[OpenBSD-BR] pf.conf - ajuda por favor - urgente
Iran Lima
openbsd.iran em gmail.com
Sexta Junho 8 21:09:36 BRT 2007
seria assim
ext_if="rl0" #PLACA DE REDE EXTERNA #192.168.0.254
int_if="fxp0" #PLACA DE REDE INTERNA #10.0.0.1
#### para saida
nat on $inf_if from !($inf_if ) to any -> $inf_if
######## para entrada
nat on $ext_if from !($ext_if) to any -> $ext_if
Em 08/06/07, Vagner Gonçalves<vagner em vrvinfo.com.br> escreveu:
> Iran Lima escreveu:
> > obrigrado fabio por ter lido e respondido meu email , bom estou
> > tentando liberar o outlook express e o incredimail da minha rede
> > interna que é 10.0.0.x para internet que é 192.168.0.x, lembrando que
> > já consigo navegar e o squid já esta funcionando, veja no email anterior
> >
> > source -> destination
> > 10.0.0.x ->192.168.0.X
> > rl0 -> fxp0
> >
> >
> > se você pode me ajuda ficarei muito grato
> >
> > Atenciosamente
> >
> > Iran Lima
> > aprendiz de openbsd
> >
> >
> >
> > Em 08/06/07, *Fabio Sbano* <fsbano em gmail.com
> > <mailto:fsbano em gmail.com>> escreveu:
> >
> > Iran,
> >
> > O que você está tentando fazer??... poderia me dizer o que você quer
> > fazer exatamente... liberar de onde para onde?
> >
> > source -> destination
> >
> > On 6/8/07, Iran Lima <openbsd.iran em gmail.com
> > <mailto:openbsd.iran em gmail.com>> wrote:
> > >
> > >
> > > Caros amigos do openbsd, estou precisando de ajuda no PF.CONF,
> > não sou muito
> > > bom, ainda, no pf.conf mais com ajuda de vocês tenho certeza que
> > vou chegar
> > > lá
> > >
> > > Bom vamos ao problemas, tenho uma maquina Pentium 3 com 128Mb de
> > Ram e HD de
> > > 20GB instalei o openbsd 4.0 puro, depois o squid 2.6 stable 12,
> > tudo ok,
> > > agora estou precisando liberar na minha rede interna o outlook
> > express e o
> > > incredimail que usa as portas smtp(25, 465), pop3(110, 995)
> > coloque as
> > > seguintes regras no pf.conf
> > >
> > > ######## INICIO
> > >
> > > # MACROS
> > > ext_if="rl0" # 192.168.0.254 <http://192.168.0.254> internet
> > > int_if="rl1" # 10.0.0.1 <http://10.0.0.1> rede local
> > >
> > > ###############
> > > set loginterface $ext_if
> > > set skip on lo0
> > >
> > > ##############
> > > scrub in all
> > >
> > > ######## NAT
> > > nat on $ext_if from !($ext_if) -> ($ext_if)
> > >
> > > ######## SQUID
> > > rdr on $int_if inet proto tcp from any to any port www ->
> > 127.0.0.1 <http://127.0.0.1> port
> > > 3128
> > > pass in on $int_if inet proto tcp from any to 127.0.0.1
> > <http://127.0.0.1> port 3128 keep state
> > > pass out on $ext_if inet proto tcp from any to any port www keep
> > state
> > >
> > >
> > >
> > > antispoof quick for $int_if inet
> > >
> > > ### Loopback
> > > pass out quick on lo0 from any to any
> > > pass in quick on lo0 from any to any
> > >
> > >
> > > ### Rede Local
> > > pass out quick on $int_if from any to any keep state
> > > pass in quick on $int_if from any to any keep state
> > >
> > > pass out quick on $ext_if from any to any keep state
> > > pass in log quick on $ext_if inet proto tcp from any to any port
> > 50000 flags
> > > S/SA keep state
> > >
> > > ######### Fim
> > >
> > > O squid funciona que é uma beleza mais o outlook e o incredmail
> > tá difícil,
