fenixna 1 Posted 2015-09-26 09:09:58 Share Posted 2015-09-26 09:09:58 firewall.conf !/bin/sh # netflow stats /usr/local/sbin/softflowd -i em2 -n 192.168.56.93:42111 # firewall command FwCMD="/sbin/ipfw" ${FwCMD} -f flush # Networks define ${FwCMD} table all flush ${FwCMD} table 2 add 172.16.0.0/22 ${FwCMD} table 3 add 172.16.3.0/24 ${FwCMD} table 4 add 172.16.4.0/24 ${FwCMD} table 5 add 172.16.5.0/24 ${FwCMD} table 6 add 172.16.6.0/24 #${FwCMD} table 9 add DHCP/32 ${FwCMD} table 9 add 192.168.56.0/24 ${FwCMD} add 2 deny udp from any to any 139 #NAT ${FwCMD} nat 1 config log if em1.3 reset same_ports ${FwCMD} add 6000 nat 1 ip from table\(3\) to not table\(9\) via em1.3 #${FwCMD} add 6001 nat 1 ip from any to DHCP via em1.3 # in 6001 rule must be my external IP ${FwCMD} nat 2 config log if em1.5 reset same_ports ${FwCMD} add 6010 nat 2 ip from table\(5\) to not table\(9\) via em1.5 ${FwCMD} add 6011 nat 2 ip from any to 2.2.2.2 via em1.5 ${FwCMD} add 6012 allow all from 172.16.5.0/24 to me via em1.5 ${FwCMD} add 6013 allow all from me to 172.16.5.0/24 via em1.5 # in 6001 rule must be my external IP ${FwCMD} nat 3 config log if em1.6 reset same_ports #${FwCMD} nat 3 config log ip 1.1.2.2 ${FwCMD} add 6020 nat 3 log ip from table\(6\) to not table\(9\) ${FwCMD} add 6021 fwd 1.1.1.1 log all from 1.1.2.2 to any ${FwCMD} add 6022 nat 3 log ip from any to any in via em1.6 #${FwCMD} add 6022 allow all from 172.16.6.0/24 to me via em1.6 #${FwCMD} add 6023 allow all from me to 172.16.6.0/24 via em1.6 # in 6001 rule must be my external IP rc.conf hostname="ubilling" ifconfig_em0="192.168.56.94/24" ifconfig_em1="UP" vlans_em1="3 4 5 6" ifconfig_em1_4="DHCP" ifconfig_em1_5="DHCP" ifconfig_em1_6="DHCP" ifconfig_em2="172.16.1.1/24" ifconfig_em2_alias0="inet 172.16.5.1 netmask 255.255.255.0" ifconfig_em2_alias1="inet 172.16.6.1 netmask 255.255.255.0" ifconfig_em2_alias2="inet 172.32.0.1 netmask 255.255.240.0" ifconfig_em2_alias3="inet 172.16.4.1 netmask 255.255.255.0" sshd_enable="YES" radiusd_enable="YES" snmptrapd_enable="YES" snmptrapd_flags="-On -A -c /usr/local/etc/snmptrapd.conf" powerd_enable="YES" local_unbound_enable="YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev="AUTO" # ====== added by UBinstaller ==== Link to post Share on other sites
fenixna 1 Posted 2015-09-26 09:38:14 Author Share Posted 2015-09-26 09:38:14 firewall.conf !/bin/sh # netflow stats /usr/local/sbin/softflowd -i em2 -n 192.168.56.93:42111 # firewall command FwCMD="/sbin/ipfw" ${FwCMD} -f flush # Networks define ${FwCMD} table all flush ${FwCMD} table 2 add 172.16.0.0/22 ${FwCMD} table 3 add 172.16.3.0/24 ${FwCMD} table 4 add 172.16.4.0/24 ${FwCMD} table 5 add 172.16.5.0/24 ${FwCMD} table 6 add 172.16.6.0/24 #${FwCMD} table 9 add DHCP/32 ${FwCMD} table 9 add 192.168.56.0/24 ${FwCMD} add 2 deny udp from any to any 