os4_bsd_freebsd_ip_port-forwarding
ip_port-forwarding
BACK ..
IP- und Port-Forwarding
=======================
> cd /usr/src/sys/i386/conf/
> cp GENERIC MYKERNEL
> vi MYKERNEL
options IPFIREWALL
options IPFIREWALL_VERBOSE # Optional
options IPFIREWALL_DEFAULT_TO_ACCEPT # Optional
options IPDIVERT
options RANDOM_IP_ID # Optional
options IPSTEALTH # Optional
#options DUMMYNET # Optional
#options BRIDGE # Optional
> cd /usr/src
> make buildkernel KERNCONF=MYKERNEL
...
> make installkernel KERNCONF=MYKERNEL
> reboot
> vi /etc/rc.conf
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="xl0"
natd_flags="-u -f /etc/natd.conf"
tcp_drop_synfin="YES" # Optional
icmp_drop_redirect="YES" # Optional
ifconfig_xl0="inet 198.213.17.133 netmask 255.255.255.240 media 100baseTX mediaopt full-duplex"
ifconfig_xl1="inet 192.168.20.1/24 media 100baseTX mediaopt full-duplex"
ifconfig_xl1_alias0="192.168.20.254/32"
ifconfig_xl1_alias1="192.168.40.1/24"
ifconfig_xl1_alias2="192.168.40.254/32"
defaultrouter="198.213.17.142"
gateway_enable="YES"
> vi /etc/rc.firewall
DIVDEV="xl0"
/sbin/ipfw -f flush
/sbin/ipfw add 00100 allow ip from any to any via lo0
/sbin/ipfw add 00200 deny ip from any to 127.0.0.0/8
/sbin/ipfw add 00300 deny ip from 127.0.0.0/8 to any
/sbin/ipfw add 00400 divert natd all from any to any via ${DIVDEV}
... (weitere Regeln nach eigenem Wunsch) ...
/sbin/ipfw add 10000 pass all from any to any
> vi /etc/natd.conf
### man natd
log yes # Optional (logt in der /var/log/alias.log)
redirect_port tcp 192.168.20.2:80 8002
redirect_port tcp 192.168.40.2:80 9002
...
redirect_port tcp 192.168.20.253:80 8253
redirect_port tcp 192.168.40.253:80 9253
[IMG]
/home/http/wiki/data/pages/os4_bsd_freebsd_ip_port-forwarding.txt · Zuletzt geändert: von 127.0.0.1