> > > agradeço a ajuda de todos e o tempo - muito obrigado
> > >
> > >
> > > ####### MAIS INFORMAÇÕES
> > >
> > > # pfctl -sn
> > > nat on rl0 from ! (rl0) to any -> (rl0) round-robin
> > > rdr on rl1 inet proto tcp from any to any port = www ->
> > 127.0.0.1 <http://127.0.0.1> port 3128
> > >
> > > # pfctl -sr
> > > scrub in all fragment reassemble
> > > pass in on rl1 inet proto tcp from any to 127.0.0.1
> > <http://127.0.0.1> port = 3128 keep state
> > > pass out on rl0 inet proto tcp from any to any port = www keep state
> > > block drop in quick on ! rl1 inet from 10.0.0.0/24
> > <http://10.0.0.0/24> to any
> > > block drop in quick inet from 10.0.0.1 <http://10.0.0.1> to any
> > > pass out quick on lo0 all
> > > pass in quick on lo0 all
> > > pass out quick on rl1 all keep state
> > > pass in quick on rl1 all keep state
> > > pass out quick on rl0 all keep state
> > > pass in log quick on rl0 inet proto tcp from any to any port =
> > 50000 flags
> > > S/SA keep state
> > >
> > > # ps aux | grep squid
> > > root 26082 0.0 0.0 1104 4 ?? IWs 7:35AM 0:00.05
> > > /usr/local/squid/sbin/squid
> > > nobody 894 0.0 10.8 5352 3476
> > ?? S 7:35AM 0:11.53 (squid)
> > > (squid)
> > > root 4519 0.0 1.0 336 312 p1 R+
> > 8:31AM 0:00.12 grep squid
> > >
> > > ######### ALGUMAS TENTATIVAS
> > >
> > > ###### INICIO 01
> > > ext_if="rl0" # 192.168.0.254 <http://192.168.0.254>
> > > int_if="rl1" # 10.0.0.1 <http://10.0.0.1>
> > >
> > >
> > > tcp_services="{ 21, 25, 110, 465, 995 }"
> > > udpports="{ domain }"
> > > # icmp_types="echoreq"
> > >
> > > ########
> > > set optimization aggressive
> > >
> > > #############
> > > scrub in
> > >
> > > ######## NAT
> > > nat on $ext_if from !($ext_if) -> ($ext_if)
> > >
> > > ######## SQUID
> > > rdr on $int_if inet proto tcp from any to any port www ->
> > 127.0.0.1 <http://127.0.0.1> port
> > > 3128
> > > #rdr on $int_if proto tcp from any to any port 25 -> 127.0.0.1
> > <http://127.0.0.1> port 8025
> > > #rdr on $int_if proto tcp from any to any port 110 -> 127.0.0.1
> > <http://127.0.0.1> port 8110
> > >
> > > rdr on $int_if inet proto tcp from any to any port 25 ->
> > 127.0.0.1 <http://127.0.0.1> port 8025
> > > rdr on $int_if inet proto tcp from any to any port 110 ->
> > 127.0.0.1 <http://127.0.0.1> port
> > > 8110
> > >
> > > pass in quick on lo0 all
> > > pass out quick on lo0 all
> > >
> > > pass in quick on $int_if all
> > > pass out quick on $int_if all
> > >
> > > pass in on $int_if inet proto tcp from any to 127.0.0.1
> > <http://127.0.0.1> port 3128 keep state
> > > pass out on $ext_if inet proto tcp from any to any port www keep
> > state
> > >
> > > pass in on $int_if inet proto tcp from any to 127.0.0.1
> > <http://127.0.0.1> port 8025 keep state
> > > pass out on $ext_if inet proto tcp from any to any port smtp
> > keep state
> > >
> > > pass in on $int_if inet proto tcp from any to 127.0.0.1
> > <http://127.0.0.1> port 8110 keep state
> > > pass out on $ext_if inet proto tcp from any to any port pop3
> > keep state
> > >
> > > pass in on $ext_if inet proto tcp from any to $int_if port
> > $tcp_services
> > > flags S/SA keep state
> > > pass in on $ext_if inet proto tcp from any to $int_if port
