[OpenBSD-BR] pf.conf - ajuda por favor - urgente
Iran Lima
openbsd.iran em gmail.com
Sexta Junho 8 19:47:12 BRT 2007
obrigrado fabio por ter lido e respondido meu email , bom estou tentando
liberar o outlook express e o incredimail da minha rede interna que é
10.0.0.x para internet que é 192.168.0.x, lembrando que já consigo navegar e
o squid já esta funcionando, veja no email anterior
source -> destination
10.0.0.x ->192.168.0.X
rl0 -> fxp0
se você pode me ajuda ficarei muito grato
Atenciosamente
Iran Lima
aprendiz de openbsd
Em 08/06/07, Fabio Sbano <fsbano em gmail.com> escreveu:
>
> Iran,
>
> O que você está tentando fazer??... poderia me dizer o que você quer
> fazer exatamente... liberar de onde para onde?
>
> source -> destination
>
> On 6/8/07, Iran Lima <openbsd.iran em gmail.com> wrote:
> >
> >
> > Caros amigos do openbsd, estou precisando de ajuda no PF.CONF, não sou
> muito
> > bom, ainda, no pf.conf mais com ajuda de vocês tenho certeza que vou
> chegar
> > lá
> >
> > Bom vamos ao problemas, tenho uma maquina Pentium 3 com 128Mb de Ram e
> HD de
> > 20GB instalei o openbsd 4.0 puro, depois o squid 2.6 stable 12, tudo ok,
> > agora estou precisando liberar na minha rede interna o outlook express e
> o
> > incredimail que usa as portas smtp(25, 465), pop3(110, 995) coloque as
> > seguintes regras no pf.conf
> >
> > ######## INICIO
> >
> > # MACROS
> > ext_if="rl0" # 192.168.0.254 internet
> > int_if="rl1" # 10.0.0.1 rede local
> >
> > ###############
> > set loginterface $ext_if
> > set skip on lo0
> >
> > ##############
> > scrub in all
> >
> > ######## NAT
> > nat on $ext_if from !($ext_if) -> ($ext_if)
> >
> > ######## SQUID
> > rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port
> > 3128
> > pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep
> state
> > pass out on $ext_if inet proto tcp from any to any port www keep state
> >
> >
> >
> > antispoof quick for $int_if inet
> >
> > ### Loopback
> > pass out quick on lo0 from any to any
> > pass in quick on lo0 from any to any
> >
> >
> > ### Rede Local
> > pass out quick on $int_if from any to any keep state
> > pass in quick on $int_if from any to any keep state
> >
> > pass out quick on $ext_if from any to any keep state
> > pass in log quick on $ext_if inet proto tcp from any to any port 50000
> flags
> > S/SA keep state
> >
> > ######### Fim
> >
> > O squid funciona que é uma beleza mais o outlook e o incredmail tá
> difícil,
> > agradeço a ajuda de todos e o tempo - muito obrigado
> >
> >
> > ####### MAIS INFORMAÇÕES
> >
> > # pfctl -sn
> > nat on rl0 from ! (rl0) to any -> (rl0) round-robin
> > rdr on rl1 inet proto tcp from any to any port = www -> 127.0.0.1 port
> 3128
> >
> > # pfctl -sr
> > scrub in all fragment reassemble
> > pass in on rl1 inet proto tcp from any to 127.0.0.1 port = 3128 keep
> state
> > pass out on rl0 inet proto tcp from any to any port = www keep state
> > block drop in quick on ! rl1 inet from 10.0.0.0/24 to any
> > block drop in quick inet from 10.0.0.1 to any
> > pass out quick on lo0 all
> > pass in quick on lo0 all
> > pass out quick on rl1 all keep state
> > pass in quick on rl1 all keep state
> > pass out quick on rl0 all keep state
> > pass in log quick on rl0 inet proto tcp from any to any port = 50000
> flags
> > S/SA keep state
> >
> > # ps aux | grep squid
> > root 26082 0.0 0.0 1104 4 ?? IWs 7:35AM 0:00.05
> > /usr/local/squid/sbin/squid
> > nobody 894 0.0 10.8 5352 3476 ?? S 7:35AM 0:11.53(squid)
> > (squid)
> > root 4519 0.0 1.0 336 312 p1 R+ 8:31AM 0:00.12 grep
> squid
> >
> > ######### ALGUMAS TENTATIVAS
> >
> > ###### INICIO 01
> > ext_if="rl0" # 192.168.0.254
> > int_if="rl1" # 10.0.0.1
> >
> >
> > tcp_services="{ 21, 25, 110, 465, 995 }"
> > udpports="{ domain }"
