admin666
13-04-2009, 17:17
Доброе время суток!
Хочу сделать шлюз для интернета на FREEBSD 7
Читаю статью, написано пересобрать ядро с параметрами
options IPFILTER # Сам IPFILTER .
options IPFILTER_LOG # Включение протоколирования.
options IPFILTER_DEFAULT_BLOCK # Блокировать всё на всех сетевых
Пересобираю uname -a кажет нужное ядро
говориться добавить в rc.conf
# -- IPF
ipfilter_enable="YES" # Start ipf firewall
ipfilter_rules="/etc/ipf.rules" # loads rules definition text file
ipmon_enable="YES" # Start IP monitor log
ipmon_flags="-Ds" # D = start as daemon
# s = log to syslog
# v = log tcp window, ack, seq
# n = map IP & port to names
gateway_enable="YES" # Enable as LAN gateway
ipnat_enable="YES" # Start ipnat function
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
ОК добавил
создал фаил /etc/ipf.rules
# -- No restrictions on Loopback Interface [1]
pass in quick on lo0 all
pass out quick on lo0 all
# -- No restrictions on Local Interface [2]
pass in quick on fxp0 all
pass out quick on fxp0 all
# -- Let clients behind the firewall send out to the internet,
# -- and replies to come back in by keeping state [3]
pass out quick on rl0 proto tcp all keep state
pass out quick on rl0 proto udp all keep state
pass out quick on rl0 proto icmp all keep state
# -- Let's people access the services running on
# -- this system [4]
pass in quick on rl0 proto tcp from any to any\
port 30000 >< 50000 flags S keep state #PASV FTP
# FTP
pass in quick on rl0 proto tcp from any to any port = 21
# SSH
pass in quick on rl0 proto tcp from any to any port = 22
pass in log quick on rl0 proto icmp from any \
# Ping
to 62.16.105.195/8 icmp-type 8 keep state
# DNS
pass in quick on rl0 proto tcp/udp from any to any port = 53
# WWW
pass in quick on rl0 proto tcp from any to any port = 80
# RAdmin
pass in quick on rl0 proto tcp from any to any port = 4899
перезапускаю routing
он выдает
ipfilter_enable not found
ipfilter_rules not found
ipmon_enable not found
ipmon_flags not found
gateway_enable not found
ipnat_rules not found
Ну и соответственно ничего не работает!!!!
Вопрос что делать и где копать. Или проверенную статью посоветуйте.
Хочу сделать шлюз для интернета на FREEBSD 7
Читаю статью, написано пересобрать ядро с параметрами
options IPFILTER # Сам IPFILTER .
options IPFILTER_LOG # Включение протоколирования.
options IPFILTER_DEFAULT_BLOCK # Блокировать всё на всех сетевых
Пересобираю uname -a кажет нужное ядро
говориться добавить в rc.conf
# -- IPF
ipfilter_enable="YES" # Start ipf firewall
ipfilter_rules="/etc/ipf.rules" # loads rules definition text file
ipmon_enable="YES" # Start IP monitor log
ipmon_flags="-Ds" # D = start as daemon
# s = log to syslog
# v = log tcp window, ack, seq
# n = map IP & port to names
gateway_enable="YES" # Enable as LAN gateway
ipnat_enable="YES" # Start ipnat function
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
ОК добавил
создал фаил /etc/ipf.rules
# -- No restrictions on Loopback Interface [1]
pass in quick on lo0 all
pass out quick on lo0 all
# -- No restrictions on Local Interface [2]
pass in quick on fxp0 all
pass out quick on fxp0 all
# -- Let clients behind the firewall send out to the internet,
# -- and replies to come back in by keeping state [3]
pass out quick on rl0 proto tcp all keep state
pass out quick on rl0 proto udp all keep state
pass out quick on rl0 proto icmp all keep state
# -- Let's people access the services running on
# -- this system [4]
pass in quick on rl0 proto tcp from any to any\
port 30000 >< 50000 flags S keep state #PASV FTP
# FTP
pass in quick on rl0 proto tcp from any to any port = 21
# SSH
pass in quick on rl0 proto tcp from any to any port = 22
pass in log quick on rl0 proto icmp from any \
# Ping
to 62.16.105.195/8 icmp-type 8 keep state
# DNS
pass in quick on rl0 proto tcp/udp from any to any port = 53
# WWW
pass in quick on rl0 proto tcp from any to any port = 80
# RAdmin
pass in quick on rl0 proto tcp from any to any port = 4899
перезапускаю routing
он выдает
ipfilter_enable not found
ipfilter_rules not found
ipmon_enable not found
ipmon_flags not found
gateway_enable not found
ipnat_rules not found
Ну и соответственно ничего не работает!!!!
Вопрос что делать и где копать. Или проверенную статью посоветуйте.