OpenForum RSS: �� Freebsd 10 ipfw + Squid + Sams2

�� Freebsd 10 ipfw + Squid + Sams2 (��)

Fri, 27 Mar 2015 08:30:14 GMT

>[�� ]
>> /sbin/ipfw add 65500 deny all from any to any
> � �� 03000, ��
> � ��?
> 03000 0 0 deny log logamount
> 1000 ip from any to any
> �� .
> �� ?
> ${ipfw} add 02000 allow tcp from $�� to any 80, 21,
> 25, 53 keep-state
> ${ipfw} add 03000 deny ip from any to any

�� ,
�� allow,
{ipfw} add allow tcp from any to any established
{ipfw} add allow tcp from 192.168.0.0/25 to any 25,80,110,143,443,465,993,995
�� .... add 03000 deny ip from any to any

�� ))))

�� Freebsd 10 ipfw + Squid + Sams2 (kmm)

Fri, 27 Mar 2015 05:45:43 GMT

>> �� , �� , � ��
>> �� http, https, imap, smtp, pop3.
> /sbin/ipfw add 65500 deny all from any to any

� �� 03000, �� ?
03000 0 0 deny log logamount 1000 ip from any to any

�� .

�� ?
${ipfw} add 02000 allow tcp from $�� to any 80, 21, 25, 53 keep-state
${ipfw} add 03000 deny ip from any to any

�� Freebsd 10 ipfw + Squid + Sams2 (��)

Fri, 27 Mar 2015 05:41:27 GMT

>> � �� ....
>> �� 4 �� root...
>> /sbin/ipfw table 100 add 192.168.0.0/25
>> /sbin/ipfw nat 100 config if em1 log reset same_ports unreg_only
>> /sbin/ipfw add 00350 nat 100 all from table$100$ to any out via
>> em1
>> /sbin/ipfw add 00351 nat 100 all from any to 193.94.78.150 in via
>> em1
> �� , �� , � ��
> �� http, https, imap, smtp, pop3.

/sbin/ipfw add 65500 deny all from any to any

�� Freebsd 10 ipfw + Squid + Sams2 (kmm)

Fri, 27 Mar 2015 03:22:51 GMT

> � �� ....
> �� 4 �� root...
> /sbin/ipfw table 100 add 192.168.0.0/25
> /sbin/ipfw nat 100 config if em1 log reset same_ports unreg_only
> /sbin/ipfw add 00350 nat 100 all from table$100$ to any out via
> em1
> /sbin/ipfw add 00351 nat 100 all from any to 193.94.78.150 in via
> em1

�� , �� , � �� http, https, imap, smtp, pop3.

�� Freebsd 10 ipfw + Squid + Sams2 (��)

Thu, 26 Mar 2015 13:02:55 GMT

>[�� ]
> 00010 check-state
> 00100 allow ip from any to any via lo0
> 00200 deny ip from any to 127.0.0.0/8
> 00300 deny ip from 127.0.0.0/8 to any
> 00700 allow tcp from any to any established
> 00710 allow ip from 193.94.78.154 to any out xmit em1
> 00750 allow tcp from any to any dst-port 443 out via em1
> setup keep-state
> 00800 allow tcp from any to any dst-port 22 via em0 setup
> keep-state

� �� ....
�� 4 �� root...
/sbin/ipfw table 100 add 192.168.0.0/25
/sbin/ipfw nat 100 config if em1 log reset same_ports unreg_only
/sbin/ipfw add 00350 nat 100 all from table$100$ to any out via em1
/sbin/ipfw add 00351 nat 100 all from any to 193.94.78.150 in via em1

>[�� ]
> 01560 allow tcp from any 465 to any via em1
> 01570 allow tcp from any to any dst-port 143 via em1
> 01580 allow tcp from any 143 to any via em1
> 01600 deny icmp from any to any in via em1
> 01610 deny tcp from any t

�� Freebsd 10 ipfw + Squid + Sams2 (kmm)

Thu, 26 Mar 2015 06:55:16 GMT

>> ��.
> �� ipfw list, netstat -antu

root@guest:/etc # netstat -n
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 193.94.78.154.43241 217.69.136.175.80 ESTABLISHED
tcp4 0 0 193.94.78.154.26744 217.69.136.175.80 ESTABLISHED
tcp4 0 0 193.94.78.154.46969 217.69.136.175.80 ESTABLISHED
tcp4 0 0 193.94.78.154.26411 217.69.136.175.80 ESTABLISHED
tcp4 0 0 193.94.78.154.21130 68.232.35.121.80 ESTABLISHED
tcp4 0 0 192.168.0.249.3128 192.168.0.78.3930 ESTABLISHED
tcp4 0 0 193.94.78.154.13742 68.232.35.121.80 ESTABLISHED
tcp4 0 0 192.168.0.249.3128 192.168.0.78.3928 ESTABLISHED
tcp4 0 0 193.94.78.154.13668 77.234.201.242.80 ESTABLISHED
tcp4 0 0 193.94.78.154.65231 77.234.201.242.80 ESTABLISHED
tcp4 0 0 193.94.78.154.42579 217.69.13

