[FUG-BR] ajuda router bsd + router wifi

asakusa asa asakusaa em gmail.com
Sábado Fevereiro 23 13:38:05 BRT 2008 

Hi,

Venho pedir a Vossa ajuda ;) comprei ontem um router wifi para ligar a
um switch que por sua vez está dependente de um router bsd.

Esquema:

Net -> Router BSD -> Switch (2 Pcs + 1 rj45 que vai ligar ao router wifi)

O router bsd tem uma conf muito simples no pf:

#       $FreeBSD: src/etc/pf.conf,v 1.2 2004/09/14 01:07:18 mlaier Exp $
#       $OpenBSD: pf.conf,v 1.21 2003/09/02 20:38:44 david Exp $
#
# See pf.conf(5) and /usr/share/examples/pf for syntax and examples.
# Required order: options, normalization, queueing, translation, filtering.
# Macros and tables may be defined and used anywhere.
# Note that translation rules are first match while filter rules are last match.

set limit states 10000
set limit src-nodes 1000
set timeout { adaptive.start 5000, adaptive.end 10000 }

set skip on lo0

## INTERFACES ##
ext_if="rl0"
int_if="rl1"

unfiltered  = "{ lo0, lp0}"

ip_ext="rl0"
ip_int="192.168.100.0/24"

allowed__ports="{21,22,25,110,143,443,445,993,1412,4662,4672,8080}"

## IP'S ##
router="192.168.100.1"
mac01="192.168.100.2"
mac02="192.168.100.3"

table <bruteforce_ssh> persist

## OPTIONS ##
set block-policy drop
set require-order yes
set loginterface $ext_if

#scrub in all

## NAT ##
nat on $ext_if from $ip_int to any -> ($ext_if)

## FTP PROXY ##
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021

## RDR ##
rdr on $ext_if proto {tcp,udp} to port 1412 -> $mac01 port 1412
rdr on $ext_if proto tcp to port 4662 -> $mac01 port 4662
rdr on $ext_if proto udp to port 4672 -> $mac01 port 4672

## BLOCK ALL ##
block log all

block drop in quick on $ext_if from $ip_int to any
block drop out quick on $ext_if from any to $ip_int

## SSH ##
pass in quick on $ext_if proto tcp from any to $ip_ext port 22 flags
S/SAFR modulate state $SSH_LIMIT

## ICMP ##
pass in log quick on $ext_if inet proto icmp all icmp-type 3 keep state (max 32)
pass in log quick on $ext_if inet proto icmp all icmp-type 4 keep state (max 32)

pass in on $ext_if proto { tcp, udp } from any to $mac01 port 1412 keep state

pass in on $ext_if proto tcp from any to $mac01 port 4662 keep state
pass in on $ext_if proto udp from any to $mac01 port 4672 keep state

pass in on $int_if from $ip_int to any keep state
pass out on $int_if from any to $ip_int keep state

pass out on $ext_if proto tcp from $ip_ext to any flags S/SA keep state
pass out on $ext_if proto { icmp, udp } all keep state

---------------------------------------------------

Já meti o router wifi com ip estático, isto é, 192.168.100.4 e ele
atribui às maquinas que se ligam via wireless os ips da gama
192.168.1.X

Contudo não consigo ter rede nos pc wifi, que configuração tenho de
meter no router bsd? RDR?

Alguma ideia?


Obrigado

Mais detalhes sobre a lista de discussão freebsd