forum.opennet.ru - "IPFilter. Открытие/закрытие портов" (1)

форумы

помощь

поиск

регистрация

майллист

вход/выход

слежка

"IPFilter. Открытие/закрытие портов"

Форумы Информационная безопасность (Public)
Вариант для распечатки		Пред. тема \| След. тема
Изначальное сообщение		[ Отслеживать ]

"IPFilter. Открытие/закрытие портов"
Сообщение от teapot (??) on 12-Ноя-08, 13:36
Система FreeBSD 7.0. Установлен sendmail, squid 2.6, bind 9.4.2. IPFilter 4.1.28 У проси сервера только один интерфейс - bce0. Ему назначены 2 ip адреса, оба из локальной сети (прокси обслуживает 2 сети 192.168.1.0, 192.168.2.0) в инет он подключен через другой сервер (на стороне провайдера) с внешним IP, на нем порты 21, 22, 25, 53, 80, 110, 119, 143, 8081 открыты и перебрасываются на прокси. Как правильно закрыть все ненужное снаружи, оставить только 25 и 53, при этом внутренним сетям разрешить доступ в инет через прокси(порт 8081)? вот то что я пытался сделать - но от этого не пускает на прокси с локальной сети. block in quick on bce0 from 0.0.0.0/7 to any block in quick on bce0 from 2.0.0.0/8 to any block in quick on bce0 from 5.0.0.0/8 to any block in quick on bce0 from 10.0.0.0/8 to any block in quick on bce0 from 23.0.0.0/8 to any block in quick on bce0 from 27.0.0.0/8 to any block in quick on bce0 from 31.0.0.0/8 to any block in quick on bce0 from 70.0.0.0/7 to any block in quick on bce0 from 72.0.0.0/5 to any block in quick on bce0 from 83.0.0.0/8 to any block in quick on bce0 from 84.0.0.0/6 to any block in quick on bce0 from 88.0.0.0/5 to any block in quick on bce0 from 96.0.0.0/3 to any block in quick on bce0 from 127.0.0.0/8 to any block in quick on bce0 from 128.0.0.0/16 to any block in quick on bce0 from 128.66.0.0/16 to any block in quick on bce0 from 169.254.0.0/16 to any block in quick on bce0 from 172.16.0.0/12 to any block in quick on bce0 from 191.255.0.0/16 to any block in quick on bce0 from 192.0.0.0/19 to any block in quick on bce0 from 192.0.48.0/20 to any block in quick on bce0 from 192.0.64.0/18 to any block in quick on bce0 from 192.0.128.0/17 to any block in quick on bce0 from 197.0.0.0/8 to any block in quick on bce0 from 201.0.0.0/8 to any block in quick on bce0 from 204.152.64.0/23 to any block in quick on bce0 from 219.0.0.0/8 to any block in quick on bce0 from 220.0.0.0/6 to any block in quick on bce0 from 224.0.0.0/3 to any pass in quick on lo0 all pass out quick on lo0 all pass out quick on bse0 from 192.168.17.254 to any pass out quick on bse0 from 192.168.50.254 to any pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 22 pass in quick on bse0 from 192.168.50.0/24 to 192.168.50.254 port = 22 block in quick on bse0 from any to 192.168.17.254 port = 22 block in quick on bse0 from any to 192.168.50.254 port = 22 pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 21 pass in quick on bse0 from 192.168.50.0/24 to 192.168.50.254 port = 21 block in quick on bse0 from any to 192.168.17.254 port = 21 block in quick on bse0 from any to 192.168.50.254 port = 21 pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 23 pass in quick on bse0 from 192.168.50.0/24 to 192.168.50.254 port = 23 block in quick on bse0 from any to 192.168.17.254 port = 23 block in quick on bse0 from any to 192.168.50.254 port = 23 pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 10000 pass in quick on bse0 from 192.168.50.0/24 to 192.168.17.254 port = 10000 block in quick on bse0 from any to 192.168.17.254 port = 10000 block in quick on bse0 from any to 192.168.50.254 port = 10000 pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 8081 pass in quick on bse0 from 192.168.50.0/24 to 192.168.17.254 port = 8081 block in quick on bse0 from any to 192.168.17.254 port = 8081 block in quick on bce0 from any to 192.168.50.254 port = 8081 pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 587 pass in quick on bse0 from 192.168.50.0/24 to 192.168.17.254 port = 587 block in quick on bse0 from any to 192.168.17.254 port = 587 block in quick on bce0 from any to 192.168.50.254 port = 587 pass in quick on bse0 from 192.168.17.0/24 to 192.168.17.254 port = 110 pass in quick on bse0 from 192.168.50.0/24 to 192.168.17.254 port = 110 block in quick on bse0 from any to 192.168.17.254 port = 110 block in quick on bce0 from any to 192.168.50.254 port = 110 block in quick on bse0 from any to 192.168.17.254 port = 143 block in quick on bce0 from any to 192.168.50.254 port = 143 pass in quick on bse0 proto tcp from any to 192.168.17.254 port = 25 pass in quick on bse0 proto tcp from any to 192.168.50.254 port = 25 pass in quick on bce0 proto tcp from any to 192.168.17.254 port = 53 flags S keep state pass in quick on bce0 proto udp from any to 192.168.17.254 port = 53 keep state pass in quick on bce0 proto tcp from any to 192.168.50.254 port = 53 flags S keep state pass in quick on bce0 proto udp from any to 192.168.50.254 port = 53 keep state pass in quick on bse0 proto icmp from 192.168.17.0/24 to any icmp-type 0 pass in quick on bse0 proto icmp from 192.168.50.0/24 to any icmp-type 11 pass in quick on bse0 proto icmp from any to 192.168.17.254 icmp-type 0 pass in quick on bse0 proto icmp from any to 192.168.17.254 icmp-type 11 pass in quick on bse0 proto icmp from any to 192.168.50.254 icmp-type 0 pass in quick on bse0 proto icmp from any to 192.168.50.254 icmp-type 11 block in quick on bce0 proto icmp from any to any block in on bce0 all block out on bce0 all где ошибка???
Высказать мнение \| Ответить \| Правка \| Cообщить модератору

