pf и проброс
Добавлено: 2013-12-23 9:24:33
юзаю тему pf до этого только с ipfw работал.
вопрос
на тест. серваке не получ. пробросить rdp где косепорю((?
вопрос
на тест. серваке не получ. пробросить rdp где косепорю((?
Код: Выделить всё
pf.conf
ext_if="rl0"
lan_if="ale0"
logopt="log"
pubserv="{443,3389,22}"
lanserv="{22,2743,10000,53,67,80,443,3389,5901,25,110}"
samba_ports="{137,138,130}"
icmp_types="echoreq"
lan_net="{192.168.0/24}"
#scrub in all
non_route_nets_inet="{0.0.0.0/8, 10.0.0.0/8, 127.0.0.0/8, 169.254.0.0/16, 255.255.255.255}"
set block-policy return
set loginterface $ext_if
set skip on lo0
scrub out all random-id
#
nat on $ext_if from $lan_net to any -> ($ext_if)
rdr on $ext_if inet proto tcp from any to ($ext_if) port 3389 -> 192.168.0.121 port 3389
#
block all
antispoof quick for $ext_if
#
pass in quick on lo0 all
pass out quick on lo0 all
#
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $ext_if inet proto {tcp udp} from any to any port $pubserv flags S/SA keep state
pass out on $ext_if inet proto {tcp udp} from any to any port $pubserv keep state
pass in on {$lan_if} inet proto {tcp udp} from $lan_net to any port $lanserv keep state
pass in on $ext_if proto tcp to any port 3389
pass out on $ext_if keep state