�� Freebsd 10 ipfw + Squid + Sams2 (kmm)

Thu, 26 Mar 2015 06:51:52 GMT

>> ��.
> �� ipfw list, netstat -antu

root@guest:/etc # netstat -a
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 guest.44003 topf8.l.smailru..http ESTABLISHED
tcp4 0 0 guest.26969 topf8.l.smailru..http ESTABLISHED
tcp4 0 0 guest.3128 192.168.0.78.3915 ESTABLISHED
tcp4 0 0 guest.3128 192.168.0.78.3913 ESTABLISHED
tcp4 0 0 guest.22832 top-fwz1.mail.ru.http ESTABLISHED
tcp4 0 0 guest.18527 top-fwz1.mail.ru.http ESTABLISHED
tcp4 0 0 guest.3128 192.168.0.78.3911 ESTABLISHED
tcp4 0 0 guest.3128 192.168.0.78.3910 ESTABLISHED
tcp4 0 0 guest.3128 192.168.0.78.3908 ESTABLISHED
tcp4 0 0 guest.3128 192.168.0.78.3905 ESTABLISHED
tcp4 0 0 gue

�� Freebsd 10 ipfw + Squid + Sams2 (kmm)

Thu, 26 Mar 2015 06:49:14 GMT

>> ��.
> �� ipfw list, netstat -antu

root@guest:/etc # ipfw list
00010 check-state
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00700 allow tcp from any to any established
00710 allow ip from 193.94.78.154 to any out xmit em1
00750 allow tcp from any to any dst-port 443 out via em1 setup keep-state
00800 allow tcp from any to any dst-port 22 via em0 setup keep-state
00900 allow udp from any to any dst-port 53 via em1
01000 allow udp from any 53 to any via em1
01100 allow tcp from any to any dst-port 80 via em0
01110 allow tcp from any to any dst-port 25 out via em1
01120 allow tcp from any to any dst-port 110 out via em1
01200 allow icmp from any to any icmptypes 0,8,11
01300 allow tcp from any to any via em0
01400 allow udp from any to any via em0
01500 allow icmp from any to any via em0
01510 allow tcp from any to any dst-port 993 via em1
01520 allow tcp from any 993 to any via em1
01530 allow tcp f

�� Freebsd 10 ipfw + Squid + Sams2 (��)

Thu, 26 Mar 2015 05:32:32 GMT

> ��.

�� ipfw list, netstat -antu

>[�� ]
> $cmd 1550 allow tcp from any to any 465 via $ext
> $cmd 1560 allow tcp from any 465 to any via $ext
> $cmd 1570 allow tcp from any to any 143 via $ext
> $cmd 1580 allow tcp from any 143 to any via $ext
> $cmd 1600 deny icmp from any to any in via $ext
> $cmd 1610 deny tcp from any to any 137 in via $ext
> $cmd 1620 deny tcp from any to any 138 in via $ext
> $cmd 1610 deny tcp from any to any 139 in via $ext
> $cmd 1610 deny tcp from any to any 81 in via $ext
> $cmd 3000 deny log logamount 1000 ip from any to any

OpenForum RSS: ��� ������� ����� ��� Freebsd 10 ipfw + Squid + Sams2

��� ������� ����� ��� Freebsd 10 ipfw + Squid + Sams2 (�����)

��� ������� ����� ��� Freebsd 10 ipfw + Squid + Sams2 (kmm)

��� ������� ����� ��� Freebsd 10 ipfw + Squid + Sams2 (�����)

��� ������� ����� ��� Freebsd 10 ipfw + Squid + Sams2 (kmm)

��� ������� ����� ��� Freebsd 10 ipfw + Squid + Sams2 (�����)

��� ������� ����� ��� Freebsd 10 ipfw + Squid + Sams2 (kmm)

��� ������� ����� ��� Freebsd 10 ipfw + Squid + Sams2 (kmm)

��� ������� ����� ��� Freebsd 10 ipfw + Squid + Sams2 (kmm)

��� ������� ����� ��� Freebsd 10 ipfw + Squid + Sams2 (�����)

OpenForum RSS: �� Freebsd 10 ipfw + Squid + Sams2

�� Freebsd 10 ipfw + Squid + Sams2 (��)

�� Freebsd 10 ipfw + Squid + Sams2 (kmm)

�� Freebsd 10 ipfw + Squid + Sams2 (��)

�� Freebsd 10 ipfw + Squid + Sams2 (kmm)

�� Freebsd 10 ipfw + Squid + Sams2 (��)

�� Freebsd 10 ipfw + Squid + Sams2 (kmm)

�� Freebsd 10 ipfw + Squid + Sams2 (kmm)

�� Freebsd 10 ipfw + Squid + Sams2 (kmm)

�� Freebsd 10 ipfw + Squid + Sams2 (��)