ipfw divert keep-state

VUlik at cz.soluziona.com VUlik at cz.soluziona.com
Sun Jul 23 12:15:22 CEST 2006

Previous message: apache2_php4 a libphp4.so
Next message: ipfw divert keep-state
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Zdravim,
 Pomalicku sedivim, neb se mi nepodarilo efektivne rozchodit natovani do
specificke destinace. Pokud mam state pravidlo (napr 17600) nedojde vubec
k k divertu. Odeberu-li keep-state k natu dojde, ale zase je treba pred
pravidlem deny established (04500) povolit explicitne zpatecni provoz
vcetne stavu. Netusi nekdo jak to elegantne nastavit?

Diky V.

01400      21       1080 divert 8668 tcp from
192.168.34.0/24,192.168.35.0/24,192.168.2.0/24 to
195.141.65.64/26,195.141.65.128/26 out via vlan1

01500      29       1348 divert 8668 tcp from
195.141.65.64/26,195.141.65.128/26 to me in via vlan1

02000      21       1080 allow tcp from me to
195.141.65.64/26,195.141.65.128/26 out via vlan1

04400       0          0 check-state
04500     979      41748 deny log logamount 10000000 tcp from any to any
established

17600      12        600 allow tcp from 192.168.2.0/24 to
195.141.65.64/26,195.141.65.128/26 dst-port 80,443,3002,3003 in via em3
keep-state

17700       0          0 allow tcp from 192.168.22.0/24 to
195.141.65.64/26,195.141.65.128/26 dst-port 80,443,3002,3003 in via vlan22
keep-state

17800       0          0 allow tcp from 192.168.34.0/24 to
195.141.65.64/26,195.141.65.128/26 dst-port 80,443,3002,3003 in via tap0
keep-state

17900       0          0 allow tcp from 192.168.35.0/24 to
195.141.65.64/26,195.141.65.128/26 dst-port 80,443,3002,3003 in via tap0
keep-state

Previous message: apache2_php4 a libphp4.so
Next message: ipfw divert keep-state
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list