OpenVPN, IPFW a NAT

Zbyněk Burget zburget at burgnet.cz
Sat Sep 5 20:26:17 CEST 2009

Previous message: OpenVPN, IPFW a NAT
Next message: OpenVPN, IPFW a NAT
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ciernik Tomas napsal(a):
> 02010 skipto 65010 tcp from any to any out via tun3 setup keep-state
> 02011 skipto 65010 ip from any to any out via tun3 keep-state
^^^^^^^^^^^^^^^                                      ^^^^^^^^^^^^^^

nejsem si jist tim, ze zrovna tohle bude fungovat - nevim, jestli se pri 
naslednem check-state provede ten skok

Ja osobne preferuju na zacatku firewallu jednoznasne pomoci skipto 
rozdelit veskere smerery provozu pro veskere interfaces, pak je jasne, 
kudy packet prochazi a nebudes tam pak potrebovat takovou silenou 
konstrukci, jakou tam mas ted.

tedy nekde na zacatku firewallu udelat neco jako

1000 skipto 10000 all from any to any in via em1
1010 skipto 11000 all from any to any out via em1
1020 skipto 12000 all from any to any in via em2
1030 skipto 13000 all from any to any out via em2
1040 skipto 14000 all from any to any in via tun0
1050 skipto 15000 all from any to any out via tun0
...
...
...

kde pravidlo check-state bude az za prekladem
...pripadne se vybodnout na stavovy firewall a pouzit firewall 
nestavovy. Mimochodem - mas nejaky vazny duvod k pouziti stavoveho 
firewallu?


Zbynek

Previous message: OpenVPN, IPFW a NAT
Next message: OpenVPN, IPFW a NAT
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list