IPFW - Direcionar Trafego do NoCat Para Proxy

Anailson · 26-08-2005, 12:39

GALERA....DA UMA FORCINHA AI.. , INSTALEI O NOCAT, (AUTENTICADOR WEB) NO FREEBSD 5.3, SO QUE TENHO A NECESSIDADE DE REDIRECIONAR O TRAFEGO PARA A PORTA 3128 DEPOIS DE AUTENTICAR O USUARIO (NOCAT).

Segue abaixo o script

#!/bin/sh

# Note: your PATH is inherited from the gateway process
#

IPFW=/sbin/ipfw

# Enable IP forwarding
sysctl net.inet.ip.forwarding=1

# Enable ethernet filtering
sysctl net.link.ether.ipfw=1

# clear all packet filter rules
${IPFW} -fq flush
${IPFW} -fq pipe flush

# Pass external device traffic
${IPFW} add pass all from any to any via ${ExternalDevice}

# Pass loopback traffic
${IPFW} add pass all from any to any via lo0

#########################
# Capture rules #
#########################

# Pass all layer2
${IPFW} add 50000 pass layer2

# Pass Gateway
${IPFW} add pass tcp from any to any ${GatewayPort} in via ${InternalDevice}
${IPFW} add pass tcp from any to any ${GatewayPort} out via ${InternalDevice}

# Pass SSH for DEBUG
${IPFW} add pass tcp from any to any ssh in via any
${IPFW} add pass tcp from any to any ssh out via any
${IPFW} add pass tcp from any to any ftp in via any
${IPFW} add pass tcp from any to any ftp out via any

# Pass DNS
if [ "${DNSAddr}" != "" ]; then
# Use external DNS server
for a in ${DNSAddr}; do
${IPFW} add pass udp from any to ${a} domain in via ${InternalDevice} keep-state
done
else
# Use local DNS server on gateway
${IPFW} add pass udp from any to ${LocalNetwork} domain in via ${InternalDevice} keep-state
fi

# Allow access to the AuthService
${IPFW} add pass tcp from any to ${AuthServiceAddr} http,https,3128 in via ${InternalDevice}

# Forward all http and https traffic to the Gateway
${IPFW} add fwd ${GatewayAddr},${GatewayPort} tcp from any to any 3128,http,https in via ${InternalDevice}

#regra para squid (em teste)
#${IPFW} add fwd ${GatewayAddr},3128 tcp from any to any in via ${InternalDevice}

# Deny everything else
${IPFW} add deny log all from any to any in via ${InternalDevice}

#########################
# DummyNet rules #
#########################

# Members
${IPFW} add 60000 queue 1 all from any to any in
${IPFW} add 60000 queue 2 all from any to any out
${IPFW} add 60010 skipto 61000 all from any to any
${IPFW} queue 1 config mask src-ip 0xffffffff pipe 1 weight 75
${IPFW} queue 2 config mask dst-ip 0xffffffff pipe 2 weight 100
${IPFW} pipe 1 config
${IPFW} pipe 2 config

# Others
${IPFW} add 60100 queue 3 all from any to any in
${IPFW} add 60100 queue 4 all from any to any out
${IPFW} add 60110 skipto 61000 all from any to any
${IPFW} queue 3 config mask src-ip 0xffffffff pipe 3 weight 75
${IPFW} queue 4 config mask dst-ip 0xffffffff pipe 4 weight 100
${IPFW} pipe 3 config bw 128Mbit/s
${IPFW} pipe 4 config bw 512Mbit/s[/color][/size]

MSN: [email protected]
Email: [email protected]

#Evite letras maiusculas para não poluir o post e assim os usuário se sentirem mais a vontade para responde - Moderador

IPFW - Direcionar Trafego do NoCat Para Proxy

Ferramentas de Tópicos

IPFW - Direcionar Trafego do NoCat Para Proxy