Dotaz Packet Filter

Jiri Mikulas konfer at mikulas.com
Thu Jan 13 11:39:18 CET 2005


Ok
pro rejpavce z IRC ;)

ext_if="fxp0"
# nexthop
ext_gw="1.2.3.4"
czf_net="10.0.0.0/8"
table <fwd_table> persist file "/etc/pf.fwd-table"

## policy routing ##########################################################
pass out quick route-to ($ext_if $ext_gw) \
    proto tcp from <fwd_table> to !$czf_net flags S/SA modulate state
pass out quick route-to ($ext_if $ext_gw) \
    proto { udp, icmp } from <fwd_table> to !$czf_net keep state
#############################################################################

pripadne pokud se FWDuje IP z iface na boxu kde se dela fwd, tak je 
poteba dat jeste pravidla reply-to

 pass in quick on $ext_if reply-to ($ext_if $ext_gw) proto tcp from 
!$czf_net to $local_ip flags S/SA modulate state
 pass in quick on $ext_if reply-to ($ext_if $ext_gw) proto { udp, icmp } 
from any to $local_ip keep state

promenne si upravte podle potreby ;)

guli


Jiri Mikulas wrote:

> Uz nemusite odpovidat
> uz je to vyresene :)
> guli
>
> Tomas Randa wrote:
>
>> Dobry den,
>>
>> zkousim prejit z IPFW na PF, ale potreboval bych nejak nahradit 
>> funkcni IPFW FWD, je to mozne s timto pf? Konkretne se mi jedna o to, 
>> abych mohl urcitym blokum IP adres z jednoho rozhrani davat rozdilne 
>> gatewaye.
>>
>> Nenasel by se tu nekdo kdo by mi bych schopen odpovedet?
>>
>> Dekuji Tomas Randa.
>
>
>




More information about the Users-l mailing list