[FUGSPBR] Problema ipfw Natd !
Gilliatt Borges Bastos
gilliatt em unsigned.eti.br
Qui Ago 7 08:11:39 BRT 2003
Estou criando um firewall que bloqueia tudo e abre apenas o necessario. Mas
estou tendo alguns problemas :)
Já tentei de tudo e ainda não consegui resolver meu problema. As regras do
ipfw são essas:
00001 0 0 allow ip from any to any via lo0
00002 0 0 deny ip from 10.0.0.0/8 to any via xl0
00003 0 0 deny ip from any to 10.0.0.0/8 via xl0
00004 0 0 deny ip from any to 172.16.0.0/12 via xl0
00005 0 0 deny ip from 172.16.0.0/12 to any via xl0
00006 0 0 deny ip from any to 192.168.0.0/16 via xl0
00007 15 720 deny ip from 192.168.0.0/16 to any via xl0
00008 0 0 deny ip from 192.168.48.0/24 to any in recv xl0
00009 0 0 deny ip from 192.168.49.0/24 to any in recv xl0
00010 0 0 deny ip from 200.206.102.64/26 to any in recv xl0
00020 0 0 check-state
00030 0 0 allow tcp from any to 200.206.102.66 53 keep-state setup
00040 0 0 allow udp from 200.206.102.66 to any 53 keep-state
00050 0 0 allow udp from any to 200.206.102.66 53 keep-state
00060 0 0 allow tcp from any to 192.168.49.10 53 keep-state setup
00070 0 0 allow udp from 192.168.49.10 to any 53 keep-state
00080 0 0 allow udp from any to 192.168.49.10 53 keep-state
00090 0 0 allow tcp from any to 192.168.48.10 53 keep-state setup
00100 0 0 allow udp from 192.168.48.10 to any 53 keep-state
00110 0 0 allow udp from any to 192.168.48.10 53 keep-state
00120 0 0 divert 8668 ip from any to any via xl0
00130 0 0 allow tcp from 200.206.102.66 to 200.206.102.72 110 out
xmit xl0
00140 0 0 allow tcp from 200.206.102.72 110 to 200.206.102.66 in
recv xl0
00150 0 0 allow tcp from 200.206.102.66 to 200.206.102.72 25 out
xmit xl0
00160 0 0 allow tcp from 200.206.102.72 25 to 200.206.102.66 in
recv xl0
00170 1 48 allow tcp from 192.168.48.0/24 to 200.206.102.72 110
keep-state setup
00180 0 0 allow tcp from 192.168.48.0/24 to 200.206.102.72 25
keep-state setup
00190 14 672 allow tcp from 192.168.49.0/24 to 200.206.102.72 110
keep-state setup
00200 0 0 allow tcp from 192.168.49.0/24 to 200.206.102.72 25
keep-state setup
00210 0 0 allow tcp from any 80 to 200.206.102.66 in recv xl0
00220 0 0 allow tcp from any 443 to 200.206.102.66 in recv xl0
00230 0 0 allow tcp from 192.168.48.0/24 to 192.168.49.10 3128
keep-state setup
00240 0 0 allow tcp from 192.168.49.0/24 to 192.168.48.10 3128
keep-state setup
00250 0 0 allow udp from 200.206.102.72 161 to 200.206.102.66 in
recv xl0
00260 0 0 allow udp from 200.206.102.66 to 200.206.102.72 161 out
xmit xl0
00270 0 0 allow udp from 192.168.49.4 161 to 192.168.49.10 in recv
fxp0
00280 0 0 allow udp from 192.168.49.10 to 192.168.49.4 161 out
xmit fxp0
00380 102 6799 allow ip from 192.168.49.12 to any via fxp0
00480 127 15356 allow ip from any to 192.168.49.12 via fxp0
65000 32 14429 deny log logamount 100 ip from any to any
Gostaria de saber o pq essas regras não possibilitam o Nat ? E como resolver
esse problema ?
[]'s
--
+-------------------------------+
Admistrador de Sistemas/Rede
Jk Comercio e Serviço Ltda
www.jkexpress.com.br
+-------------------------------+
Site: www.unsigned.eti.br
Email unsigned em unsigned.eti.br
Email gborges em jkexpress.com.br
Cel 9593-8333
Res 6605-8195
*-------------------------------+
_______________________________________________________________
Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
Mais detalhes sobre a lista de discussão freebsd