forum.opennet.ru

Составление сообщения

Исходное сообщение

"IPFilter. Открытие/закрытие портов"
Отправлено teapot, 12-Ноя-08 13:36

Система FreeBSD 7.0. Установлен sendmail, squid 2.6, bind 9.4.2. IPFilter 4.1.28
У проси сервера только один интерфейс - bce0. Ему назначены 2 ip адреса, оба из локальной сети (прокси обслуживает 2 сети 192.168.1.0, 192.168.2.0) в инет он подключен через другой сервер (на стороне провайдера) с внешним IP, на нем порты 21, 22, 25, 53, 80, 110, 119, 143, 8081 открыты и перебрасываются на прокси. Как правильно закрыть все ненужное снаружи, оставить только 25 и 53, при этом внутренним сетям разрешить доступ в инет через прокси(порт 8081)?
вот то что я пытался сделать - но от этого не пускает на прокси с локальной сети.
block in quick on bce0 from 0.0.0.0/7 to any
block in quick on bce0 from 2.0.0.0/8 to any
block in quick on bce0 from 5.0.0.0/8 to any
block in quick on bce0 from 10.0.0.0/8 to any
block in quick on bce0 from 23.0.0.0/8 to any
block in quick on bce0 from 27.0.0.0/8 to any
block in quick on bce0 from 31.0.0.0/8 to any
block in quick on bce0 from 70.0.0.0/7 to any
block in quick on bce0 from 72.0.0.0/5 to any
block in quick on bce0 from 83.0.0.0/8 to any
block in quick on bce0 from 84.0.0.0/6 to any
block in quick on bce0 from 88.0.0.0/5 to any
block in quick on bce0 from 96.0.0.0/3 to any
block in quick on bce0 from 127.0.0.0/8 to any
block in quick on bce0 from 128.0.0.0/16 to any
block in quick on bce0 from 128.66.0.0/16 to any
block in quick on bce0 from 169.254.0.0/16 to any
block in quick on bce0 from 172.16.0.0/12 to any
block in quick on bce0 from 191.255.0.0/16 to any
block in quick on bce0 from 192.0.0.0/19 to any
block in quick on bce0 from 192.0.48.0/20 to any
block in quick on bce0 from 192.0.64.0/18 to any
block in quick on bce0 from 192.0.128.0/17 to any
block in quick on bce0 from 197.0.0.0/8 to any
block in quick on bce0 from 201.0.0.0/8 to any
block in quick on bce0 from 204.152.64.0/23 to any
block in quick on bce0 from 219.0.0.0/8 to any
block in quick on bce0 from 220.0.0.0/6 to any
block in quick on bce0 from 224.0.0.0/3 to any
pass in quick on lo0 all
pass out quick on lo0 all
pass out quick on bse0 from 192.168.17.254 to any
pass out quick on bse0 from 192.168.50.254 to any
pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 22
pass in quick on bse0 from 192.168.50.0/24 to 192.168.50.254 port = 22
block in quick on bse0 from any to 192.168.17.254 port = 22
block in quick on bse0 from any to 192.168.50.254 port = 22
pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 21
pass in quick on bse0 from 192.168.50.0/24 to 192.168.50.254 port = 21
block in quick on bse0 from any to 192.168.17.254 port = 21
block in quick on bse0 from any to 192.168.50.254 port = 21
pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 23
pass in quick on bse0 from 192.168.50.0/24 to 192.168.50.254 port = 23
block in quick on bse0 from any to 192.168.17.254 port = 23
block in quick on bse0 from any to 192.168.50.254 port = 23
pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 10000
pass in quick on bse0 from 192.168.50.0/24 to 192.168.17.254 port = 10000
block in quick on bse0 from any to 192.168.17.254 port = 10000
block in quick on bse0 from any to 192.168.50.254 port = 10000
pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 8081
pass in quick on bse0 from 192.168.50.0/24 to 192.168.17.254 port = 8081
block in quick on bse0 from any to 192.168.17.254 port = 8081
block in quick on bce0 from any to 192.168.50.254 port = 8081
pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 587
pass in quick on bse0 from 192.168.50.0/24 to 192.168.17.254 port = 587
block in quick on bse0 from any to 192.168.17.254 port = 587
block in quick on bce0 from any to 192.168.50.254 port = 587
pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 110
pass in quick on bse0 from 192.168.50.0/24 to 192.168.17.254 port = 110
block in quick on bse0 from any to 192.168.17.254 port = 110
block in quick on bce0 from any to 192.168.50.254 port = 110
block in quick on bse0 from any to 192.168.17.254 port = 143
block in quick on bce0 from any to 192.168.50.254 port = 143
pass in quick on bse0 proto tcp from any to 192.168.17.254 port = 25
pass in quick on bse0 proto tcp from any to 192.168.50.254 port = 25
pass in quick on bce0 proto tcp from any to 192.168.17.254 port = 53 flags S keep state
pass in quick on bce0 proto udp from any to 192.168.17.254 port = 53 keep state
pass in quick on bce0 proto tcp from any to 192.168.50.254 port = 53 flags S keep state
pass in quick on bce0 proto udp from any to 192.168.50.254 port = 53 keep state
pass in quick on bse0 proto icmp from 192.168.17.0/24 to any icmp-type 0
pass in quick on bse0 proto icmp from 192.168.50.0/24 to any icmp-type 11
pass in quick on bse0 proto icmp from any to 192.168.17.254 icmp-type 0
pass in quick on bse0 proto icmp from any to 192.168.17.254 icmp-type 11
pass in quick on bse0 proto icmp from any to 192.168.50.254 icmp-type 0
pass in quick on bse0 proto icmp from any to 192.168.50.254 icmp-type 11
block in quick on bce0 proto icmp from any to any
block in on bce0 all
block out on bce0 all
где ошибка???

