OverCPU
Зарегистрирован: 04.02.2007 Сообщения: 61
|
Добавлено: Пн Янв 07 2008 14:54 Заголовок сообщения: redirect_port |
|
|
Доброго времени суток. Вчера поставил FreeBSD 7.0 настроил фаервол поднял ppp... теперь необходимо понять проброс портов... Нексколько часов мучался ничего неполучилось...
Вот мои конфиги...
rc.conf:
natd_enable="YES"
natd_interface="tun0"
natd_flags="-f /etc/natd.conf"
natd_conf:
same_ports yes
use_sockets yes
dynamic yes
redirect_port tcp 10.0.0.13:6340 6340
redirect_port udp 10.0.0.13:6340 6340
rc.firewall:
#!/bin/sh -
fwcmd="/sbin/ipfw -q"
net="10.0.0.0/24"
LAN="rl0"
WAN="tun0"
users="10.0.0"
${fwcmd} -f flush
${fwcmd} add 20 divert natd ip from any to me via tun0
${fwcmd} add 100 check-state
${fwcmd} add 300 allow ip from any to any via lo
${fwcmd} add 310 allow ip from me to any keep-state via ${WAN}
${fwcmd} add 330 allow udp from me to any domain keep-state
${fwcmd} add 340 allow udp from any to me domain
${fwcmd} add 350 allow ip from me to any
${fwcmd} add 400 allow tcp from any to me http,https,ssh
${fwcmd} add 5000 divert natd ip from ${net} to any out via ${WAN}
${fwcmd} add 5100 allow ip from any to 10.0.0.13
${fwcmd} pipe 1002 config bw 64kbit/s
${fwcmd} pipe 2002 config bw 64kbit/s
${fwcmd} add 1002 pipe 1002 ip from any to ${users}.2 in via ${WAN} limit src-addr 15
${fwcmd} add 2002 pipe 2002 ip from ${users}.2 to any out via ${WAN} limit src-addr 15
${fwcmd} add 3002 allow ip from ${users}.2 to any via ${LAN}
${fwcmd} add 3002 allow ip from any to ${users}.2 via ${LAN}
${fwcmd} pipe 1003 config bw 64kbit/s
${fwcmd} pipe 2003 config bw 64kbit/s
${fwcmd} add 1003 pipe 1003 ip from any to ${users}.3 in via ${WAN} limit src-addr 15
${fwcmd} add 2003 pipe 2003 ip from ${users}.3 to any out via ${WAN} limit src-addr 15
${fwcmd} add 3003 allow ip from ${users}.3 to any via ${LAN}
${fwcmd} add 3003 allow ip from any to ${users}.3 via ${LAN}
${fwcmd} pipe 1013 config bw 2048kbit/s
${fwcmd} pipe 2013 config bw 512kbit/s
${fwcmd} add 1013 pipe 1013 ip from any to ${users}.13 in via ${WAN} limit src-addr 50
${fwcmd} add 2013 pipe 2013 ip from ${users}.13 to any out via ${WAN} limit src-addr 50
${fwcmd} add 3013 allow ip from ${users}.13 to any via ${LAN}
${fwcmd} add 3013 allow ip from any to ${users}.13 via ${LAN}
${fwcmd} add 65535 drop ip from any to any
Зарание благодарен за помощь! _________________ OverNet - Конец Inet'a |
|