Оглавление

IPFilter. Открытие/закрытие портов, teapot, 12:06 , 15-Ноя-08, (1)

Сообщения по теме [Сортировка по времени | RSS]

1. "IPFilter. Открытие/закрытие портов"

Сообщение от teapot (??) on 15-Ноя-08, 12:06

Методом проб и ошибок был достигнут рабочий вариант.

pass out quick on lo0 proto ip from 127.0.0.0/8 to 127.0.0.0/8
pass in quick on lo0 proto ip from 127.0.0.0/8 to 127.0.0.0/8
block in quick on lo0 proto ip from any to 127.0.0.0/8
pass out quick on bce0 from 192.168.17.254  to any
pass out quick on bce0 from 192.168.50.254  to any
pass in quick on bce0 from 192.168.17.0 mask 255.255.255.0 to 192.168.17.254  port = 10000
pass in quick on bce0 from 192.168.50.0 mask 255.255.255.0 to 192.168.50.254  port = 10000
pass in quick on bce0 from 192.168.17.0 mask 255.255.255.0 to 192.168.17.254  port = 110
pass in quick on bce0 from 192.168.50.0 mask 255.255.255.0 to 192.168.50.254  port = 110
pass in quick on bce0 from any to 192.168.17.254  port = 8081
pass in quick on bce0 from any to 192.168.50.254 port = 8081
pass in quick on bce0 from 192.168.17.0 mask 255.255.255.0 to 192.168.17.254  port = 22
pass in quick on bce0 from 192.168.50.0 mask 255.255.255.0 to 192.168.50.254  port = 22
pass in quick on bce0 from any to 192.168.17.254  port = 25
pass in quick on bce0 from any to 192.168.50.254  port = 25
pass in quick on bce0 proto tcp from any port = 25 to 192.168.17.254
pass in quick on bce0 proto tcp from any port = 25 to 192.168.50.254
pass in quick on bce0 proto udp from any to 192.168.17.254  port = 53 keep frags
pass in quick on bce0 proto tcp from any to 192.168.17.254  port = 53 keep state keep frags
pass in quick on bce0 proto udp from any to 192.168.50.254  port = 53 keep frags
pass in quick on bce0 proto tcp from any to 192.168.50.254  port = 53 keep state keep frags
pass in quick on bse0 proto icmp from 192.168.17.0 mask 255.255.255.0 to any
pass in quick on bse0 proto icmp from 192.168.50.0 mask 255.255.255.0 to any
pass in quick on bse0 proto icmp from any to 192.168.17.254
pass in quick on bse0 proto icmp from any to 192.168.50.254
pass in quick on bce0 proto icmp from 192.168.17.0 mask 255.255.255.0 to 192.168.17.254 icmp-type echo
pass in quick on bce0 proto icmp from 192.168.50.0 mask 255.255.255.0 to 192.168.50.254 icmp-type echo
pass in quick on bce0 proto tcp from 192.168.17.0 mask 255.255.255.0 port = 8081 to 192.168.17.254 port = 8081
pass in quick on bce0 proto tcp from 192.168.50.0 mask 255.255.255.0 port = 8081 to 192.168.50.254 port = 8081
pass in quick on bce0 proto icmp from any to 192.168.17.254 icmp-type echorep
pass in quick on bce0 proto icmp from any to 192.168.50.254 icmp-type echorep
pass in quick on bce0 proto tcp from any port = 80 to 192.168.17.254
pass in quick on bce0 proto tcp from any port = 80 to 192.168.50.254
pass in quick on bce0 proto udp from any port = 53 to 192.168.17.254
pass in quick on bce0 proto udp from any port = 53 to 192.168.50.254
pass in quick on bce0 proto tcp from any port = 443 to 192.168.17.254
pass in quick on bce0 proto tcp from any port = 443 to 192.168.50.254
pass in quick on bce0 proto tcp from any port = 21 to 192.168.17.254
pass in quick on bce0 proto tcp from any port = 21 to 192.168.50.254
pass in quick on bce0 proto tcp from any port = 20 to 192.168.17.254
pass in quick on bce0 proto tcp from any port = 20 to 192.168.50.254
block out quick on bce0 from any to any
block in quick on bce0 from any to any

