первое что хочу сказать
Я ОЧЕНЬ БЛАГОДАРЕН АВТОРУ ЗА ЕГО ТРУД
и желаю дальнейшего развития данного проекта
и есть вопросец
с FreeBSD обшаюсь не так уж давно
встал вопрос заюзать через шлюз бсд RDP
вот что имеем
RDP 10.1.0.250
вот все как есть
Код: Выделить всё
rc.conf
router# cat /etc/rc.conf
defaultrouter="78.154.162.241"
gateway_enable="YES"
hostname="router.gmz.com.ua"
ifconfig_fxp0="inet 78.154.162.242 netmask 255.255.255.252"
ifconfig_rl0="inet 10.1.0.247 netmask 255.255.0.0"
inetd_enable="NO"
router_enable="YES"
saver="daemon"
sshd_enable="YES"
usbd_enable="YES"
apache_enable="YES"
natd_enable="YES"
natd_interface="fxp0"
#natd_flags="-f /usr/local/etc/firewall/natd.conf"
natd_flags="-redirect_port tcp 10.1.0.250:3389 3389"
firewall_enable="YES"
firewall_script="/usr/local/etc/firewall/ipfw.sh"
#rinetd_enable="YES"
#
keymap=ru.cp1251
font8x14="cp866-8x14"
font8x16="cp866b-8x16"
font8x8="cp866-8x8"
scrnmap="win2cpp866"
router# ipfw show
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 0 0 deny ip from 10.1.0.0/24 to any in via fxp0
00500 0 0 deny ip from any to 10.0.0.0/8 in via fxp0
00600 0 0 deny ip from any to 172.16.0.0/12 in via fxp0
00700 0 0 deny ip from any to 192.168.0.0/16 in via fxp0
00800 0 0 deny ip from any to 0.0.0.0/8 in via fxp0
00900 0 0 deny ip from any to 169.254.0.0/16 in via fxp0
01000 10 280 deny ip from any to 224.0.0.0/4 in via fxp0
01100 22 1782 deny ip from any to 240.0.0.0/4 in via fxp0
01200 0 0 deny icmp from any to any frag
01300 0 0 deny log logamount 100 icmp from any to 255.255.255.255 in via fxp0
01400 0 0 deny log logamount 100 icmp from any to 255.255.255.255 out via fxp0
01500 3 144 divert 8668 log logamount 100 ip from any to me dst-port 3389 via fxp0
01600 6 336 allow log logamount 100 ip from me to 10.1.0.0/24
01700 6 360 allow log logamount 100 ip from 10.1.0.0/24 to me
01800 0 0 divert 8668 ip from 10.1.0.0/24 to any out via fxp0
01900 168 14074 divert 8668 ip from any to 78.154.162.242 in via fxp0
02000 0 0 deny ip from 10.0.0.0/8 to any out via fxp0
02100 0 0 deny ip from 172.16.0.0/12 to any out via fxp0
02200 0 0 deny ip from 192.168.0.0/16 to any out via fxp0
02300 0 0 deny ip from 0.0.0.0/8 to any out via fxp0
02400 0 0 deny ip from 169.254.0.0/16 to any out via fxp0
02500 0 0 deny ip from 224.0.0.0/4 to any out via fxp0
02600 0 0 deny ip from 240.0.0.0/4 to any out via fxp0
02700 8 672 allow icmp from any to any icmptypes 0,8,11
02800 54 8227 allow ip from any to 10.1.0.0/24 in via rl0
02900 0 0 allow ip from 10.1.0.0/24 to any out via rl0
03000 249 27515 allow tcp from any to any established
03100 0 0 allow udp from any to 78.154.162.242 dst-port 53 in via fxp0
03200 0 0 allow udp from 78.154.162.242 53 to any out via fxp0
03300 12 1833 allow udp from any 53 to 78.154.162.242 in via fxp0
03400 12 957 allow udp from 78.154.162.242 to any dst-port 53 out via fxp0
03500 0 0 allow udp from any to any dst-port 123 via fxp0
03600 0 0 allow tcp from any to 78.154.162.242 dst-port 53 in via fxp0 setup
