您当前的位置:主页 > 开源无价 >
FREEBSD双网卡nat+防火墙+内网端口转发实验
发布时间:2015-09-06 11:33 点击: 编辑:admin
FREEBSD双网卡nat+防火墙+内网端口转发实验
两台机:一台FREEBSD6.1(双网卡rl0接外网dhcpIp 172.168.0.110;rl1接内网rl1="inet 192.168.1.1 netmask 255.255.255.0") 一台XPIP:192.168.1.8 网关192.168.1.1 交换机一台
使用FreeBSD系统构建NAT及防火墙,首先要对内核进行修订。
以root身份登录,进行如下操作:
device pflog 4 tt=u]:
device pfsync &3~R-$P
options ALTQ >BMtR0
options ALTQ_CBQ i8/"|+Z
ifconfig_rl0="DHCP" )B^T7{
hostname="localhost" (bogA i3<F
ifconfig_rl1="inet 192.168.1.1 netmask 255.255.255.0" BLo=@C%w5
gateway_enable="YES" %G]WOq=q
inetd_enable="YES" y(r(q
pf_enable="YES" B{Lzgw u;
pf_rules="/etc/pf.conf" qS[nf>"
pf_flags="" }4*~*NoQ
pflog_enable="YES" `[4{]jX+<
pflog_logfile="/var/log/pflog" s9?H#^Y5u
sshd_enable="YES" qP[jtRIN
在/etc/sysctl.conf中添加如下内容 (DKQHL;
lan_if="rl1" O ;B[ZMV
inter_net="192.168.1.1/24" E"Y[k8-:2/
web_server="192.168.1.8" RMxFo\TK;
ftp_server="192.168.1.8" {cAGOxwd
scrub in all $[*<e~?
nat on $wan_if from $inter_net to any -> rl0
rdr on rl1 proto tcp from $lan_if to any port 80 -> $lan_if port 80
rdr on rl1 proto tcp from any to any port 21 -> 127.0.0.1 port 8021 B P0*`TY
#rdr on rl0 proto tcp from any to $wan_if port 80 ->$web_server port 8080 UJQGwTA W
#rdr on rl1 proto tcp from $lan_if to $wan_if port 80 ->$web_server port 8080
rdr on $wan_if proto tcp from any to any port 21 -> $ftp_server port 21 w:[\G%yQ
rdr on $wan_if proto tcp from any to any port 49152:65535 -> $ftp_server port 49152:65535
# in on $wan_if 10e~Yc
pass in quick on $wan_if proto tcp from any to $ftp_server port 21 keep state T [2l32
pass in quick on $wan_if proto tcp from any to $ftp_server port > 49151 keep state
# out on $lan_if _B^Q;54c
pass out quick on $lan_if proto tcp from any to $ftp_server port 21 keep state Z {*<G x
pass out quick on $lan_if proto tcp from any to $ftp_server port > 49151 keep state
#Disable danger port 6^"Spf]
#Danger_Port="{445 135 139 593 5554 9995 9996}" &X OFc.u
#block quick on $wan_if inet proto tcp from any to any port $Danger_Port 59M\uVWR
#block quick on $wan_if inet proto tcp from any to any port $Danger_Port (<xl _L:*.
pass in all ~k'SP(6#C
pass out all v_e3ZA:%
reboot
XP的机器设置IP
IP:192.168.1.8
子网掩码255.255.255.0
网关192.168.1.1
DNS:221.228.255.1
XP的机器能上网了,NET OK~
XP的80端口开了IIS,访问172.168.0.110能访问到192.168.1.8:80的IIS信息,端口转向OK~
到此实验成功~~~
2007-01-30 10:10
角落男孩