"
icmp_drop_redirects="YES"
icmp_bmcastecho="NO"
nfs_reserved_port_only="YES"
nfs_server_enable="NO"
sshd_enable="YES"
sshd_flags="-4"
sshd_program="/usr/sbin/sshd"
nisdomainname="NO"
linux_enable="NO"
lpd_enable="NO"
saver="NO"
check_quoptes="NO"
usbd_enable="NO"
inetd_enable="YES"
sendmail_enable="NO"
check_quotes="NO"
syslogd_flags="-4ns"
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.conf"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.conf"
ipmon_enabled="YES"
ipmon_flags="-Dns"
v /etc/ipf.conf mam
pass in all
pass out all
v /etc/ipnat.conf mam:
# rl0 WAN
# rl1 LAN
rdr rl0 0.0.0.0/0 port 80 -> 192.168.1.35 port 80 tcp
rdr rl0 0.0.0.0/0 port 25 -> 192.168.1.35 port 25 tcp
map rl0 192.168.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map rl0 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp 40000:60000
map rl0 192.168.1.0/24 -> 0.0.0.0/32
v /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet.ip.check_interface=1
#net.inet.ip.redirect=0
#net.inet.ip.sourceroute=0
#net.inet.ip.accept_sourceroute=0
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.tcp.recvspace=57344
net.inet.tcp.sendspace=32768
net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=1
net.inet.icmp.bmcastecho=0
net.inet.icmp.maskrepl=0
net.link.ether.inet.max_age=1200
kern.ipc.somaxconn=1024
kern.maxfiles=8192
net.inet.ip.portrange.first=25000
net.inet.ip.portrange.last=49151
Z vnutornej siete sa dostanem v pohode na internet,
ale ked zadam vonkajsiu IP s portom 80 mal by sa udiat redirect,
nejde mi to, ani vo verzii 4.6.2 mi to neslo....
kde robim chybu???
Diki za kazdu dobru radu...
IPFIREWALL tam mam, lebo neskor chcem pozit aj DUMMYNET
-juro-
More information about the Users-l
mailing list