Re: ISDN als Gateway

From: Alexander Langer <alex(at)big.endian.de>
Date: Thu, 17 Feb 2000 16:51:19 +0100



Also sprach Christoph Prevezanos (Christoph.Prevezanos(at)Uni-Bielefeld.de):



> defaultrouter="0.0.0.1"



da habe ich -interface isp0, aber da ping geht, sollte das ok sein.



> In /etc/rc.firewall steht folgendes (laut Handbuch) :


> /sbin/ipfw -f flush


> /sbin/ipfw add divert natd all from any to any via isp0


> /sbin/ipfw add pass all from any to any



Sieth ok aus.



Ich tu mal meine config:



ifconfig_isp0="link1 0.0.0.0 0.0.0.1 down"



firewall_enable="YES"           # Set to YES to enable firewall


functionality


firewall_type="/etc/firewall"           # Firewall type (see


/etc/rc.firewall)



natd_enable="YES"                # Enable natd if firewall_enable.


natd_interface="isp0"           # Public interface to use with natd if


natd_enab


le.


natd_flags="-dynamic -f /etc/natd.conf" # Additional flags for natd.



/etc/firewall ist dann:



############


# Only in rare cases do you want to change these rules


add 100 pass all from any to any via lo0


add 200 deny all from any to 127.0.0.0/8



############


# Stop RFC1918 nets on the outside interface


#add deny all from 192.168.0.0:255.255.0.0 to any via isp0 


#add deny all from any to 192.168.0.0:255.255.0.0 via isp0 


add deny all from 172.16.0.0:255.240.0.0 to any via isp0 


add deny all from any to 172.16.0.0:255.240.0.0 via isp0 


add deny all from 10.0.0.0:255.0.0.0 to any via isp0 


add deny all from any to 10.0.0.0:255.0.0.0 via isp0 



############


# Allow TCP through if setup succeeded


add pass tcp from any to any established



############


# Allow setup of incoming email 


add pass tcp from any to 0.0.0.0:0.0.0.0 25 setup



############


# Allow access to our DNS


# No


# $fwcmd add pass tcp from any to ${oip} 53 setup



############


# Starcraft -- start natd with -redirect_port!


add pass tcp from any to any 6112 setup


add pass udp from any to any 6112 



##########


# BO und netbus (for fakebo)


add pass tcp from any to 0.0.0.0/0 12345 setup


add pass udp from any to any 31337



#############


# Allow DNS queries out in the world


add pass udp from any 53 to any via isp0


add pass udp from any to any 53 via isp0



#############


# identd


add pass tcp from any to 0.0.0.0/0 113 setup


add pass udp from any to any 113



#############


# SAFT


add pass tcp from any to 0.0.0.0/0.0.0.0 487 setup



#############


# IRCNet Servers are checking if your SOCKS Port is open


add reject tcp from any to 0.0.0.0/0.0.0.0 1080 setup



#############


# HTTP


add pass tcp from any to 0.0.0.0/0.0.0.0 80 setup



# Reject&Log all setup of incoming connections from the outside


add deny log tcp from any to any in via isp0 setup



meine /etc/natd.conf


root(at)neutron ~ $ cat /etc/natd.conf 


redirect_port tcp 192.168.0.10:6112 6112


redirect_port udp 192.168.0.10:6112 6112


redirect_port tcp 192.168.0.10:113 113



Alex



To Unsubscribe: send mail to majordomo(at)de.FreeBSD.org


with "unsubscribe de-bsd-questions" in the body of the message


Received on Thu 17 Feb 2000 - 16:49:07 CET













search this site