> > # icmp_types="echoreq"
> >
> > ########
> > set optimization aggressive
> >
> > #############
> > scrub in
> >
> > ######## NAT
> > nat on $ext_if from !($ext_if) -> ($ext_if)
> >
> > ######## SQUID
> > rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port
> > 3128
> > #rdr on $int_if proto tcp from any to any port 25 -> 127.0.0.1 port 8025
> > #rdr on $int_if proto tcp from any to any port 110 -> 127.0.0.1 port
> 8110
> >
> > rdr on $int_if inet proto tcp from any to any port 25 -> 127.0.0.1 port
> 8025
> > rdr on $int_if inet proto tcp from any to any port 110 -> 127.0.0.1 port
> > 8110
> >
> > pass in quick on lo0 all
> > pass out quick on lo0 all
> >
> > pass in quick on $int_if all
> > pass out quick on $int_if all
> >
> > pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep
> state
> > pass out on $ext_if inet proto tcp from any to any port www keep state
> >
> > pass in on $int_if inet proto tcp from any to 127.0.0.1 port 8025 keep
> state
> > pass out on $ext_if inet proto tcp from any to any port smtp keep state
> >
> > pass in on $int_if inet proto tcp from any to 127.0.0.1 port 8110 keep
> state
> > pass out on $ext_if inet proto tcp from any to any port pop3 keep state
> >
> > pass in on $ext_if inet proto tcp from any to $int_if port $tcp_services
> > flags S/SA keep state
> > pass in on $ext_if inet proto tcp from any to $int_if port $udpports
> flags
> > S/SA keep state
> > pass in on $int_if inet proto tcp from any to $ext_if port $tcp_services
> > flags S/SA keep state
> > pass in on $int_if inet proto tcp from any to $ext_if port $udpports
> flags
> > S/SA keep state
> > pass out on $int_if proto tcp from $ext_if to any flags S/S keep state
> > pass out on $int_if proto udp from $ext_if to any keep state
> >
> > pass out on $ext_if proto tcp from $ext_if to any flags S/S keep state
> > pass out on $ext_if proto udp from $ext_if to any keep state
> >
> > ############################ FIM 01
> >
> >
> >
> > ################## INICIO 02
> > ext_if="rl0" # 192.168.0.254
> > int_if="rl1" # 10.0.0.1
> >
> >
> > ######### email
> > tcp_pass = { ftp ssh smtp domain http pop3 }
> > udp_pass = { domain ntp }
> >
> > ########
> > set optimization aggressive
> >
> > #############
> > scrub in
> >
> > ######## NAT
> > nat on $ext_if from !($ext_if) -> ($ext_if)
> >
> >
> > ######## SQUID
> > rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port
> > 3128
> > pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep
> state
> > pass out on $ext_if inet proto tcp from any to any port www keep state
> >
> >
> > antispoof for { rl0, rl1 } inet
> >
> > pass out on { rl0, rl1 } proto tcp to any port $tcp_pass
> > pass out on { rl0, rl1 } proto udp to any port $udp_pass
> >
> >
> > pass out on $ext_if inet proto tcp all flags S/SA keep state
> > pass out on $ext_if inet proto { udp, icmp } all keep state
> >
> > pass in on $ext_if proto tcp from any to $int_if port = www keep state
> > pass in on $ext_if proto tcp from any to $int_if port = smtp keep state
> > pass in on $ext_if proto tcp from any to $int_if port = pop3 keep state
> >
> >
> > ############################ FIM 02
> >
> > todas as tentativas acima foram sem sucesso
> >
> >
> > Iran Lima
> > aprendiz do openbsd
> >
> >
> > _______________________________________________
> > OpenBSD mailing list
> > OpenBSD em openbsd-br.org
> > http://listas.openbsd-br.org/mailman/listinfo/openbsd
> >
> >
> _______________________________________________
> OpenBSD mailing list
> OpenBSD em openbsd-br.org
> http://listas.openbsd-br.org/mailman/listinfo/openbsd
>
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.openbsd-br.org/pipermail/openbsd/attachments/20070608/13315b27/attachment-0001.html
Mais detalhes sobre a lista de discussão Openbsd