[FUG-BR] Como utilizar 2 link
Helder Urso - Gmail
helder.urso em gmail.com
Terça Outubro 9 15:08:36 BRT 2007
Boa tarde.
Preciso implementar a utilização de 2 link de acesso a internet no servidor, cada link ficara para algumas portas, o servidor é FreeBSD 6.1 com ipfw, nat e squid.
As interfaces:
bge0: 192.168.20.1 -> rede interna com vlan redes 192.168.21.x, 30.x,40.x,50.x
xl0: IP valido LP
xl1: IP valido adsl
Hoje so utilizo o o usual para o acesso a internet entra pela xl0 e passa para a bge0, quero que a entrada e saida de email, P2P, emule, videos etc.. saia pela xl1, ficando http, https, msn, voip pela xl0.
Segue meu ipfw:
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 check-state
00500 allow tcp from me to any setup keep-state
00510 allow tcp from 127.0.0.1 3128 to any via bge0 setup keep-state
00511 allow udp from any to any dst-port 53 via bge0
00511 allow udp from any to any dst-port 53 via vlan*
00512 skipto 800 ip4 from 192.168.21.249 to any via vlan*
00520 pipe 10 ip4 from any to me dst-port 22 via bge0
00520 pipe 10 ip4 from any to me dst-port 22 via vlan*
00540 pipe 11 udp from table(1) to not me in via bge0
00540 pipe 11 udp from table(1) to not me in via vlan*
00550 pipe 12 udp from table(1) to not me out via bge0
00550 pipe 12 udp from table(1) to not me out via vlan*
00560 pipe 1 ip4 from table(1) to not me in via bge0
00560 pipe 1 ip4 from table(1) to not me in via vlan*
00570 pipe 2 ip4 from table(1) to not me out via bge0
00570 pipe 2 ip4 from table(1) to not me out via vlan*
00600 skipto 800 tcp from any to 200.201.174.0/24 via bge0
00600 skipto 800 tcp from any to 200.201.174.0/24 via vlan*
00600 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 via bge0 setup keep-sta
00600 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 via vlan* setup keep-st
00650 fwd 127.0.0.1,53 udp from any to 200.134.184.2 dst-port 53 via bge0
00650 fwd 127.0.0.1,53 udp from any to 200.134.184.2 dst-port 53 via vlan*
00700 allow udp from any to me dst-port 53 in via bge0
00700 allow udp from any to me dst-port 53 in via vlan*
00800 divert 8668 udp from any to any dst-port 53 via xl0
00900 divert 8668 ip from any to any via xl0
60000 allow log logamount 10000 ip from any to any
65535 allow ip from any to any
Obrigado,
Helder
Mais detalhes sobre a lista de discussão freebsd