[FUG-BR] Firewall PF e Samba (Resolvido)

Leandro L J S freebsd em fastcars.com.br
Quinta Janeiro 17 12:18:19 BRST 2008


Bom dia a todos
como me foi pedido envio o que consegui para solucionar meu problema

Cenário
xl0 -> Rede interna
xl1 -> VPN e rede Wireless

pf.conf

# Options: tune the behavior of pf, default values are given.
set timeout { interval 10, frag 30 }
set timeout { tcp.first 90, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
set timeout { icmp.first 60, icmp.error 30 }
set timeout { other.first 60, other.single 30, other.multiple 60 }
set timeout { adaptive.start 0, adaptive.end 0 }
set limit { states 10000, frags 5000 }
set loginterface vr0
set optimization aggressive
set block-policy drop
set require-order yes
set fingerprints "/etc/pf.os"
set skip on lo0

# Scrub para todas as interfaces para pacotes fragmentos perdidos
scrub in  all
scrub out  all

#Queue Controle de Banda
altq on xl0 bandwidth 1Gb cbq queue { \
defaultxl0, A003u, A003d, ..., samba }

#Queue Controle de Banda
altq on xl1 bandwidth 1Gb cbq queue { \
defaultxl1, B002u, B002d, ..., samba1 }

#Queues

#Cliente Interno 1
queue A003d on xl0 bandwidth 128Kb cbq (red)
queue A003u on xl0 bandwidth 128Kb cbq (red)
#Queues do Sistema
queue defaultxl0 on xl0 bandwidth 64Kb cbq (default)
queue samba on xl0 bandwidth 50Mb cbq (borrow)

#Queues

#Cliente Externo 1
queue B002d on xl1 bandwidth 128Kb cbq (red)
queue B002u on xl1 bandwidth 128Kb cbq (red)
#Queues do Sistema
queue defaultxl1 on xl1 bandwidth 64Kb cbq (default)
queue samba1 on xl1 bandwidth 50Mb cbq (borrow)

#Bloqueando a(s) interface(s) interna(s)
block on xl0 all
block on xl1 all

pass in  quick on lo0 all
pass out quick on lo0 all

# Controle do Samba
pass in quick on xl0 proto { udp, tcp } from any to any port { 137, 138, 
139, 445 } queue samba
pass out quick on xl0 proto { udp, tcp } from any port { 137, 138, 139, 
445 } to any queue samba
pass in quick on xl1 proto { udp, tcp } from any to any port { 137, 138, 
139, 445 } queue samba1
pass out quick on xl1 proto { udp, tcp } from any port { 137, 138, 139, 
445 } to any queue samba1

#Cliente Interno 1
pass in quick  on xl0 inet from 192.168.10.3 to any label A003u queue A003u
pass out quick on xl0 inet from any to 192.168.10.3 label A003d queue A003d

#Cliente Externo 1
pass in quick  on xl1 inet from 192.168.11.2 to any label B002u queue B002u
pass out quick on xl1 inet from any to 192.168.11.2 label B002d queue B002d


Falow pessoal



Mais detalhes sobre a lista de discussão freebsd