139 #NAT ${FwCMD} nat 1 config log if em1.3 reset same_ports ${FwCMD} add 6000 nat 1 ip from table\(3\) to not table\(9\) via em1.3 #${FwCMD} add 6001 nat 1 ip from any to DHCP via em1.3 # in 6001 rule must be my external IP ${FwCMD} nat 2 config log if em1.5 reset same_ports ${FwCMD} add 6010 nat 2 ip from table\(5\) to not table\(9\) via em1.5 ${FwCMD} add 6011 nat 2 ip from any to 2.2.2.2 via em1.5 ${FwCMD} add 6012 allow all from 172.16.5.0/24 to me via em1.5 ${FwCMD} add 6013 allow all from me to 172.16.5.0/24 via em1.5 # in 6001 rule must be my external IP ${FwCMD} nat 3 config log if em1.6 reset same_ports #${FwCMD} nat 3 config log ip 1.1.2.2 ${FwCMD} add 6020 nat 3 log ip from table\(6\) to not table\(9\) ${FwCMD} add 6021 fwd 1.1.1.1 log all from 1.1.2.2 to any ${FwCMD} add 6022 nat 3 log ip from any to any in via em1.6 #${FwCMD} add 6022 allow all from 172.16.6.0/24 to me via em1.6 #${FwCMD} add 6023 allow all from me to 172.16.6.0/24 via em1.6 # in 6001 rule must be my external IP rc.conf hostname="ubilling" ifconfig_em0="192.168.56.94/24" ifconfig_em1="UP" vlans_em1="3 4 5 6" ifconfig_em1_4="DHCP" ifconfig_em1_5="DHCP" ifconfig_em1_6="DHCP" ifconfig_em2="172.16.1.1/24" ifconfig_em2_alias0="inet 172.16.5.1 netmask 255.255.255.0" ifconfig_em2_alias1="inet 172.16.6.1 netmask 255.255.255.0" ifconfig_em2_alias2="inet 172.32.0.1 netmask 255.255.240.0" ifconfig_em2_alias3="inet 172.16.4.1 netmask 255.255.255.0" sshd_enable="YES" radiusd_enable="YES" snmptrapd_enable="YES" snmptrapd_flags="-On -A -c /usr/local/etc/snmptrapd.conf" powerd_enable="YES" local_unbound_enable="YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev="AUTO" # ====== added by UBinstaller ==== завелось все через natd File:firewall.conf Col:0 =2469 bytes 19% ${FwCMD} add 1 allow all from 172.16.3.1 to any ${FwCMD} add 1 allow all from 172.16.4.1 to any ${FwCMD} add 1 allow all from 172.16.5.1 to any ${FwCMD} add 1 allow all from 172.16.6.1 to any ${FwCMD} add 2 deny udp from any to any 137 ${FwCMD} add 2 deny udp from any to any 139 #NAT #${FwCMD} nat 1 config log if em1.3 reset same_ports #${FwCMD} add 6000 nat 1 ip from table\(3\) to not table\(9\) via em1.3 #${FwCMD} add 6001 nat 1 ip from any to DHCP via em1.3 # prov1 ${FwCMD} add 6010 divert 8669 log ip from table\(5\) to not table\(9\) ${FwCMD} add 6011 fwd 2.2.1.1 log all from 2.2.2.2 to any ${FwCMD} add 6012 divert 8669 log ip from any to any in via em1.5 # prov2 ${FwCMD} add 6020 divert 8668 log ip from table\(6\) to not table\(9\) ${FwCMD} add 6021 fwd 1.1.1.1 log all from 1.1.2.2 to any ${FwCMD} add 6022 divert 8668 log ip from any to any in via em1.6 Link to post Share on other sites
nightfly 1,252 Posted 2015-09-26 09:39:13 Share Posted 2015-09-26 09:39:13 Link to post Share on other sites
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now