router 4 siete

Martin Baumann fefo at rulez.sk
Tue Jul 4 11:05:45 CEST 2006

Previous message: router 4 siete
Next message: mysql kresuje
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Štefan,

Tuesday, July 4, 2006, 7:35:04 AM, you wrote:

ŠV> Zdravim, mam problem chcem nainstalovat router s 3 sietami (1 sietovka -
ŠV> net a 3 dalsie vnutorne siete) Problem je nasledovny potrebujem na dvoch
ŠV> sietiach chcem aby som zakazal porty 135, 137,139, 445 napr. na tychto
ŠV> 192.168.5.0/24 a 192.168.4.0/24 s tym ze na kazdej z tychto sieti chcem
ŠV> mat povoleny port 21. Na dalsej sieti chcem mat 135.137.139.445 porty
ŠV> povolene napr. 192.168.3.0/24 a este na tu siet chcem mat z von pristup
ŠV> cez OpenVPN. Problem je ten ze neviem ako to mam nastavit pravidla na
ŠV> kazdu siet osobitne v pf.conf
ŠV> Nemam velke skusenosti z pf skor pouzivam FreeBSD na desktop.

Nuz tak nastavis si na zaciatku dajake tie premenne :) zhruba takto:

# INTERFACES
ext_if="rl0"    # interface for external network
sub_if1="rl1"    # interface for subnet1
sub_if2="rl2"    # interface for subnet2
sub_if3="rl3"    # interface for subnet3
int_if="lo0"    # local loopback interface

# NETWORKS
ext_net="10.1.4.0/24" # dajme tomu ze moj router je na 10.1.4.0/24 podsieti
sub_net1="192.168.3.0/24"
sub_net2="192.168.4.0/24"
sub_net3="192.168.5.0/16"

# ADRESSES
ext_addr="10.1.4.200" # moja IP na danej podsieti z ktorej routujem
sub_addr1="192.168.3.100"
sub_addr2="192.168.4.100"
sub_addr3="192.168.5.100"
local_addr="127.0.0.1"

nat on $ext_if from $sub_net1 to any -> $ext_addr
nat on $ext_if from $sub_net2 to any -> $ext_addr
nat on $ext_if from $sub_net3 to any -> $ext_addr

block in on $ext_if from any to any

pass out all keep state # von vsetko a dnu len odpovede na connecty

pass in all from any to any port 21

# nepusti na samba server
block in on {$sub_if2} proto {udp,tcp} from $sub_net2 to $sub_addr2 port {137,138,139}
block in on {$sub_if2} proto tcp from $sub_net2 to $sub_addr2 port 445

block in on {$sub_if3} proto {udp,tcp} from $sub_net3 to $sub_addr3 port {137,138,139}
block in on {$sub_if3} proto tcp from $sub_net3 to $sub_addr3 port 445

#pusti na sambu na interfejsy 1
pass in on {$sub_if1} proto {udp,tcp} from $sub_net1 to $sub_addr1 port {137,138,139}
pass in on {$sub_if1} proto tcp from $sub_net1 to $sub_addr1 port 445

Duufam ze som na nic nezabudol :) a ze je to spravne toto som len tak
narychlo nabuchal takze je mozne ze tam bude chyba ale pevne dufam ze
nie :)
-- 
Best regards,
 Martin                            mailto:fefo at rulez.sk

Previous message: router 4 siete
Next message: mysql kresuje
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list