+ Responder ao Tópico



  1. #1
    wandersonalan
    Visitante

    Padrão Interface externa no pf bloqueada

    caros eu sei q eh um erro postar minhas regras do firewall porem eh a unico jeito que vejo pro meu problema ser solucionado.
    eh o seguinte: minhas regras estão todas prontas porem quando tento acessar eu servidor web q esta na maquina c o freebsd funcionando como firewall atraves da interface externa n consigo. jah vasculehi todas as regras pra v se tem alguma coisa bloqueando e pelo que pude constatar n existe nada bloqueando. gostaria de alguma ajuda.

    essas são as regras q estão rodando no meu pf.

    scrub in all fragment reassemble
    block return all
    pass quick on lo0 all
    block drop in quick on ! rl0 inet from 192.168.73.0/24 to any
    block drop in quick inet from 192.168.73.253 to any
    pass in log on rl0 from <lan> to any
    pass out log on rl0 from <lan> to any
    pass out log quick on rl1 inet proto tcp from any to any port = ftp-data flags s/sa modulate state
    pass out log quick on rl1 inet proto tcp from any to any port = ftp flags s/sa modulate state
    pass out log quick on rl1 inet proto tcp from any to any port = ssh flags s/sa modulate state
    pass out log quick on rl1 inet proto tcp from any to any port = smtp flags s/sa modulate state
    pass out log quick on rl1 inet proto tcp from any to any port = domain flags s/sa modulate state
    pass out log quick on rl1 inet proto tcp from any to any port = http flags s/sa modulate state
    pass out log quick on rl1 inet proto tcp from any to any port = pop3 flags s/sa modulate state
    pass out log quick on rl1 inet proto tcp from any to any port = ldap flags s/sa modulate state
    pass out log quick on rl1 inet proto tcp from any to any port = https flags s/sa modulate state
    pass out log quick on rl1 inet proto tcp from any to any port = ddm-rdb flags s/sa modulate state
    pass out log quick on rl1 inet proto tcp from any to any port = ftp-proxy flags s/sa modulate state
    pass out log quick on rl1 inet proto udp from any to any port = domain keep state
    pass out log quick on rl1 inet proto udp from any to any port = re-mail-ck keep state
    pass out log quick on rl1 inet proto udp from any to any port = 60 keep state
    pass out log quick on rl1 inet proto udp from any to any port = tftp keep state
    pass out log quick on rl1 inet proto udp from any to any port = ldap keep state
    pass in log quick on rl1 inet proto tcp from any to (rl1) port = http flags s/sa keep state
    pass in log quick on rl1 inet proto udp from any to (rl1) port = domain keep state
    pass log on rl1 from any to <estacoes_limitadas> queue limit_estacoes
    pass on rl0 proto udp from any to any port = re-mail-ck queue voip
    pass on rl0 proto udp from any to any port = 60 queue voip
    pass on rl1 proto udp from any to any port = re-mail-ck queue voip
    pass on rl1 proto udp from any to any port = 60 queue voip

    onde minha rl0 eh minha interface interna e minha rl1 eh minha interface externa
    table <lan> possui os enderecos da rede local e <estacoes_limitadas> possui as estacoes que estão sendo limitada a banda.

    desde já agradeco

  2. #2

    Padrão Interface externa no pf bloqueada

    nao tou muito lembrando de PF mas para para ter conexao na rl1 vindo da internet nao teria que ter:

    pass in log quick on rl1 inet proto tcp from any to any port = 80 ???



  3. #3
    wandersonalan
    Visitante

    Padrão Interface externa no pf bloqueada

    isso jah tah dito na seguinte regra:

    pass in log quick on rl1 inet proto tcp from any to (rl1) port = http flags S/SA keep state

    eh pq no arquivo pf.conf vc coloca a porta e qdo vc coloca p visualizar as regras ele transforma a porta no nome do serviço