Jump to content

zamena ipfw+natd > ipf+ipnat

Hugle
 Share

Recommended Posts

Hugle

Hugle

Posted
Posted

privetstvuju vseh.

u meani est' rabotajushij script s ispolzyvanijem ipfw i natd

code:--------------------------------------------------------------------------------

 

gwip1="212.59.9.1"

gwip2="213.252.192.141"

gwip3="213.252.192.161"

gw1="212.59.9.59"

gw2="213.252.192.142"

gw3="213.252.192.162"

 

lan="192.168.0.0/16"

#

natd -a $gw2 -p 8672

 

#battle.net

ipfw add 100 divert 8672 tcp from $lan to not $lan 6111

ipfw add 101 divert 8672 tcp from $lan to not $lan 6112

ipfw add 102 divert 8672 tcp from $lan to not $lan 6113

ipfw add 103 divert 8672 tcp from $lan to not $lan 6114

ipfw add 104 divert 8672 tcp from $lan to not $lan 6115

ipfw add 105 divert 8672 tcp from $lan to not $lan 6116

ipfw add 106 divert 8672 tcp from $lan to not $lan 6117

ipfw add 107 divert 8672 tcp from $lan to not $lan 6118

ipfw add 108 divert 8672 tcp from $lan to not $lan 6119

 

ipfw add 150 divert 8672 udp from $lan to not $lan 6111

ipfw add 151 divert 8672 udp from $lan to not $lan 6112

ipfw add 152 divert 8672 udp from $lan to not $lan 6113

ipfw add 153 divert 8672 udp from $lan to not $lan 6114

ipfw add 154 divert 8672 udp from $lan to not $lan 6115

ipfw add 155 divert 8672 udp from $lan to not $lan 6116

ipfw add 156 divert 8672 udp from $lan to not $lan 6117

ipfw add 157 divert 8672 udp from $lan to not $lan 6118

ipfw add 158 divert 8672 udp from $lan to not $lan 6119

 

#################### DNS

ipfw add 200 divert 8672 tcp from $lan to not $lan 53

ipfw add 201 divert 8672 udp from $lan to not $lan 53

### eof DNS

 

ipfw add 250 fwd $gwip2 ip from $gw2 to any

ipfw add 260 divert 8672 ip from any to $gw2

########## eof GW2

 

 

natd -a $gw3 -p 8686

ipfw add 303 divert 8686 tcp from $lan to not $lan 80

ipfw add 306 divert 8686 tcp from $lan to not $lan 81

ipfw add 307 divert 8686 tcp from $lan to not $lan 110

ipfw add 309 divert 8686 tcp from $lan to not $lan 443

 

ipfw add 399 fwd $gwip3 ip from $gw3 to any

ipfw add 400 divert 8686 ip from any to $gw3

 

natd -a $gw1

ipfw add 1000 divert natd ip from $lan to not $lan

ipfw add 1001 divert natd ip from any to $gw1

### eof gw1

 

--------------------------------------------------------------------------------

 

ps. eto chaist' rabotajushego script'a

 

 

kak zamenit' eto na ipant + ipfiler ?

 

proboval tak:

 

/etc/ipf.rules

 

code:--------------------------------------------------------------------------------

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6111

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6112

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6113

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6114

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6115

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6116

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6117

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6118

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6119

 

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6111

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6112

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6113

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6114

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6115

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6116

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6117

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6118

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6119

################################# EoF War Craft III ################################

 

######################################## GAMES ###############################

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 4000

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 7787

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 7777

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 7877

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 7887

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 9990

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 27005

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 27015

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 27500

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 27501

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 27960

 

 

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 4000

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 7787

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 7777

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 7877

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 7887

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 9990

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 27005

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 27015

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 27500

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 27501

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 27960

################################## EoF GAMES ###############################

# DNS

pass in on fxp0 to vlan0:213.252.192.141 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 53

pass in on fxp0 to vlan0:213.252.192.141 proto udp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 53

 

