IPFILTER+ipnat下出現的連線問題...
我用4.10的環境下設定Ipfilter+IPNAT..
底下用虛擬ip的電腦開網頁,telnet都沒有問題..
但是卻沒有辦法用ftp軟體或IE來登入 ftp 站台... >"<
以下是我的一些設定...請各位高手幫我看一下我那邊的設定出了問題..@"@
(對內網卡是 vr0 對外網卡是 dc0)
=======================================================================
ipnat.rules
map dc0 192.168.0.0/24 -> 0/32 portmap tcp/udp auto
map dc0 192.168.0.0/24 -> 0/32
ipnat.conf
map dc0 192.168.0.0/24 -> 12.34.56.78/32
^^^^^^^^^^^ 對外的ip
=======================================================================
ipf.rules
# 過濾非法封包。
block in quick log quick all with short
block in quick log quick all with ipopts
#
# 同意封包由WAN網卡fxp0介面及localhost介面lo0自由進出。
pass in quick on vr0 all
pass out quick on vr0 all
pass in quick on dc0 all
pass out quick on dc0 all
#
# 杜絕網際網路上的私有協定的IP封包,阻絕所有私有IP封包進入WAN網卡fxp0這張介面
block in quick on dc0 from 192.168.0.0/16 to any
block in quick on dc0 from 172.16.0.0/12 to any
block in quick on dc0 from 10.0.0.0/8 to any
block in quick on dc0 from 127.0.0.0/8 to any
block in quick on dc0 from 192.0.2.0/24 to any
#
# 阻絕所有封包進入LAN網卡中的de1介面。
# block in quick log on vr0 all
# block out quick log on vr0 all
#
# 同意出去LAN網卡中的de1介面所有tcp/udp封包皆可通行。
pass out quick log on vr0 proto tcp/udp from any to any keep state
#
# 同意進出LAN網卡中的de1介面所有icmp封包皆可通行。
pass in quick log on vr0 proto icmp all keep state
pass out quick log on vr0 proto icmp all keep state
#
# 同意進入LAN網卡中的de1介面,對特定的通訊協定port開放。
pass in quick on vr0 proto tcp/udp from any to any port = 53 keep state
pass in quick on vr0 proto tcp/udp from any to any port = 20 keep state
pass in quick on vr0 proto tcp/udp from any to any port = 21 keep state
pass in quick on vr0 proto tcp/udp from any to any port = 22 keep state
pass in quick on vr0 proto tcp/udp from any to any port = 65 keep state
pass in quick on vr0 proto tcp/udp from any to any port = 71 keep state
pass in quick on vr0 proto tcp/udp from any to any port = 74 keep state
pass in quick on vr0 proto tcp/udp from any to any port = 3128 keep state
pass in quick on vr0 proto tcp from any to any port = 23 keep state
pass in quick on vr0 proto tcp from any to any port = 22 keep state
pass in quick on vr0 proto tcp from any to any port = 25 keep state
pass in quick on vr0 proto tcp from any to any port = 110 keep state
pass in quick on vr0 proto tcp/udp from any to any port = 139 keep state
pass in quick on vr0 proto tcp from any to any port = 80 keep state
pass in quick on vr0 proto tcp from any to any port = 443 keep state
pass in quick on vr0 proto tcp/udp from any to any port = 445 keep state
pass in quick on vr0 proto tcp from any to any port = 8000 keep state
=========================================================================
--
╲ ▇▆▅ ▅▆▇
* ▋◥◣▁▁◢◤▌
◤ ◥ *
▍ ∩ ◢▼◣ ∩ ▋ /
▄▅≡ ▆ ≡▅▄
◣ ◢
--
◤◥ Origin: 大頭新站˙大頭傑克的BBS dato.et.tku.edu.tw
◣◢ Author: gungolin 從 localhost 發表
討論串 (同標題文章)
完整討論串 (本文為第 1 之 2 篇):
FreeBSD 近期熱門文章
PTT數位生活區 即時熱門文章
