[FUG-BR] Problemas Gateway / Firewall

Rodrigo G. Crescencio rodrigo em rcsolucoesinteligentes.com.br
Terça Abril 6 17:49:44 BRT 2010 


Olá amigo,



o resolv.conf, esta assumindo o gateway do link da NET Virtua.



Segue um arquivo meu de testes do pf.conf



ext_if="re0"

int_if="xl0"

int_net="192.168.1.0/24"



tcp_services="{1985}"

icmp_types="echoreq"



# SCRUB

scrub in all no-df



# NAT

nat on $ext_if from $int_net to any -> ($ext_if)



# RDR

rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1
port 3128



# Block

block in on $ext_if



# Pass loopback

pass quick on lo0 all

pass out keep state



# Internet

pass in log on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep
state

pass out log on $ext_if inet proto tcp from any to any port www keep
state



# SSH

pass in on $ext_if inet proto tcp from any to any port 1985 flags S/SA
keep state

pass in on $int_if inet proto tcp from any to any port 1985 flags S/SA
keep state



# ICMP/TRACEROUTE

pass out inet proto icmp all icmp-type $icmp_types keep state



com relação ao squid, esta aki



http_port 127.0.0.1:3128 transparent

visible_hostname Proxy_Server

error_directory /usr/local/etc/squid/errors/pt-br



cache_mem 1024 MB

cache_swap_low 90

cache_swap_high 95

maximum_object_size 40000 KB

minimum_object_size 0 KB



cache_dir ufs /usr/local/squid/cache 1024 64 256

cache_access_log /usr/local/squid/logs/access.log

cache_log /usr/local/squid/logs/store.log





pid_filename /usr/local/squid/logs/squid.pid



refresh_pattern ^ftp: 15 20% 2280

refresh_pattern ^gopher: 15 0% 2280

refresh_pattern . 15 20% 2280



acl to_localhost dst 127.0.0.0/8



acl manager proto cache_object

acl Safe_ports port 80

acl SSL_ports port 443 563

acl CONNECT method CONNECT



acl rede src 192.168.1.0/24

http_access allow rede

http_access allow manager

http_access allow !Safe_ports

http_access allow CONNECT !SSL_ports





Agradeço a ajuda



-- 

Rodrigo G. Crescencio

Analista de TI.

RC - Soluções Inteligentes em TI.

www.rcsolucoesinteligentes.com.br









> Precisa mandar as regras de firewall.

> Só que veja o seu resolv.conf

> e o squid.conf

> 

> Em 6 de abril de 2010 17:35, Rodrigo G. Crescencio

>

Mais detalhes sobre a lista de discussão freebsd