Помогите новичку сделать проброску порта.
имеем раутер на FreeBSD, который достался по наследству.
интерфейс rl0 смотрит в локалку 192.168.20.0 (фирма1), rl1 смотрит в инет и rl2 - 192.168.10.0 (фирма 2).
Есть такой конфиг:
my_tcp_services = "25 50 53 110 500 1723 3128 48000"
my_udp_services = "53"
tcp_inet_services = "25 53 110 48000"
udp_inet_services = "53"
bad_tcp_services = "135,137,138,139,445"
bad_udp_services = "135,137,138,139,445"scrub in all
nat on rl1 from rl2:network to any -> rl1
pass in quick on lo0
pass out quick on lo0
block in quick from no-route to any
antispoof quick for lo0
pass in quick proto tcp from any to self port = 22 flags S/SA keep state
block in quick proto tcp from any to any port {$bad_tcp_services}
block in quick proto udp from any to any port {$bad_udp_services}
block log all
pass in on rl2 from rl2:network to ! self keep state
pass in on rl0 from rl0:network to ! self keep state
pass in on rl2 proto tcp from rl2:network to self port {$my_tcp_services} flags S/SA keep state
pass in on rl2 proto udp from rl2:network to self port {$my_udp_services} keep state
pass in on rl0 proto tcp from rl0:network to self port {$my_tcp_services} flags S/SA keep state
pass in on rl0 proto udp from rl0:network to self port {$my_udp_services} keep state
pass in proto icmp from any to self keep state
pass in on rl1 proto tcp from any to self port {$tcp_inet_services} flags S/SA keep state
pass in on rl1 proto udp from any to self port {$udp_inet_services} keep state
pass out on rl2 from self to any keep state
pass out on rl0 from self to any keep state
pass out on rl1 from {self rl2:network} to any keep state
Подскажите какие изменения нужно внести, чтобы сделсть из инета редирект порта 3389 (MS RDP) на тачку в локалке с ip 192.168.10.34
Вариант для распечатки
Информационная безопасность (Public)
(ok) on 19-Сен-06, 14:23 
