[FUGSPBR] ipfw
Carlos
cat em iqsc.usp.br
Qui Set 18 11:13:57 BRT 2003
Pessoal preciso de uma ajuda
tenho um firewall que trava tudo e manda as requisições da porta 80 pra o
proxy.
as requisições vão, mas nao voltam
Alguma dica?
fwcmd="/sbin/ipfw"
$fwcmd -f flush
# Placa xl0
rede_saida="xxx.xxx.xxx.xxx"
# placa xl1
rede_dmz="192.168.232.0/24"
# Placa xl2
rede_naorot="192.168.237.0/24"
rede_teste="192.168.236.0/24"
rede="192.168.0.0/16"
serv_proxy="192.168.232.2"
# Permite NAT da rede
${fwcmd} add divert 8668 log ip from any to any any
# Permite a saida de pacotes ntp e DNS
${fwcmd} add permit udp from any to any 53
${fwcmd} add permit udp from any 53 to any
${fwcmd} add permit udp from any to any 123
${fwcmd} add permit udp from any 123 to any
# Permite saidas as portas especificas
${fwcmd} add check-state
${fwcmd} add deny log tcp from any to any established
# Direciona fluxo http para proxy
${fwcmd} add fwd ${serv_proxy} tcp from ${rede} to any 80 setup keep-state
${fwcmd} add allow tcp from any to any 22 setup keep-state
${fwcmd} add allow tcp from any to any 25 setup keep-state
${fwcmd} add allow tcp from any to any 53 setup keep-state
${fwcmd} add allow tcp from ${serv_proxy} to any 80 setup keep-state
${fwcmd} add allow tcp from any to any 110 setup keep-state
# Logar tudo que e negado
${fwcmd} add deny log all from any to any
Obrigado
Carlos
_______________________________________________________________
Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
Mais detalhes sobre a lista de discussão freebsd