03700 0 0 allow tcp from any to 78.154.162.242 dst-port 80 in via fxp0 setup
03800 0 0 allow tcp from any to 78.154.162.242 dst-port 20,21 in via fxp0 setup
03900 1 40 allow tcp from any to 78.154.162.242 dst-port 25 in via fxp0 setup
04000 1 48 allow tcp from any to 78.154.162.242 dst-port 22 in via fxp0 setup
04100 0 0 allow tcp from any to 78.154.162.242 dst-port 20,21 in via fxp0 setup
04200 0 0 allow tcp from any to 78.154.162.242 dst-port 49152-65535 via fxp0
04300 2 80 deny log logamount 100 tcp from any to 78.154.162.242 in via fxp0 setup
04400 0 0 allow tcp from 78.154.162.242 to any out via fxp0 setup
04500 0 0 allow tcp from any to 78.154.162.242 in via rl0 setup
04600 0 0 allow tcp from 10.1.0.0/24 to any dst-port 5190 in via rl0 setup
04700 0 0 allow tcp from 10.1.0.151 to not 10.1.0.0/24 in via rl0 setup
04800 0 0 allow tcp from 10.1.0.200 to not 10.1.0.0/24 in via rl0 setup
04900 0 0 allow tcp from 10.1.0.250 to not 10.1.0.0/24 in via rl0 setup
65535 500 58881 deny ip from any to any
Код: Выделить всё
router# cat /var/log/security
Aug 2 14:46:41 router kernel: ipfw: 1500 Divert 8668 TCP 92.112.151.138:2892 78.154.162.242:3389 in via fxp0
Aug 2 14:46:50 router last message repeated 2 times
Aug 2 14:51:17 router kernel: ipfw: 1500 Divert 8668 TCP 92.112.151.138:2894 78.154.162.242:3389 in via fxp0
Aug 2 14:51:26 router last message repeated 2 times
Aug 2 14:52:35 router kernel: ipfw: 1500 Divert 8668 TCP 92.112.151.138:2895 78.154.162.242:3389 in via fxp0
Aug 2 14:52:44 router last message repeated 2 times
Aug 2 14:55:03 router kernel: ipfw: 4300 Deny TCP 78.154.80.197:25900 78.154.162.242:139 in via fxp0
Aug 2 15:08:55 router kernel: ipfw: 4300 Deny TCP 78.154.80.197:25900 78.154.162.242:139 in via fxp0
Aug 2 15:12:19 router kernel: ipfw: 1700 Accept UDP 10.1.0.250:63362 10.1.0.247:53 in via rl0
Aug 2 15:12:19 router kernel: ipfw: 1600 Accept ICMP:3.3 10.1.0.247 10.1.0.250 out via rl0
Aug 2 15:12:22 router kernel: ipfw: 1700 Accept UDP 10.1.0.250:64279 10.1.0.247:53 in via rl0
Aug 2 15:12:22 router kernel: ipfw: 1600 Accept ICMP:3.3 10.1.0.247 10.1.0.250 out via rl0
Aug 2 15:12:24 router kernel: ipfw: 1700 Accept UDP 10.1.0.250:57788 10.1.0.247:53 in via rl0
Aug 2 15:12:24 router kernel: ipfw: 1600 Accept ICMP:3.3 10.1.0.247 10.1.0.250 out via rl0
Aug 2 15:12:26 router kernel: ipfw: 1700 Accept UDP 10.1.0.250:59401 10.1.0.247:53 in via rl0
Aug 2 15:12:26 router kernel: ipfw: 1600 Accept ICMP:3.3 10.1.0.247 10.1.0.250 out via rl0
Aug 2 15:12:28 router kernel: ipfw: 1700 Accept UDP 10.1.0.250:65282 10.1.0.247:53 in via rl0
Aug 2 15:12:28 router kernel: ipfw: 1600 Accept ICMP:3.3 10.1.0.247 10.1.0.250 out via rl0
Aug 2 15:12:30 router kernel: ipfw: 1700 Accept UDP 10.1.0.250:60684 10.1.0.247:53 in via rl0
Aug 2 15:12:30 router kernel: ipfw: 1600 Accept ICMP:3.3 10.1.0.247 10.1.0.250 out via rl0что не так
подскажите может что-то поправить убрать нужно
зарание ОЧЕНЬ благодарен за ответы
с Ув
уже 2 й день долбаюсь что-то не получается.