[bsd] Obsd nat

• Previous message: Sinan-Listeler: "[bsd] Re: CVSUP"
• Next in thread: Serhat Umar: "[bsd] Re: Obsd nat"

Merhabalar

 su sekilde bi makina var
 

 root@uniwall:~ > ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
lo1: flags=8008<LOOPBACK,MULTICAST> mtu 33224
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:00:21:d0:ee:3b
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 10.10.1.250 netmask 0xffffff00 broadcast 10.10.1.255
        inet6 fe80::200:21ff:fed0:ee3b%rl0 prefixlen 64 scopeid 0x1
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:02:44:07:25:01
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 155.223.206.19 netmask 0xfffffe00 broadcast 155.223.207.255
        inet6 fe80::202:44ff:fe07:2501%rl1 prefixlen 64 scopeid 0x2
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=0<> mtu 2020
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
tun0: flags=10<POINTOPOINT> mtu 3000
tun1: flags=10<POINTOPOINT> mtu 3000
enc0: flags=0<> mtu 1536
bridge0: flags=0<> mtu 1500
bridge1: flags=0<> mtu 1500
vlan0: flags=0<> mtu 1500
        address: 00:00:00:00:00:00
vlan1: flags=0<> mtu 1500
        address: 00:00:00:00:00:00
gre0: flags=9010<POINTOPOINT,LINK0,MULTICAST> mtu 1450
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
<-- you are on uniwall.unipa.com (OpenBSD 3.3 GENERIC#44) -->
root@uniwall:~ >

root@uniwall:~ > cat /etc/nat.conf
# Apply NAT to external firewall interface for our RFC1918 network
nat on rl1 from 10.10.1.0/24 to any -> rl1

# Redirect HTTP requests to our web server
rdr on rl1 proto tcp from any to 0.0.0.0/0 port ftp -> 10.10.1.3 port ftp
<-- you are on uniwall.unipa.com (OpenBSD 3.3 GENERIC#44) -->
root@uniwall:~ >

 etc/pf.conf

EXTETH = "rl1"
INTETH = "rl0"

### MAIN ###

# Block all incoming packets on the external interface, and log them.
block in log on $EXTETH all

# Allow any incoming and outgoing packets on the internal interface.
pass in quick on $INTETH all
pass out quick on $INTETH all

### SPOOFING/IPOPTS ###

# Prevent general spoofing of RFC1918 blocks
block in log quick on $EXTETH from 127.0.0.0/8 to any
block in log quick on $EXTETH from 192.168.0.0/16 to any
block in log quick on $EXTETH from 172.16.0.0/12 to any
#block in log quick on $EXTETH from 10.0.0.0/8 to any

# Prevent general spoofing of other non-routable blocks
block in log quick on $EXTETH from 1.0.0.0/8 to any
block in log quick on $EXTETH from 2.0.0.0/8 to any
block in log quick on $EXTETH from 192.0.2.0/24 to any
block in log quick on $EXTETH from 224.0.0.0/3 to any

### ESTABLISHED/GENERAL ###

# Allow incoming UDP/TCP/ICMP connections that are established,
# the out rule adds incoming state matching
pass out quick on $EXTETH proto tcp from any to any keep state
pass out quick on $EXTETH proto udp from any to any keep state
pass out quick on $EXTETH proto icmp from any to any keep state

### UDP/TCP REJECTS ###

# Return tcp RST for blocked TCP connections
block return-rst in log on $EXTETH proto tcp from any to any flags S/SA

# Return ICMP net-unreachable for blocked UDP packets
block return-icmp(filter-prohib) in log on $EXTETH proto udp all

<-- you are on uniwall.unipa.com (OpenBSD 3.3 GENERIC#44) -->
root@uniwall:~ >

Bu makine bu durumda nat yapmiyor
Netteki bi kac dokumanda okudugum kadari ile sadece bu dosyalari bu sekilde
editleyip reboot etmemin yetecegi yaziyordu
Cevaplar icin simdiden tesekkurler

 
 - Vasfi UYSAL

• Previous message: Sinan-Listeler: "[bsd] Re: CVSUP"
• Next in thread: Serhat Umar: "[bsd] Re: Obsd nat"