From: Vasfi UYSAL (vasfi@med.ege.edu.tr)
Date: Tue 13 May 2003 - 15:43:35 EEST
Merhabalar
su sekilde bi makina var
root@uniwall:~ > ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
lo1: flags=8008<LOOPBACK,MULTICAST> mtu 33224
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:00:21:d0:ee:3b
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 10.10.1.250 netmask 0xffffff00 broadcast 10.10.1.255
inet6 fe80::200:21ff:fed0:ee3b%rl0 prefixlen 64 scopeid 0x1
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:02:44:07:25:01
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 155.223.206.19 netmask 0xfffffe00 broadcast 155.223.207.255
inet6 fe80::202:44ff:fe07:2501%rl1 prefixlen 64 scopeid 0x2
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=0<> mtu 2020
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
tun0: flags=10<POINTOPOINT> mtu 3000
tun1: flags=10<POINTOPOINT> mtu 3000
enc0: flags=0<> mtu 1536
bridge0: flags=0<> mtu 1500
bridge1: flags=0<> mtu 1500
vlan0: flags=0<> mtu 1500
address: 00:00:00:00:00:00
vlan1: flags=0<> mtu 1500
address: 00:00:00:00:00:00
gre0: flags=9010<POINTOPOINT,LINK0,MULTICAST> mtu 1450
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
<-- you are on uniwall.unipa.com (OpenBSD 3.3 GENERIC#44) -->
root@uniwall:~ >
root@uniwall:~ > cat /etc/nat.conf
# Apply NAT to external firewall interface for our RFC1918 network
nat on rl1 from 10.10.1.0/24 to any -> rl1
# Redirect HTTP requests to our web server
rdr on rl1 proto tcp from any to 0.0.0.0/0 port ftp -> 10.10.1.3 port ftp
<-- you are on uniwall.unipa.com (OpenBSD 3.3 GENERIC#44) -->
root@uniwall:~ >
etc/pf.conf
EXTETH = "rl1"
INTETH = "rl0"
### MAIN ###
# Block all incoming packets on the external interface, and log them.
block in log on $EXTETH all
# Allow any incoming and outgoing packets on the internal interface.
pass in quick on $INTETH all
pass out quick on $INTETH all
### SPOOFING/IPOPTS ###
# Prevent general spoofing of RFC1918 blocks
block in log quick on $EXTETH from 127.0.0.0/8 to any
block in log quick on $EXTETH from 192.168.0.0/16 to any
block in log quick on $EXTETH from 172.16.0.0/12 to any
#block in log quick on $EXTETH from 10.0.0.0/8 to any
# Prevent general spoofing of other non-routable blocks
block in log quick on $EXTETH from 1.0.0.0/8 to any
block in log quick on $EXTETH from 2.0.0.0/8 to any
block in log quick on $EXTETH from 192.0.2.0/24 to any
block in log quick on $EXTETH from 224.0.0.0/3 to any
### ESTABLISHED/GENERAL ###
# Allow incoming UDP/TCP/ICMP connections that are established,
# the out rule adds incoming state matching
pass out quick on $EXTETH proto tcp from any to any keep state
pass out quick on $EXTETH proto udp from any to any keep state
pass out quick on $EXTETH proto icmp from any to any keep state
### UDP/TCP REJECTS ###
# Return tcp RST for blocked TCP connections
block return-rst in log on $EXTETH proto tcp from any to any flags S/SA
# Return ICMP net-unreachable for blocked UDP packets
block return-icmp(filter-prohib) in log on $EXTETH proto udp all
<-- you are on uniwall.unipa.com (OpenBSD 3.3 GENERIC#44) -->
root@uniwall:~ >
Bu makine bu durumda nat yapmiyor
Netteki bi kac dokumanda okudugum kadari ile sadece bu dosyalari bu sekilde
editleyip reboot etmemin yetecegi yaziyordu
Cevaplar icin simdiden tesekkurler
- Vasfi UYSAL