发现通过pfsense这个强大的工具来学习pf规则的使用是再好不过的了,先按照应用环境配置好pfsense,然后ssh登录到服务器上检查所配置的pf rule,然后挨条解读这些Rule。
首先是NAT规则,这个我本来已经比较熟悉了,而且pfsense安装好之后默认就是开启NAT的,因此纯记录之,
fxp0为LAN接口,fxp1为WAN接口,内网IP为10.111.5.0/24,去除了无关紧要的行。
# pfctl -sn
nat on fxp1 inet from 10.111.5.0/24 port = isakmp to any port = isakmp -> (fxp1) port 500 round-robin #将LAN外联WAN的isakmp<->isakmp连接nat到WAN的500端口,这个服务不知道是干什么的,忽略之。
nat on fxp1 inet from 10.111.5.0/24 to any -> (fxp1) round-robin #关键在这里,将LAN网段在WAN口做NAT,使用round-robin(默认)方式
no rdr on fxp0 proto tcp from any to port = ftp #禁止LAN与VPN之间的21端口转发
rdr on fxp0 inet proto tcp from any to any […]
文章分类
- Cartoon and Anime (12)
- FreeBSD (12)
- Game (3)
- Hardware (12)
- IT (3)
- Joke (15)
- Life goes on (55)
- Linux (14)
- Music (9)
- Networking (35)
- Programming (4)
- Software (17)
- solaris (2)
- tips (1)
- Weblog (41)
- Windows (22)
按月归档
- May 2008 (3)
- April 2008 (3)
- March 2008 (3)
- February 2008 (3)
- January 2008 (2)
- December 2007 (3)
- November 2007 (10)
- October 2007 (12)
- September 2007 (8)
- August 2007 (7)
- July 2007 (10)
- June 2007 (12)
- May 2007 (14)
- April 2007 (14)
- March 2007 (18)
- February 2007 (11)
- January 2007 (8)
- December 2006 (12)
- November 2006 (13)
- October 2006 (5)
- September 2006 (9)
- August 2006 (13)
- July 2006 (13)
- June 2006 (16)
- May 2006 (21)
Weblog