Исходное сообщение
"IPFilter. Открытие/закрытие портов" Отправлено teapot, 12-Ноя-08 13:36
Система FreeBSD 7.0. Установлен sendmail, squid 2.6, bind 9.4.2. IPFilter 4.1.28 У проси сервера только один интерфейс - bce0. Ему назначены 2 ip адреса, оба из локальной сети (прокси обслуживает 2 сети 192.168.1.0, 192.168.2.0) в инет он подключен через другой сервер (на стороне провайдера) с внешним IP, на нем порты 21, 22, 25, 53, 80, 110, 119, 143, 8081 открыты и перебрасываются на прокси. Как правильно закрыть все ненужное снаружи, оставить только 25 и 53, при этом внутренним сетям разрешить доступ в инет через прокси(порт 8081)? вот то что я пытался сделать - но от этого не пускает на прокси с локальной сети. block in quick on bce0 from 0.0.0.0/7 to any block in quick on bce0 from 2.0.0.0/8 to any block in quick on bce0 from 5.0.0.0/8 to any block in quick on bce0 from 10.0.0.0/8 to any block in quick on bce0 from 23.0.0.0/8 to any block in quick on bce0 from 27.0.0.0/8 to any block in quick on bce0 from 31.0.0.0/8 to any block in quick on bce0 from 70.0.0.0/7 to any block in quick on bce0 from 72.0.0.0/5 to any block in quick on bce0 from 83.0.0.0/8 to any block in quick on bce0 from 84.0.0.0/6 to any block in quick on bce0 from 88.0.0.0/5 to any block in quick on bce0 from 96.0.0.0/3 to any block in quick on bce0 from 127.0.0.0/8 to any block in quick on bce0 from 128.0.0.0/16 to any block in quick on bce0 from 128.66.0.0/16 to any block in quick on bce0 from 169.254.0.0/16 to any block in quick on bce0 from 172.16.0.0/12 to any block in quick on bce0 from 191.255.0.0/16 to any block in quick on bce0 from 192.0.0.0/19 to any block in quick on bce0 from 192.0.48.0/20 to any block in quick on bce0 from 192.0.64.0/18 to any block in quick on bce0 from 192.0.128.0/17 to any block in quick on bce0 from 197.0.0.0/8 to any block in quick on bce0 from 201.0.0.0/8 to any block in quick on bce0 from 204.152.64.0/23 to any block in quick on bce0 from 219.0.0.0/8 to any block in quick on bce0 from 220.0.0.0/6 to any block in quick on bce0 from 224.0.0.0/3 to any pass in quick on lo0 all pass out quick on lo0 all pass out quick on bse0 from 192.168.17.254 to any pass out quick on bse0 from 192.168.50.254 to any pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 22 pass in quick on bse0 from 192.168.50.0/24 to 192.168.50.254 port = 22 block in quick on bse0 from any to 192.168.17.254 port = 22 block in quick on bse0 from any to 192.168.50.254 port = 22 pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 21 pass in quick on bse0 from 192.168.50.0/24 to 192.168.50.254 port = 21 block in quick on bse0 from any to 192.168.17.254 port = 21 block in quick on bse0 from any to 192.168.50.254 port = 21 pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 23 pass