> > $udpports flags
> > > S/SA keep state
> > > pass in on $int_if inet proto tcp from any to $ext_if port
> > $tcp_services
> > > flags S/SA keep state
> > > pass in on $int_if inet proto tcp from any to $ext_if port
> > $udpports flags
> > > S/SA keep state
> > > pass out on $int_if proto tcp from $ext_if to any flags S/S keep
> > state
> > > pass out on $int_if proto udp from $ext_if to any keep state
> > >
> > > pass out on $ext_if proto tcp from $ext_if to any flags S/S keep
> > state
> > > pass out on $ext_if proto udp from $ext_if to any keep state
> > >
> > > ############################ FIM 01
> > >
> > >
> > >
> > > ################## INICIO 02
> > > ext_if="rl0" # 192.168.0.254 <http://192.168.0.254>
> > > int_if="rl1" # 10.0.0.1 <http://10.0.0.1>
> > >
> > >
> > > ######### email
> > > tcp_pass = { ftp ssh smtp domain http pop3 }
> > > udp_pass = { domain ntp }
> > >
> > > ########
> > > set optimization aggressive
> > >
> > > #############
> > > scrub in
> > >
> > > ######## NAT
> > > nat on $ext_if from !($ext_if) -> ($ext_if)
> > >
> > >
> > > ######## SQUID
> > > rdr on $int_if inet proto tcp from any to any port www ->
> > 127.0.0.1 <http://127.0.0.1> port
> > > 3128
> > > pass in on $int_if inet proto tcp from any to 127.0.0.1
> > <http://127.0.0.1> port 3128 keep state
> > > pass out on $ext_if inet proto tcp from any to any port www keep
> > state
> > >
> > >
> > > antispoof for { rl0, rl1 } inet
> > >
> > > pass out on { rl0, rl1 } proto tcp to any port $tcp_pass
> > > pass out on { rl0, rl1 } proto udp to any port $udp_pass
> > >
> > >
> > > pass out on $ext_if inet proto tcp all flags S/SA keep state
> > > pass out on $ext_if inet proto { udp, icmp } all keep state
> > >
> > > pass in on $ext_if proto tcp from any to $int_if port = www keep
> > state
> > > pass in on $ext_if proto tcp from any to $int_if port = smtp
> > keep state
> > > pass in on $ext_if proto tcp from any to $int_if port = pop3
> > keep state
> > >
> > >
> > > ############################ FIM 02
> > >
> > > todas as tentativas acima foram sem sucesso
> > >
> > >
> > > Iran Lima
> > > aprendiz do openbsd
> > >
> > >
> > > _______________________________________________
> > > OpenBSD mailing list
> > > OpenBSD em openbsd-br.org <mailto:OpenBSD em openbsd-br.org>
> > > http://listas.openbsd-br.org/mailman/listinfo/openbsd
> > >
> > >
> > _______________________________________________
> > OpenBSD mailing list
> > OpenBSD em openbsd-br.org <mailto:OpenBSD em openbsd-br.org>
> > http://listas.openbsd-br.org/mailman/listinfo/openbsd
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > OpenBSD mailing list
> > OpenBSD em openbsd-br.org
> >
> > http://listas.openbsd-br.org/mailman/listinfo/openbsd
> >
> Boa noite...
> Deixa eu ver se entendi...
>
> Vc quer liberar suas maquinas de sua lan para enviar e receber email´s
> na net?
>
>
> se sim, não precisa de rdr somente o nat para saida .....!
>
>
> Espero ter ajudado.
>
>
> Vagner Gonçalves (Slayer)
> _______________________________________________
> OpenBSD mailing list
> OpenBSD em openbsd-br.org
> http://listas.openbsd-br.org/mailman/listinfo/openbsd
>
Mais detalhes sobre a lista de discussão Openbsd