[問題] 問一下關於IPFILTER + IPNAT rdr的問題

看板FreeBSD作者lamb100.時間20年前 (2006/03/01 18:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

請問一下各位大大一個關於IPFILER + IPNAT 的 rdr問題我先貼上一些相關設定： 1. /etc/rc.conf #accounting_enable="YES" amd_enable="YES" blanktime="3600" defaultrouter="X.Y.Z.W" gateway_enable="YES" hostname="testsrv.testzone.com.tw" #外部設定 ifconfig_bfe0="inet I.J.K.L1 netmask 255.255.255.0" ifconfig_bfe0_alias0="inet I.J.K.L2 netmask 255.255.255.255" ifconfig_bfe0_alias1="inet I.J.K.L3 netmask 255.255.255.255" ifconfig_bfe0_alias2="inet I.J.K.L4 netmask 255.255.255.255" #內部設定 ifconfig_rl0="inet 172.16.8.254 netmask 255.255.255.0" 2. /etc/rc.local kldload ipl.ko ipf -Fa -f /etc/ipf.rules ipnat -CF -f /etc/ipnat.rules sysctl net.inet.ip.forwarding=1 sysctl net.link.ether.bridge.enable=1 sysctl net.link.ether.bridge.ipf=1 sysctl net.link.ether.bridge.config=rl0,bfe0 3. /etc/ipf.conf block in quick log quick all with short block in quick log quick all with ipopts pass in quick on lo0 all pass out quick on lo0 all block in quick on bfe0 from 192.168.0.0/16 to any block in quick on bfe0 from 172.16.0.0/12 to any block in quick on bfe0 from 10.0.0.0/8 to any block in quick on bfe0 from 127.0.0.0/8 to any pass in quick on rl0 proto tcp/udp from any to any keep state pass out quick on rl0 proto tcp/udp from any to any keep state pass in quick on rl0 proto esp from any to any keep state pass out quick on rl0 proto esp from any to any keep state pass in quick on rl0 proto gre from any to any keep state pass out quick on rl0 proto gre from any to any keep state pass in quick on bfe0 proto tcp/udp from any port = 5999 to I.J.K.L1/30 keep state pass in quick on bfe0 proto tcp/udp from any port = 53 to I.J.K.L1/30 keep state pass in quick on bfe0 proto tcp/udp from any port = 123 to I.J.K.L1/30 keep state pass in quick on bfe0 proto tcp/udp from any port = 20 to I.J.K.L1/30 keep state pass in quick on bfe0 proto tcp/udp from any port = 23 to I.J.K.L1/30 keep state pass in quick on bfe0 proto tcp/udp from any port = 21 to I.J.K.L1/30 keep state pass in quick on bfe0 proto tcp/udp from any port = 80 to I.J.K.L1/30 keep state pass in quick on bfe0 proto tcp/udp from any port = 14123 to I.J.K.L1/30 keep state pass in quick on bfe0 proto tcp/udp from any port = 2401 to I.J.K.L1/30 keep state pass in quick on bfe0 proto tcp/udp from any to I.J.K.L1/30 port = 80 keep state pass in quick on bfe0 proto tcp/udp from any to I.J.K.L1/30 port = 53 keep state pass in quick log on bfe0 proto tcp from any to I.J.K.L1/30 port = 22 keep state pass in quick on bfe0 proto tcp from any to I.J.K.L1/30 port = 25 keep state pass in quick on bfe0 proto tcp/udp from any to I.J.K.L1/30 port = 143 keep state pass in quick on bfe0 proto tcp/udp from any to I.J.K.L1/30 port = 443 keep state pass in quick on bfe0 proto tcp/udp from any to I.J.K.L1/30 port = 993 keep state pass in quick on bfe0 proto tcp from any port = 25 to I.J.K.L1/30 keep state pass out quick on bfe0 proto tcp/udp from I.J.K.L1/30 to any port = 5999 keep state pass out quick on bfe0 proto tcp/udp from I.J.K.L1/30 to any port = 53 keep state pass out quick on bfe0 proto tcp/udp from I.J.K.L1/30 to any port = 123 keep state pass out quick on bfe0 proto tcp/udp from I.J.K.L1/30 to any port = 23 keep state pass out quick on bfe0 proto tcp/udp from I.J.K.L1/30 to any port = 20 keep state pass out quick on bfe0 proto tcp/udp from I.J.K.L1/30 to any port = 21 keep state pass out quick on bfe0 proto tcp/udp from I.J.K.L1/30 to any port = 80 keep state pass out quick on bfe0 proto tcp/udp from I.J.K.L1/30 to any port = 2401 keep state pass out quick on bfe0 proto tcp/udp from I.J.K.L1/30 port = 53 to any keep state pass out quick on bfe0 proto tcp/udp from I.J.K.L1/30 port = 80 to any keep state pass out quick log on bfe0 proto tcp from I.J.K.L1/30 port = 22 to any keep state pass out quick on bfe0 proto tcp from I.J.K.L1/30 port = 25 to any keep state pass out quick on bfe0 proto tcp/udp from I.J.K.L1/30 port = 143 to any keep state pass out quick on bfe0 proto tcp/udp from I.J.K.L1/30 port = 443 to any keep state pass out quick on bfe0 proto tcp/udp from I.J.K.L1/30 port = 993 to any keep state pass out quick on bfe0 proto tcp from I.J.K.L1/30 to any port = 25 keep state pass out quick on bfe0 proto tcp from I.J.K.L1/30 to any port = 14123 keep state block out on bfe0 all block in on bfe0 all pass out on rl0 all pass in on rl0 all 4. /etc/ipnat.rules map bfe0 172.16.0.0/12 -> I.J.K.L1/30 proxy port 19760 ftp/tcp map bfe0 172.16.0.0/12 -> I.J.K.L1/30 map bfe0 192.168.0.0/16 -> I.J.K.L1/30 proxy port 19780 ftp/tcp map bfe0 192.168.0.0/16 -> I.J.K.L1/30 map bfe0 10.0.0.0/8 -> I.J.K.L1/30 proxy port 19800 ftp/tcp map bfe0 10.0.0.0/8 -> i.J.K.L1/30 rdr bfe0 I.J.K.L2 port 22 -> 172.16.1.M port 22 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 而我要達到的目的其實只是最後那一行我希望ssh外部的那個IP，就直直接ssh到內部的那一個哪我可以怎樣去修改我原先的一些設定值呢？先謝謝各位大大嚕！！ -- ※ 來自：風與塵埃的對話 (wdbbs.net) ㊣ Post by lamb100 from adsl-220-229-143-36.NH.s ◢ ◣ ███◣ ▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂ █◢◣█ █ █ 風與塵埃的對話 BBS ˙ wdbbs.net ◥◤◥◤ ███◤ ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