|
ru.unix.bsd
- RU.UNIX.BSD ------------------------------------------------------------------
From : Alexander Korolev 2:5030/537.20 31 Oct 2005 17:26:41
To : All
Subject : Редирект портов в локалку
--------------------------------------------------------------------------------
Я пока новичок во FreeBSD.
Имеется сервер на FreeBSD и машинка с почтовым сервером в локальной сети.
Требуется настроить редирект приходящей почты из Инета на внутренний
сервер локальной сети через FreeBSD.
Hастроил вроде все, но не работает.
Из локальной сети обращаясь на внешний IP FreeBSD по 25 и 110 портам, все
редиректиться как надо, а вот из вне никак. Порты 25 и 110 на FreeBSD разрешены
на
вход.
Что я делаю не так.
rc.conf
---------------------------------------------------------
firewall_enable="YES"
firewall_type="Simple"
gateway_enable="YES"
hostname="мой_домен"
inetd_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-f /etc/natd.conf"
ifconfig_rl0="inet мой_внешний_IP netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.0.2 netmask 255.255.255.0"
defaultrouter="шлюз_прова"
---------------------------------------------------------
natd.conf
--------------------------------------
use_sockets yes
same_ports yes
unregistered_only yes
redirect_port tcp 192.168.0.1:25 25
redirect_port tcp 192.168.0.1:110 110
--------------------------------------
rc.firewall
------------------------------------------------------------------------
# set these to your outside interface network and netmask and ip
oif="rl0"
onet="внешняя_сеть"
omask="255.255.255.240"
oip="мой_внешний_ip"
# set these to your inside interface network and netmask and ip
iif="rl1"
inet="192.168.0.0"
imask="255.255.255.240"
iip="192.168.0.2"
setup_loopback
# Redirect for mailserver
${fwcmd} add 10 divert natd tcp from any 25 to any
${fwcmd} add 11 divert natd tcp from any to any 25
${fwcmd} add 12 divert natd tcp from any 110 to any
${fwcmd} add 13 divert natd tcp from any to any 110
# Stop spoofing
${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif}
${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif}
# Stop RFC1918 nets on the outside interface
${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif}
${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}
# Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
# DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
# on the outside interface
${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif}
${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif}
${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif}
${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif}
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add divert natd all from any to any via ${natd_interface}
fi
;;
esac
# Stop RFC1918 nets on the outside interface
${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif}
${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}
# Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
# DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
# on the outside interface
${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}
${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif}
${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif}
${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif}
${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif}
# Allow TCP through if setup succeeded
${fwcmd} add pass tcp from any to any established
# Allow IP fragments to pass through
${fwcmd} add pass all from any to any frag
# Allow setup of incoming email
${fwcmd} add pass tcp from any to any 25
${fwcmd} add pass tcp from any to any 110
# Allow access to our DNS
${fwcmd} add pass tcp from any to ${oip} 53 setup
${fwcmd} add pass udp from any to ${oip} 53
${fwcmd} add pass udp from ${oip} 53 to any
# Reject&Log all setup of incoming connections from the outside
${fwcmd} add deny log tcp from any to any in via ${oif} setup
# Allow setup of any other TCP connection
${fwcmd} add pass tcp from any to any setup
# Allow DNS queries out in the world
${fwcmd} add pass udp from ${oip} to any 53 keep-state
# Allow NTP queries out in the world
${fwcmd} add pass udp from ${oip} to any 123 keep-state
;;
------------------------------------------------------------------------
До свидания.
Александр.
---
* Origin: (2:5030/537.20)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
|
