[FUGSPBR] PF - Problemas

marcela em informacao.srv.br marcela em informacao.srv.br
Qua Nov 17 16:17:09 BRST 2004 

Já recriei meu pf.conf aproximadamente 100 vezes hoje.

Já não sei mais o que fazer para resovler meu problema. A princípio é tudo
muito simples, redireceionar várias portas de serviços para os servidores
internos. Mas, o Open simplesmente se nega a redirecionar.

Ele acusa Connection Denied para TUDO! Qualquer coisa q eu fizer.

Sim, os serviços locais (como ssh) funcionam). DNS, já chegou a funcionar.

Segue pf.conf. Se alguém puder me dize pq ele não redireciona, eu agradeço.
#       $OpenBSD: pf.conf,v 1.27 2004/03/02 20:13:55 cedric Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.

#VARIABLES
EXT = "rl0"
INT = "fxp0"

canguru = "192.168.0.251"
srvmentor = "192.168.0.252"

#scrub in

#scrub rules
scrub in all

#NAT and redirecton rules

nat on $EXT inet from $INT to any -> ($EXT)

#nat on $ext_if from !($ext_if) -> ($ext_if:0)
#rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
#rdr pass on $ext_if proto tcp from <spamd> to port smtp \
#       -> 127.0.0.1 port spamd
#rdr pass on $ext_if proto tcp from !<spamd-white> to port smtp \
#       -> 127.0.0.1 port spamd

#FTP  redirections

#HTTP redirections

rdr on $INT proto tcp from any to any port 80 -> 127.0.0.1 port 3128
#messenger
#mail
rdr pass on $EXT proto tcp from any to any port 110 -> $canguru
rdr pass on $EXT proto tcp from any to any port 25 -> 192.168.0.251
rdr pass on $EXT proto tcp from any to any port 143 -> $canguru

#vpn

rdr pass on $EXT proto tcp from any to 201.x.x.x port 47 -> $srvmentor
port 47
rdr pass on $EXT proto udp from any to 201.x.x.x port 47 -> $srvmentor
port 47

#site webtech
rdr pass on $EXT proto tcp from any to any port 80 -> $canguru port 5081

#exchange
rdr pass on $EXT proto tcp from any to any port 443 ->192.168.0.252 port 443

#sharepoint
rdr pass on $EXT proto  tcp from any to 201.x.x.x port 5080 -> $canguru
port 5080
rdr pass on $EXT proto tcp from any to any port 5080 -> 192.168.0.251 
port 5080


#SSH access is free, by port 22
pass in log quick on $EXT inet proto tcp from any to any port 22 flags
S/SA keep state
pass in log quick on $EXT inet proto udp from any to any port 22 keep state

#Filter Rules

block in log all

#block in
#pass out keep state

#Block ICMP
#block in proto icmp all

#Pass traffic to/from internal network

pass in quick on $INT all keep state
pass out quick on $INT all keep state


#pass quick on { lo $int_if }
#antispoof quick for { lo $int_if }

#pass in on $ext_if proto tcp to ($ext_if) port ssh keep state
#pass in on $ext_if proto tcp to ($ext_if) port > 49151 user proxy keep state
#pass in log on $ext_if proto tcp to ($ext_if) port smtp keep state
#pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state


#Pass trafic to/from external network

pass in quick on $EXT proto tcp from any to any port 143 keep state
pass in quick on $EXT proto udp from any to any port 143 keep state
pass in quick on $EXT proto tcp from any to any  port 53 flags S/SA
pass in quick on $EXT proto udp from any to any  port 53
pass in quick on $EXT proto tcp from any to $canguru port 5080
pass in quick on $EXT proto tcp from any to $canguru port 5081
pass in quick on $EXT proto tcp from any to $canguru port 5082
pass in quick on $EXT proto {tcp, udp} from any to $canguru port 47
pass in quick on $EXT proto tcp from any to $srvmentor port 443

#Permit outogoing on $EXT

pass out quick on $EXT all keep state

block out log all
pass in log quick on lo0 all
pass out log quick on lo0 all


_______________________________________________________________
Para enviar um novo email para a lista: fugspbr em fugspbr.org
Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/

Mais detalhes sobre a lista de discussão freebsd