[OpenBSD-BR] pf.conf - ajuda por favor - urgente

Iran Lima openbsd.iran em gmail.com
Sexta Junho 8 10:48:51 BRT 2007 

Caros amigos do openbsd, estou precisando de ajuda no PF.CONF, não sou muito
bom, ainda, no pf.conf mais com ajuda de vocês tenho certeza que vou chegar
lá

Bom vamos ao problemas, tenho uma maquina Pentium 3 com 128Mb de Ram e HD de
20GB instalei o openbsd 4.0 puro, depois o squid 2.6 stable 12, tudo ok,
agora estou precisando liberar na minha rede interna o outlook express e o
incredimail que usa as portas smtp(25, 465), pop3(110, 995) coloque as
seguintes regras no pf.conf

######## INICIO

# MACROS
ext_if="rl0" # 192.168.0.254 internet
int_if="rl1" # 10.0.0.1      rede local

###############
set loginterface $ext_if
set skip on lo0

##############
scrub in all

######## NAT
nat on $ext_if from !($ext_if) -> ($ext_if)

######## SQUID
rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port
3128
pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $ext_if inet proto tcp from any to any port www keep state



antispoof quick for $int_if inet

### Loopback
pass out quick on lo0 from any to any
pass in quick on lo0 from any to any


### Rede Local
pass out quick on $int_if from any to any keep state
pass in quick on $int_if from any to any keep state

pass out quick on $ext_if from any to any keep state
pass in log quick on $ext_if inet proto tcp from any to any port 50000 flags
S/SA keep state

######### Fim

O squid funciona que é uma beleza mais o outlook e o incredmail tá difícil,
agradeço a ajuda de todos e o tempo - muito obrigado


####### MAIS INFORMAÇÕES

# pfctl -sn
nat on rl0 from ! (rl0) to any -> (rl0) round-robin
rdr on rl1 inet proto tcp from any to any port = www -> 127.0.0.1 port 3128

# pfctl -sr
scrub in all fragment reassemble
pass in on rl1 inet proto tcp from any to 127.0.0.1 port = 3128 keep state
pass out on rl0 inet proto tcp from any to any port = www keep state
block drop in quick on ! rl1 inet from 10.0.0.0/24 to any
block drop in quick inet from 10.0.0.1 to any
pass out quick on lo0 all
pass in quick on lo0 all
pass out quick on rl1 all keep state
pass in quick on rl1 all keep state
pass out quick on rl0 all keep state
pass in log quick on rl0 inet proto tcp from any to any port = 50000 flags
S/SA keep state

# ps aux | grep squid
root     26082  0.0  0.0  1104     4 ??  IWs    7:35AM
0:00.05/usr/local/squid/sbin/squid
nobody     894  0.0 10.8  5352  3476 ??  S      7:35AM    0:11.53 (squid)
(squid)
root      4519  0.0  1.0   336   312 p1  R+     8:31AM    0:00.12 grep squid

######### ALGUMAS TENTATIVAS

###### INICIO 01
ext_if="rl0" # 192.168.0.254
int_if="rl1" # 10.0.0.1


tcp_services="{ 21, 25, 110, 465, 995 }"
udpports="{ domain }"
# icmp_types="echoreq"

########
set optimization aggressive

#############
scrub in

######## NAT
nat on $ext_if from !($ext_if) -> ($ext_if)

######## SQUID
rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port
3128
#rdr on $int_if proto tcp from any to any port 25 -> 127.0.0.1 port 8025
#rdr on $int_if proto tcp from any to any port 110 -> 127.0.0.1 port 8110

rdr on $int_if inet proto tcp from any to any port 25 -> 127.0.0.1 port 8025

rdr on $int_if inet proto tcp from any to any port 110 -> 127.0.0.1 port
8110

pass in quick on lo0 all
pass out quick on lo0 all

pass in quick on $int_if all
pass out quick on $int_if all

pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $ext_if inet proto tcp from any to any port www keep state

pass in on $int_if inet proto tcp from any to 127.0.0.1 port 8025 keep state
pass out on $ext_if inet proto tcp from any to any port smtp keep state

pass in on $int_if inet proto tcp from any to 127.0.0.1 port 8110 keep state
pass out on $ext_if inet proto tcp from any to any port pop3 keep state

pass in on $ext_if inet proto tcp from any to $int_if port $tcp_services
flags S/SA keep state
pass in on $ext_if inet proto tcp from any to $int_if port $udpports flags
S/SA keep state
pass in on $int_if inet proto tcp from any to $ext_if port $tcp_services
flags S/SA keep state
pass in on $int_if inet proto tcp from any to $ext_if port $udpports flags
S/SA keep state
pass out on $int_if proto tcp from $ext_if to any flags S/S keep state
pass out on $int_if proto udp from $ext_if to any keep state

pass out on $ext_if proto tcp from $ext_if to any flags S/S keep state
pass out on $ext_if proto udp from $ext_if to any keep state

############################ FIM 01



################## INICIO 02
ext_if="rl0" # 192.168.0.254
int_if="rl1" # 10.0.0.1


######### email
tcp_pass = { ftp ssh smtp domain http pop3 }
udp_pass = { domain ntp }

########
set optimization aggressive

#############
scrub in

######## NAT
nat on $ext_if from !($ext_if) -> ($ext_if)


######## SQUID
rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port
3128
pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $ext_if inet proto tcp from any to any port www keep state


antispoof for { rl0, rl1 } inet

pass out on { rl0, rl1 } proto tcp to any port $tcp_pass
pass out on { rl0, rl1 } proto udp to any port $udp_pass


pass out on $ext_if inet proto tcp all flags S/SA keep state
pass out on $ext_if inet proto { udp, icmp } all keep state

pass in on $ext_if proto tcp from any to $int_if port = www keep state
pass in on $ext_if proto tcp from any to $int_if port = smtp keep state
pass in on $ext_if proto tcp from any to $int_if port = pop3 keep state


############################ FIM 02

todas as tentativas acima foram sem sucesso


Iran Lima
aprendiz do openbsd
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.openbsd-br.org/pipermail/openbsd/attachments/20070608/47ad3e15/attachment.html

Mais detalhes sobre a lista de discussão Openbsd