Problem si IPFW

Jeřábek Ladislav mixicek at seznam.cz
Wed Mar 3 17:13:25 CET 2004
Previous message: Vice static routes
Next message: Problem si IPFW
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dobrý den,

 

Na FBSD 5.1 jsem měl script na firewall a shaping:

 

INTERFACE_1="wi0"

INTERFACE_2="wi1"

INTERFACE_3="xl0"

INTERFACE_4="xl1"

DENY_MAC="00:E0:03:04:EF:CE"

 

for i in $DENY_MAC; do

ipfw add deny all from any to any via $INTERFACE_2 MAC any $i

done

 

ipfw add pass all from any to any via lo0

ipfw add deny all from
10.24.28.0/26{14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34
,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56} to any
in via $INTERFACE_2

 

ipfw pipe 01 config bw 136Kbps queue  16Kbytes

ipfw add pipe 01 all from any to any 25 out via $INTERFACE_3

 

ipfw pipe 11 config bw  68Kbps queue  8Kbytes

ipfw add pipe 11 all from 10.24.28.2 to any out via $INTERFACE_3

ipfw pipe 13 config bw 136Kbps queue 16Kbytes

ipfw add pipe 13 all from 10.24.28.3 to any out via $INTERFACE_3

ipfw pipe 15 config bw  68Kbps queue  8Kbytes

ipfw add pipe 15 all from 10.24.28.4 to any out via $INTERFACE_3

ipfw pipe 17 config bw 136Kbps queue 16Kbytes

ipfw add pipe 17 all from 10.24.28.5 to any out via $INTERFACE_3

ipfw pipe 19 config bw  68Kbps queue  8Kbytes

ipfw add pipe 19 all from 10.24.28.6 to any out via $INTERFACE_3

ipfw pipe 21 config bw  68Kbps queue  8Kbytes

ipfw add pipe 21 all from 10.24.28.0/26{7,8,9} to any out via $INTERFACE_3

ipfw pipe 23 config bw  68Kbps queue  8Kbytes

ipfw add pipe 23 all from 10.24.28.10 to any out via $INTERFACE_3

ipfw pipe 25 config bw  68Kbps queue  8Kbytes

ipfw add pipe 25 all from 10.24.28.11 to any out via $INTERFACE_3

ipfw pipe 27 config bw  68Kbps queue  8Kbytes

ipfw add pipe 27 all from 10.24.28.12 to any out via $INTERFACE_3

ipfw pipe 29 config bw  68Kbps queue  8Kbytes

ipfw add pipe 29 all from 10.24.28.13 to any out via $INTERFACE_3

ipfw pipe 31 config bw   0Kbps queue 40Kbytes

ipfw add pipe 31 all from { 10.24.28.64/26 or 10.24.28.224/27 } to any out
via $INTERFACE_3

ipfw pipe 33 config bw  68Kbps queue  8Kbytes

ipfw add pipe 33 all from 10.24.28.69 to any out via $INTERFACE_3

ipfw pipe 35 config bw  68Kbps queue  8Kbytes

ipfw add pipe 35 all from 10.24.28.128/26{131,132,133,134,135} to any out
via $INTERFACE_3

ipfw pipe 37 config bw  34Kbps queue  4Kbytes

ipfw add pipe 37 all from { 10.24.28.0/26{57,58,59,60,61} or
10.24.28.128/26{185,186,187,188,189} } to any out via $INTERFACE_3

 

ipfw add divert natd all from any to any via $INTERFACE_3

 

ipfw add pass all  from any to me 20 in

ipfw add pass all  from any to me 21 in

ipfw add pass all  from any to me 22 in

ipfw add pass all  from any to me 80 in

ipfw add pass all  from 10.24.28.0/24 to me   25 in

ipfw add pass all  from 10.24.28.0/24 to me   53 in

ipfw add pass all  from 10.24.28.0/24 to me 3128 in

ipfw add pass all  from 10.24.28.0/24 to 10.24.28.0/24

ipfw add pass icmp from any to { me or 10.24.28.0/24 } in

ipfw add deny all  from any to { me or 10.24.28.0/24 } in setup

 

ipfw pipe 12 config bw  68Kbps queue   8Kbytes

ipfw add pipe 12 all from any to 10.24.28.2 in via $INTERFACE_3

ipfw pipe 14 config bw 136Kbps queue 16Kbytes

ipfw add pipe 14 all from any to 10.24.28.3 in via $INTERFACE_3

ipfw pipe 16 config bw  68Kbps queue  8Kbytes

ipfw add pipe 16 all from any to 10.24.28.4 in via $INTERFACE_3

ipfw pipe 18 config bw 136Kbps queue 16Kbytes

ipfw add pipe 18 all from any to 10.24.28.5 in via $INTERFACE_3

ipfw pipe 20 config bw  68Kbps queue  8Kbytes

ipfw add pipe 20 all from any to 10.24.28.6 in via $INTERFACE_3

ipfw pipe 22 config bw  68Kbps queue  8Kbytes

ipfw add pipe 22 all from any to 10.24.28.0/26{7,8,9} in via $INTERFACE_3

ipfw pipe 24 config bw  68Kbps queue  8Kbytes

ipfw add pipe 24 all from any to 10.24.28.10 in via $INTERFACE_3

ipfw pipe 26 config bw  68Kbps queue  8Kbytes

ipfw add pipe 26 all from any to 10.24.28.11 in via $INTERFACE_3

ipfw pipe 28 config bw  68Kbps queue  8Kbytes

ipfw add pipe 28 all from any to 10.24.28.12 in via $INTERFACE_3

ipfw pipe 30 config bw  68Kbps queue  8Kbytes

ipfw add pipe 30 all from any to 10.24.28.13 in via $INTERFACE_3

ipfw pipe 32 config bw   0Kbps queue 40Kbytes

ipfw add pipe 32 all from any to { 10.24.28.64/26 or 10.24.28.224/27 } in
via $INTERFACE_3

ipfw pipe 34 config bw  68Kbps queue  8Kbytes

ipfw add pipe 34 all from any to 10.24.28.69 in via $INTERFACE_3

ipfw pipe 36 config bw  68Kbps queue   8Kbytes

ipfw add pipe 36 all from any to 10.24.28.128/26{131,132,133,134,135} in via
$INTERFACE_3

ipfw pipe 38 config bw  34Kbps queue  4Kbytes

ipfw add pipe 38 all from any to { 10.24.28.0/26{57,58,59,60,61} or
10.24.28.128/26{185,186,187,188,189} } in via $INTERFACE_3

 

Když jsem nainstaloval FBSD 5.2.1 na zkoušku tak mi ten script chodil bez
problémů, ale když jsem pak to FBSD 5.2.1 nainstaloval podruhé (jádro jsem
vždycky přeložil úplně se stjeným konfigurákem) tak mi ten script chodí
podivně. Pokud tam nechám pravidla pro firewall NAT a pro shaping směrem
dovnitř (in) tak to chodí bez problémů, ale pokud tam přidám ještě pravidla
pro výstup (out) tak mi to najednou přestane NATovat. :o( A ten script
předtím chodil. Nevíte v čem může být problém?

 

Děkuji.

 

Ladislav Jeřábek
Previous message: Vice static routes
Next message: Problem si IPFW
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users-l mailing list