in quick on bse0 from 192.168.50.0/24 to 192.168.50.254 port = 23 block in quick on bse0 from any to 192.168.17.254 port = 23 block in quick on bse0 from any to 192.168.50.254 port = 23 pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 10000 pass in quick on bse0 from 192.168.50.0/24 to 192.168.17.254 port = 10000 block in quick on bse0 from any to 192.168.17.254 port = 10000 block in quick on bse0 from any to 192.168.50.254 port = 10000 pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 8081 pass in quick on bse0 from 192.168.50.0/24 to 192.168.17.254 port = 8081 block in quick on bse0 from any to 192.168.17.254 port = 8081 block in quick on bce0 from any to 192.168.50.254 port = 8081 pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 587 pass in quick on bse0 from 192.168.50.0/24 to 192.168.17.254 port = 587 block in quick on bse0 from any to 192.168.17.254 port = 587 block in quick on bce0 from any to 192.168.50.254 port = 587 pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 110 pass in quick on bse0 from 192.168.50.0/24 to 192.168.17.254 port = 110 block in quick on bse0 from any to 192.168.17.254 port = 110 block in quick on bce0 from any to 192.168.50.254 port = 110 block in quick on bse0 from any to 192.168.17.254 port = 143 block in quick on bce0 from any to 192.168.50.254 port = 143 pass in quick on bse0 proto tcp from any to 192.168.17.254 port = 25 pass in quick on bse0 proto tcp from any to 192.168.50.254 port = 25 pass in quick on bce0 proto tcp from any to 192.168.17.254 port = 53 flags S keep state pass in quick on bce0 proto udp from any to 192.168.17.254 port = 53 keep state pass in quick on bce0 proto tcp from any to 192.168.50.254 port = 53 flags S keep state pass in quick on bce0 proto udp from any to 192.168.50.254 port = 53 keep state pass in quick on bse0 proto icmp from 192.168.17.0/24 to any icmp-type 0 pass in quick on bse0 proto icmp from 192.168.50.0/24 to any icmp-type 11 pass in quick on bse0 proto icmp from any to 192.168.17.254 icmp-type 0 pass in quick on bse0 proto icmp from any to 192.168.17.254 icmp-type 11 pass in quick on bse0 proto icmp from any to 192.168.50.254 icmp-type 0 pass in quick on bse0 proto icmp from any to 192.168.50.254 icmp-type 11 block in quick on bce0 proto icmp from any to any block in on bce0 all block out on bce0 all где ошибка???

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

На сайте действует частичное премодерирование - после публикации некоторые сообщения от анонимов могут автоматически скрываться ботом. После проверки модератором ошибочно скрытые сообщения раскрываются. Для ускорения раскрытия можно воспользоваться ссылкой "Сообщить модератору", указав в качестве причины обращения "скрыто по ошибке".

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру