- 论坛徽章:
- 0
|
我的pf.conf如下:
# macros
int_if = "em0"
ext_if = "em1"
tcp_services = "{ 22, 80 }"
icmp_types = "echoreq"
priv_nets = "{ 127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8 }"
webserver = "{192.168.18.90}"
# options
set block-policy return
set loginterface $ext_if
set skip on lo0
# scrub
scrub in all
# nat/rdr
rdr on $ext_if proto tcp from any to any port 80 -> $webserver port 80
# filter rules
block all
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state
pass in log on $ext_if proto tcp from any to $webserver port 80 \
flags S/SA synproxy state
pass in on $ext_if inet proto tcp from port 20 to ($ext_if) \
user proxy flags S/SA keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
但出现问题如下:
root</etc>pfctl -ss
self tcp 192.168.18.90:80 <- 192.168.18.103:80 <- 192.168.18.155:1479 CLOSED:SYN_SENT
self tcp 192.168.18.90:80 <- 192.168.18.103:80 <- 192.168.18.155:1480 CLOSED:SYN_SENT
直接访问192.168.18.90是可以的,请问有谁知道问题在哪吗
[ 本帖最后由 右亦非 于 2006-4-19 20:27 编辑 ] |
|
免费注册
发表于 2006-04-19 20:19
发表于 2006-04-25 14:39