pf.conf помогите поправить

Ответить
Sasha462
Сообщения: 225
Зарегистрирован: Ср дек 27, 2006 2:45 pm
Откуда: Львов

pf.conf помогите поправить

Сообщение Sasha462 »

конфиг рабочий
но есть проблема если сайт проверяет с какой айпишки работает то тут начитается проблема (даний сайт не работает).
Тут я незнаю что делать.
одно ДНСП другое ПППое . Два ДХСП неможет бить


lan_net = "10.10.10.0/24"
lan_net1 = "192.168.3.0/24"
int_if = "em0"
ext_if1 = "fxp0" # DHCP
ext_if2 = "tun0" #PPPOE
ext_gw1 = "*.*.244.1"
int_in1= "*.*.*.20"
ext_gw2 = "*.*.16.34"
ext_if = "{ fxp0, tun0 }"
my_office_comp = "192.168.3.220".

table <ssh-trust> { *.*.16.193/27, *.*.16.19/32, *.*.244.64/32, *.*.244.20/32, *.*.96.228/32 }

# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
scrub in on !lo0 all
scrub out on !lo0 all

#rdr
rdr pass on $ext_if1 proto tcp from any to $ext_if1 port 3139 -> $my_office_comp port 3389
rdr pass on $ext_if1 proto tcp from any to $ext_if1 port 8020 -> $my_office_comp port 8080

#rdr pass on $ext_if1 proto tcp from any to *.*.*.20 port 3139 -> $my_office_comp port 3389
#rdr pass on $ext_if1 proto tcp from any to *.*.*.20 port 8020 -> $my_office_comp port 8080


# Masquarading
nat on $ext_if1 from $lan_net to any -> ($ext_if1)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)

pass quick on lo0 all

pass in quick on $ext_if from <ssh-trust> to any
pass out quick on $ext_if from any to <ssh-trust>

# odonoklasniki.ru
pass out quick on $ext_if1 from $lan_net to 217.20.144.0/24
pass out quick on $ext_if1 from $lan_net to 217.20.145.0/24
pass out quick on $ext_if1 from $lan_net to 217.20.149.0/24

#VKONTAKTE
pass out quick on $ext_if1 from $lan_net to 87.240.188.0/32
pass out quick on $ext_if1 from $lan_net to 93.186.224.0/32
pass out quick on $ext_if1 from $lan_net to 87.240.188.0/24
pass out quick on $ext_if1 from $lan_net to 66.220.156.32/32
pass out quick on $ext_if1 from $lan_net to 209.85.149.0/24
#pass out quick on $ext_if1 from $lan_net to 209.85.149.190/32

#YAXY
pass out quick on $ext_if1 from $lan_net to 69.147.112.160/32
pass out quick on $ext_if1 from $lan_net to 188.40.74.9/32



pass in log quick proto tcp from any to *.*.*.20port 80
pass out log quick proto tcp from *.*.*.20 port 80 to any
pass in log quick proto tcp from any to *.*.*.20 port 25
pass out log quick proto tcp from *.*.*.20 port 25 to any
pass in log quick proto tcp from any to *.*.*.20 port 110
pass out log quick proto tcp from *.*.*.20 port 110 to any

#pass out log quick proto tcp from *.*.*.20 port 3389 to any
#pass out log quick proto tcp from *.*.*.20 port 8020 to any


pass in log quick proto tcp from any to *.*.244.20 port 8020
pass out log quick proto tcp from *.*.244.20 port 8020 to any

block out log quick on $ext_if proto tcp from any to any port 136:140

#block in log quick on $ext_if proto tcp from any to any port 8000
#block in log quick on $ext_if proto tcp from any to any port 1408
#block in log quick on $ext_if proto tcp from any to any port 901
#block in log quick on $ext_if proto tcp from any to any port 3306
#block in log quick on $ext_if proto udp from any to any port 1812:1813

block in all
block out all

pass in route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto tcp from $lan_net to any flags S/SA modulate state

pass in route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto { udp, icmp } from $lan_net to any keep state

pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state

pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
Вернуться к началу
Ответить

Вернуться в «Сообщения об ошибках и поддержка»