# main gw (gw1)

pass in on fxp0 to rl0:213.252.192.161 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 22

pass in on fxp0 to rl0:213.252.192.161 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 25

pass in on fxp0 to rl0:213.252.192.161 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 79

pass in on fxp0 to rl0:213.252.192.161 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 80

pass in on fxp0 to rl0:213.252.192.161 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 81

pass in on fxp0 to rl0:213.252.192.161 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 110

pass in on fxp0 to rl0:213.252.192.161 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 113

pass in on fxp0 to rl0:213.252.192.161 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 443

pass in on fxp0 to rl0:213.252.192.161 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 5050

pass in on fxp0 to rl0:213.252.192.161 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 5190

pass in on fxp0 to rl0:213.252.192.161 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 6667

pass in on fxp0 to rl0:213.252.192.161 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 1863

pass in on fxp0 to rl0:213.252.192.161 proto tcp from 192.168.0.0/16 to ! 192.168.0.0/16 port = 2082

 

pass in on fxp0 to rl0:213.252.192.161 proto icmp from 192.168.0.0/16 to any

 

# unknown traffic go via gw3

pass in on fxp0 to rl1:212.59.9.1 proto ip from 192.168.0.0/16 to any

--------------------------------------------------------------------------------

 

 

/etc/ipnat.rules

 

code:--------------------------------------------------------------------------------

map fxp0 192.168.0.0/16 -> 213.252.192.162/32

map rl1 192.168.0.0/16 -> 212.59.9.59/32

map vlan0 192.168.0.0/16 -> 213.252.192.142/32

--------------------------------------------------------------------------------

 

 

no kogda zapuskal ping 192.168.1.8 (ip routera) polucahil reply ot 213.252.192.162

 

es't idei?

spasibo

Hugle

Hugle

Posted
  • Author
Posted

chiutok smenil ipant.rules

 

map 213.252.162.162 from 192.168.0.0/16 ! to 192.168.0.0/16 -> 213.252.192.162/32 portmap tcp/udp 10000:60000
map 213.252.162.162 from 192.168.0.0/16 ! to 192.168.0.0/16 -> 213.252.192.162/32
map rl1 from 192.168.0.0/16 ! to 192.168.0.0/16 -> 212.59.9.59/32 portmap tcp/udp 10000:60000
map rl1 from 192.168.0.0/16 ! to 192.168.0.0/16 -> 212.59.9.59/32
map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 -> 213.252.192.142/32 portmap tcp/udp 10000:60000
map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 -> 213.252.192.142/32
[code]
 
poskolku fxp0 eto setevoj interface + alias
no kogda ja dobavliaju pravila ipf.rules
ping do servera voobshe propadaet
hotia is SSH nevykidyvaet, i loginitsa normalno
na ftp tozhe zahodit...
 
pomogite dobrije liudi ;)
Spasibo bolshoe



			
		


		
			

				
					
				
				
			

		

		
	


	
    



	




					
					
					
				
			
			



		

	


	
	
	
	
	
		
	

			
				
				

	
		

			
Join the conversation

			

	
				
					You can post now and register later.
				
				If you have an account, sign in now to post with your account.
				
			

	
		

	




	
	
		
	
		
	
		
	
	
		
		
	
	

		

		


	
		Guest
	


		

			
				
					
				
					
						
    
							
  • 
								


	
	
	
	

								
							
    • 
						

					
				
					
				
			
			
				
					
						
							
						
						



    

		
		

			
		

		
			
 Reply to this topic...

		
		

			

				
					×
					  Pasted as rich text.   Paste as plain text instead
				
			

		

		

			

				  Only 75 emoji are allowed.
			

		

		

			

				×
				  Your link has been automatically embedded.   Display as a link instead
			

		

		

			

			

		

		

			

				×
				  Your previous content has been restored.   Clear editor
			

		

		

			

				×
				  You cannot paste images directly. Upload or insert images from URL.
			

		

		
	

		
	

	

	

		

			×
			
		

		

	



						
					
				
					
				
					
				
			
			
    
				
					
						
					
						
					
						
							
  • 
								



    

								
							
    • 
						
					
				
				
					
  • 

	

    • 
				
			

		

	



			
		

	

	
		

			

				
					


    
          Share
    

    

				
				
                

                


				
			

		

	







	

		
			
				Go to topic listing
			
		
	

	




						


					

					


					

				

			

			
		

		
		


	

		×
		

			
				

					
				

			

			

			

			
		

	






	

		×
		

			
    
				
  • Create New...
    • 
				
			

		

	



		
		

	
	



































	
















		
		
		
		
		
		
        
	
		






	

		

			

				На сайте используются файлы cookie и сервисы аналитики для корректной работы форума и улучшения качества обслуживания. Продолжая использовать сайт, вы соглашаетесь с использованием файлов cookie и с Политикой конфиденциальности.