IPFW a fwd

Cizek Milan cizek.milan at seznam.cz
Thu Nov 25 17:04:30 CET 2004



S pozdravem Milan Cizek, amatersky programator, D7 Ent
Win2k (SP4) a WinXP, cizek.milan at seznam.cz, ICQ: 59826637

> -----Original Message-----
> From: users-l-bounces at freebsd.cz 
> [mailto:users-l-bounces at freebsd.cz] On Behalf Of Petr Bezděk
> Sent: Thursday, November 25, 2004 11:05 AM
> To: FreeBSD mailing list
> Subject: Re: IPFW a fwd
> 
> 
> Cizek Milan napsal(a):
> > Ahoj,
> > stale s tim laboruji, ale bez uspechu. Je mi to cele nejake 
> divne a uz 
> > ani prilis nevim co googlit. :) Zkusil jsem situaci, kdy 
> jsem ihned za 
> > divert umistil pravidlo: ipfw add 60 fwd 10.0.254.2 tcp from any to 
> > any. Pravidlo data zpracovava (pribyvaji data), ale na 
> žádné akci se 
> > to neprojeví (?), jakoby nebylo. Mám FreeBSD 5.3-STABLE#0, v jádru 
> > IPFIREWALL_FORWARD. Používáte fwd někdo, funguje? Resp. má fungovat 
> > tak jak si myslím (viz.výše)?. Díky
> 
> Zkus sem poslat nastaveni tveho firewallu - takhle je to jen 
> o hadani a 
> nikdo ti asi neporadi.

Ahoj,

00050 7668 3981493 divert 8668 ip from any to any via ed0
00100   12    1182 allow ip from any to any via lo0
00200    0       0 deny ip from any to 127.0.0.0/8
00300    0       0 deny ip from 127.0.0.0/8 to any
00800 3185 1095771 pipe 1 ip from any not 22,123,53,110,21,80,443,25,5190 to
any out recv ed0 { xmit vr0 or xmit wi0 }
00810 3860 2741148 pipe 2 ip from any to any not dst-port
22,123,53,110,21,80,443,25,5190 out xmit ed0 { recv vr0 or recv wi0 }
00900  205   23228 pipe 3 not icmp from 10.0.0.0/8 to 10.0.0.0/8
01000   25    3794 allow ip from any to 10.0.254.2 via ed0
01100   26    1616 allow ip from any to 212.158.158.238 via ed0
01200  699   99370 allow ip from any to 10.0.1.20 in via ed0
01400    0       0 allow ip from any to 10.0.1.22 in via ed0
...
02900    0       0 allow ip from any to 10.0.4.20 in via ed0
02900    0       0 allow ip from any to 10.0.4.21 in via ed0
04900  307  220995 fwd 10.0.254.2,80 tcp from any to not 10.0.0.0/8 dst-port
80
05000    0       0 deny log ip from any to any in via ed0
65535 4446 2698044 allow ip from any to any

Pri tomto nastaveni a s IP, ktera neni uvedena v zadnem allow mi kazda
stranka krom intranetu  hodi "not found".

Milan






More information about the Users-l mailing list