Страница 1 из 1

pf и проброс

Добавлено: 2013-12-23 9:24:33
Spook1680
юзаю тему pf до этого только с ipfw работал.

вопрос
на тест. серваке не получ. пробросить rdp где косепорю((?

Код: Выделить всё

pf.conf
ext_if="rl0"                                                                                                                  
lan_if="ale0"                                                                                                                 
logopt="log"                                                                                                                  
pubserv="{443,3389,22}"                                                                                                
lanserv="{22,2743,10000,53,67,80,443,3389,5901,25,110}"                                                                  
samba_ports="{137,138,130}"                                                                                                   
icmp_types="echoreq"                                                                                                          
lan_net="{192.168.0/24}"                                                                                                      
                                                                                                                              
#scrub in all                                                                                                                 
                                                                                                                              
non_route_nets_inet="{0.0.0.0/8, 10.0.0.0/8, 127.0.0.0/8, 169.254.0.0/16, 255.255.255.255}"                                   
set block-policy return                                                                                                       
set loginterface $ext_if                                                                                                      
set skip on lo0                                                                                                               
scrub out all random-id                                                                                                       
#                                                                                                                             
                                                                           
nat on $ext_if from $lan_net to any -> ($ext_if)                                                                              
rdr on $ext_if inet proto tcp from any to ($ext_if) port 3389 -> 192.168.0.121 port 3389                                        

#
block all
antispoof quick for $ext_if
#
pass in quick on lo0 all
pass out quick on lo0 all
#
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $ext_if inet proto {tcp udp} from any to any port $pubserv flags S/SA keep state
pass out on $ext_if inet proto {tcp udp} from any to any port $pubserv keep state
pass in on {$lan_if} inet proto {tcp udp} from $lan_net to any port $lanserv keep state
pass in on $ext_if proto tcp to any port 3389
pass out on $ext_if keep state

Re: pf и проброс

Добавлено: 2013-12-23 11:13:37
Spook1680
вопрос закрыт таким вот путем

Код: Выделить всё

 
rdr on $ext_if inet proto tcp from any to $ext_if port rdp tag rdp -> 192.168.0.121 port rdp
pass in quick on $ext_if tagged rdp keep state
pass out quick on $lan_if keep state tagged rdp?