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

Архив | Удалить

Индекс форумов | Темы | Пред. тема | След. тема

Оцените тред (1=ужас, 5=супер)? [ 1 | 2 | 3 | 4 | 5 ] [Рекомендовать для помещения в FAQ]

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру

1. "IPFilter. Открытие/закрытие портов"
Сообщение от teapot (??) on 15-Ноя-08, 12:06
Методом проб и ошибок был достигнут рабочий вариант. pass out quick on lo0 proto ip from 127.0.0.0/8 to 127.0.0.0/8 pass in quick on lo0 proto ip from 127.0.0.0/8 to 127.0.0.0/8 block in quick on lo0 proto ip from any to 127.0.0.0/8 pass out quick on bce0 from 192.168.17.254 to any pass out quick on bce0 from 192.168.50.254 to any pass in quick on bce0 from 192.168.17.0 mask 255.255.255.0 to 192.168.17.254 port = 10000 pass in quick on bce0 from 192.168.50.0 mask 255.255.255.0 to 192.168.50.254 port = 10000 pass in quick on bce0 from 192.168.17.0 mask 255.255.255.0 to 192.168.17.254 port = 110 pass in quick on bce0 from 192.168.50.0 mask 255.255.255.0 to 192.168.50.254 port = 110 pass in quick on bce0 from any to 192.168.17.254 port = 8081 pass in quick on bce0 from any to 192.168.50.254 port = 8081 pass in quick on bce0 from 192.168.17.0 mask 255.255.255.0 to 192.168.17.254 port = 22 pass in quick on bce0 from 192.168.50.0 mask 255.255.255.0 to 192.168.50.254 port = 22 pass in quick on bce0 from any to 192.168.17.254 port = 25 pass in quick on bce0 from any to 192.168.50.254 port = 25 pass in quick on bce0 proto tcp from any port = 25 to 192.168.17.254 pass in quick on bce0 proto tcp from any port = 25 to 192.168.50.254 pass in quick on bce0 proto udp from any to 192.168.17.254 port = 53 keep frags pass in quick on bce0 proto tcp from any to 192.168.17.254 port = 53 keep state keep frags pass in quick on bce0 proto udp from any to 192.168.50.254 port = 53 keep frags pass in quick on bce0 proto tcp from any to 192.168.50.254 port = 53 keep state keep frags pass in quick on bse0 proto icmp from 192.168.17.0 mask 255.255.255.0 to any pass in quick on bse0 proto icmp from 192.168.50.0 mask 255.255.255.0 to any pass in quick on bse0 proto icmp from any to 192.168.17.254 pass in quick on bse0 proto icmp from any to 192.168.50.254 pass in quick on bce0 proto icmp from 192.168.17.0 mask 255.255.255.0 to 192.168.17.254 icmp-type echo pass in quick on bce0 proto icmp from 192.168.50.0 mask 255.255.255.0 to 192.168.50.254 icmp-type echo pass in quick on bce0 proto tcp from 192.168.17.0 mask 255.255.255.0 port = 8081 to 192.168.17.254 port = 8081 pass in quick on bce0 proto tcp from 192.168.50.0 mask 255.255.255.0 port = 8081 to 192.168.50.254 port = 8081 pass in quick on bce0 proto icmp from any to 192.168.17.254 icmp-type echorep pass in quick on bce0 proto icmp from any to 192.168.50.254 icmp-type echorep pass in quick on bce0 proto tcp from any port = 80 to 192.168.17.254 pass in quick on bce0 proto tcp from any port = 80 to 192.168.50.254 pass in quick on bce0 proto udp from any port = 53 to 192.168.17.254 pass in quick on bce0 proto udp from any port = 53 to 192.168.50.254 pass in quick on bce0 proto tcp from any port = 443 to 192.168.17.254 pass in quick on bce0 proto tcp from any port = 443 to 192.168.50.254 pass in quick on bce0 proto tcp from any port = 21 to 192.168.17.254 pass in quick on bce0 proto tcp from any port = 21 to 192.168.50.254 pass in quick on bce0 proto tcp from any port = 20 to 192.168.17.254 pass in quick on bce0 proto tcp from any port = 20 to 192.168.50.254 block out quick on bce0 from any to any block in quick on bce0 from any to any
Высказать мнение \| Ответить \| Правка \| Наверх \| Cообщить модератору

Архив \| Удалить	Индекс форумов \| Темы \| Пред. тема \| След. тема
Оцените тред (1=ужас, 5=супер)? [ 1 \| 2 \| 3 \| 4 \| 5 ] [Рекомендовать для помещения в FAQ]