Страница 1 из 1

PF+NAT+RDR

Добавлено: 2009-03-24 0:09:10
Gillian
Уважаемые просьба помочь , вижу , что натит , не вижу чтобы редиректил, где косяк?

Код: Выделить всё

nat pass on xl0 inet from 192.168.100.0/24 to any -> $ext_if round-robin
  [ Evaluations: 76        Packets: 249       Bytes: 14865       States: 3     ]
  [ Inserted: uid 0 pid 3258 ]
rdr inet proto tcp from 192.168.100.0/24 to any port = http -> 127.0.0.1 port 3128
  [ Evaluations: 65        Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: uid 0 pid 3258 ]

Код: Выделить всё

int_if="sk0"
ext_if="xl0"
lan_work="192.168.100.0/24"
udp_srv="{ 53 }"
tcp_srv="{ 22, 25, 53, 80, 110, 123, 443,  1325, 1700, 3900, 4040, 5190 }"
icmp_types="{ echoreq, unreach }"
priv_net="{ 10.0.0.0/8, 172.16.0.0/16, 0.0.0.0/8, 169.254.0.0/16, 224.0.0.0/4, 240.0.0.0/4 }"

set block-policy drop
set skip on lo0
set skip on $int_if
scrub in all
scrub out all
nat pass on $ext_if from $lan_work to any -> $ext_if
rdr proto tcp from $lan_work to any port 80 -> 127.0.0.1 port 3128
antispoof quick for $int_if
antispoof quick for $ext_if
pass in quick proto tcp tagged scanning flags S/SA modulate state
table <sshguard> persist
block in quick on $ext_if proto tcp from <sshguard> to any port 22 label "ssh bruteforce"
block all
block drop in quick on $ext_if from $priv_net to any
block drop out quick on $ext_if from any to $priv_net
pass in log on $ext_if inet proto tcp from any to ($ext_if) port $tcp_srv flags S/SA keep state
pass in on $ext_if inet proto udp from any to any port $udp_srv
pass out log on $ext_if inet proto tcp from ($ext_if) to any port $tcp_srv flags S/SA keep state
pass out on $ext_if proto { udp, icmp, gre } all keep state
pass log inet proto icmp all icmp-type $icmp_types

Re: PF+NAT+RDR

Добавлено: 2009-03-24 2:01:15
paradox
не редиректит наверное потому что по нату прошло и имеет уже другой формат пакета
а может и хз

pflog в помощь