OpenForum RSS: PF + �� DMZ...

PF + �� DMZ... (salimk)

Mon, 07 Apr 2014 17:41:05 GMT

int_if="bge0" # �� , �� 192.168.0.254 192.168.0.0/24
dmz_if="bge1" # DMZ ��, �� 10.0.1.254
ext_if1="bge3" # �� , �� XXX.XXX.XXX.XXX

int_net="192.168.0.0/24"
dmz_net="10.0.0.0/24"

mail_server="10.0.1.235"

nat on $ext_if1 inet from { $int_net, $dmz_net } \
to { !$int_net, !$dmz_net } -> ($ext_if1)

nat on $dmz_if inet from $int_net to $dmz_net -> ($dmz_if)

rdr on $ext_if1 inet proto tcp from any to $ext_if1 port 25 -> $mail_server port 25
rdr on $ext_if1 inet proto tcp from any to $ext_if1 port 465 -> $mail_server port 465
rdr on $ext_if1 inet proto tcp from any to $ext_if1 port 993 -> $mail_server port 993
rdr on $ext_if1 inet proto tcp from any to $ext_if1 port 995 -> $mail_server port 995

block in log from any to any
block out log from any to any

pass out on $int_if proto tcp from any to any flags S/SA modulate state
pass out on $int_if proto { udp, icmp } from any to any keep state

pass out on $ext_if1 pr

PF + �� DMZ... (mishanya)

Sun, 17 Aug 2008 12:16:35 GMT

>�� , �� ...

http://house.hcn-strela.ru/BSDCert/BSDA-course/apcs02.html#pf-nat

��
C.2.1.6.4. ��

��, ��

PF + �� DMZ... (iTango)

Tue, 15 Apr 2008 09:55:27 GMT

>�� 10.10.10.10/24 �� .
>
>�� !

�� - ��...

10.10.10.0/24

PF + �� DMZ... (1ight_apprentice)

Tue, 15 Apr 2008 09:44:37 GMT

�� 10.10.10.10/24 �� .

�� !

PF + �� DMZ... (iTango)

Tue, 15 Apr 2008 09:03:13 GMT

>...��!!!

�� , �� DMZ � �� PF?.. � �� , �� , �� ... :(((

PF + �� DMZ... (iTango)

Tue, 15 Apr 2008 07:50:49 GMT

>[�� ]
>
>...
>
>��
>�� , � pftop ��
>� �� :
>
>In 10.0.0.2:1924
> 10.10.10.123:110
> CLOSED:SYN_SENT

��:

rdr on $int_if proto tcp from any to $mail_server port 8110 -> 10.10.10.123 port 110

��:

pass in quick on $int_if from $office_net to $vir_net

��

pass in quick on $int_if from $office_net to $vir_net flags S/SA synproxy state

...� �� (�� , �� ...), � pftop ��:

tcp In 10.0.0.2:3091 10.10.10.123:110 PROXY:DST

...��!!!

PF + �� DMZ... (iTango)

Tue, 15 Apr 2008 06:42:58 GMT

>>>>��?
>>>>nat on $vir_if from $office_net to $vir_net -> ($vir_if)
>>>
>>>�� !.. :(
>>
>>� ��
>>pass in quick on $local_if from $local_net to $dmz_net
>
>��, ��

�� :

office_net="10.0.0.0/24" # local
vir_net="10.10.10.0/24" # DMZ

mail_server = "10.10.10.123"

...

# mail
rdr on $int_if proto tcp from any to $mail_server port 8110 -> 10.10.10.123 port 110

...

pass in quick on $int_if from $office_net to $vir_net

...

�� , � pftop �� :

In 10.0.0.2:1924 10.10.10.123:110 CLOSED:SYN_SENT

PF + �� DMZ... (vg)

Tue, 15 Apr 2008 06:16:38 GMT

>>>��?
>>>nat on $vir_if from $office_net to $vir_net -> ($vir_if)
>>
>>�� !.. :(
>
>� ��
>pass in quick on $local_if from $local_net to $dmz_net

��, ��

PF + �� DMZ... (EL)

Tue, 15 Apr 2008 05:37:45 GMT

>>��?
>>nat on $vir_if from $office_net to $vir_net -> ($vir_if)
>
>�� !.. :(

� ��
pass in quick on $local_if from $local_net to $dmz_net

OpenForum RSS: PF + �������� ������ � DMZ...

PF + �������� ������ � DMZ... (salimk)

PF + �������� ������ � DMZ... (mishanya)

PF + �������� ������ � DMZ... (iTango)

PF + �������� ������ � DMZ... (1ight_apprentice)

PF + �������� ������ � DMZ... (iTango)

PF + �������� ������ � DMZ... (iTango)

PF + �������� ������ � DMZ... (iTango)

PF + �������� ������ � DMZ... (vg)

PF + �������� ������ � DMZ... (EL)

OpenForum RSS: PF + �� DMZ...

PF + �� DMZ... (salimk)

PF + �� DMZ... (mishanya)

PF + �� DMZ... (iTango)

PF + �� DMZ... (1ight_apprentice)

PF + �� DMZ... (iTango)

PF + �� DMZ... (iTango)

PF + �� DMZ... (iTango)

PF + �� DMZ... (vg)

PF + �� DMZ... (EL)