Subject: Nastaveni ipf.conf
To: None <regional-cs@NetBSD.ORG>
From: Pavel Trubl <trubl@nettel.cz>
List: regional-cs
Date: 08/29/2005 09:13:32
Dobry den,
zkousim nastavit redirect portu 25 do vnitrni site a nekde delam chybu.
Ipfilter fungoval bez redirectu v pohode, mailserver na verejne IP byl
dostupny. Presunul jsem ho do vnitrni site a nastavil redirect do
ipnat.conf:

rdr ne2 xx.xx.xx.xx/32 port 25 -> 10.73.75.254 port 25 tcp

Nejak mi to nefungovalo a tak jsem vyradil ipfilter [povolil jsem
vsechno] a bez nej to funuguje take v pohode. Jen kombinace ipfilter a
ipnat mi nejak nebezi.

Kde mam chybu?
P.


# cat /etc/ipf.conf
# ne2-verejna IP, ne3,ne4-vnitrni IP
block in log from any to any
block out log from any to any

block return-rst in log proto tcp from any to any
block return-icmp in log proto udp from any to any

pass in quick on lo0 from any to any
pass out quick on lo0 from any to any

block out quick proto tcp from any to any flags /S
block in quick proto tcp from any to any flags /S

pass out quick proto icmp from any to any icmp-type 8 code 0 keep state
pass in quick proto icmp from any to any icmp-type 8 code 0 keep state

pass out proto udp from any to any keep state
pass in on ne3 proto udp from any to any keep state
pass in on ne4 proto udp from any to any keep state

pass out proto tcp from any to any keep state
pass in on ne3 proto tcp from any to any flags S/SA keep state
pass in on ne4 proto tcp from any to any flags S/SA keep state

pass in log on ne2 proto tcp from any to xx.xx.xx.xx port = 25 flags
S/SA keep state