View Single Post
  #5   (View Single Post)  
Old 17th September 2008
Calderon's Avatar
Calderon Calderon is offline
Real Name: Patrick Lindholm
Fdisk Soldier
 
Join Date: May 2008
Location: Finland
Posts: 60
Default

Here´s what i tried based on that but nothing seems to come back? or does it even go out. pftop snip attached below my conf.

Code:
ext_if1="bfe0"  # Ulkoverkon kortti (DSL)
ext_if2="dc0"   # Ulkoverkon kortti (Static)
int_if="xl0"   # Sisäverkon kortti
ext_gw1="88.193.77.121"
ext_gw2="88.193.68.22"
# Macros
lahiverkko = $int_if:network
icmp_types = "{ 0, 3, 11 }"
#LAN machine 1 (pate)
pate = "{ 192.168.0.2 }"
patetcp = "{ 1412, 49995, 61027 }"      #TCP portit, erottele pilkulla, jotka ohjataan koneelle (pate)
pateudp = "{ 1412, 49995, 61027 }"      #UDP portit,  -   "  -

#LAN machine 2 (texina)
texina = "{ 192.168.0.3 }"
texinatcp = "{ 1414, 2412, 8085, 50200 }"       #TCP portit
texinaudp = "{ 1414, 2412 }"                    #UDP portit
#tablet
table <nonroutable> persist { 192.168.0.0/16, 127.0.0.0/8, 172.16.0.0/12,10.0.0.0/8, 0.0.0.0/8, 169.254.0.0/16,192.0.2.0/24, 204.152.64.0/23, \
224.0.0.0/3,255.255.255.255/32 }

# options
set block-policy return
set optimization aggressive
set loginterface $ext_if1
set loginterface $ext_if2
set skip on lo0
# scrub , Järjestele ja tarkista kaikki paketit sisään
scrub in all

# Nat ja Uudelleenohjaukset (Hoidettu ylempänä makroilla, ei tarvitse välttämättä vaihtaa alempia)
nat on $ext_if1 from $int_if:network to any -> ($ext_if1)
nat on $ext_if2 from $int_if:network to any -> ($ext_if2)
rdr pass on $ext_if1 proto tcp from any to any port $patetcp -> $pate
rdr pass on $ext_if1 proto udp from any to any port $pateudp  -> $pate
rdr pass on $ext_if1 proto tcp from any to any port $texinatcp  -> $texina
rdr pass on $ext_if1 proto udp from any to any port $texinaudp  -> $texina

# rules
# block in log all
block in from any to any
block out from any to any
#block out on { $ext_if1 , $ext_if2 } from any to <nonroutable>
#block in log quick on { $ext_if1 , $ext_if2 } from <nonroutable> to any

#  pass all outgoing packets on internal interface
pass out on $int_if from any to $lahiverkko

#  pass in quick any packets destined for the gateway itself
pass in quick on $int_if from $lahiverkko to $int_if

pass in quick on $int_if route-to \
   ($ext_if2 $ext_gw2) \
  proto udp from $lahiverkko port 28960 to any keep state

pass in on $int_if route-to \
   ($ext_if1 $ext_gw1) \
   from $lahiverkko to any keep state

#  general "pass out" rules for external interfaces
pass out on { $ext_if1 , $ext_if2 } from any to any

#  route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
#  $ext_if2 and $ext_gw2

pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any

#web and ssh on ADSL
pass in quick on $ext_if1 inet proto tcp from any to ($ext_if1) port 80 keep state
pass in quick on $ext_if1 inet proto tcp from any to ($ext_if1) port 22 keep state

Code:
tcp   In  192.168.0.2:2328      128.30.52.52:80                                  CLOSED:SYN_SENT     00:00:01  00:00:29      1     48                   48  5
tcp   Out 192.168.0.2:2328      128.30.52.52:80       88.193.77.121:59053      SYN_SENT:CLOSED       00:00:01  00:00:29      1     48                   48  6
tcp   In  192.168.0.2:2329      128.30.52.52:80                                  CLOSED:SYN_SENT     00:00:01  00:00:29      1     48                   48  5
tcp   Out 192.168.0.2:2329      128.30.52.52:80       88.193.77.121:65359      SYN_SENT:CLOSED       00:00:01  00:00:29      1     48                   48  6
?

What am i missing. I also tested to connect via port 28960 udp from my lan and pftop showed that its going out on right if. above i got when tried to open page with browser, which timed out after a while. atleast box can connect because my dnsmasq can provide dns information to LAN computers.

Last edited by Calderon; 17th September 2008 at 06:06 AM. Reason: additional information
Reply With Quote