Discussion :

[photorelief]

Bonjour à tous,
j'ai mis en place un serveur FreeBSD 6.1, j'ai installé fwtk via port.
J'ai recompilé le noyau afin d'ajouter les options qui vont bien :
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_DEFAULT_TO_ACCEPT
options BRIDGE
....

Je souhaiterai tester le bon fonctionnment de tout ça en faisant une redirection de port simple.
J'ai attribué deux adresses IP à ma machines 192.168.0.1 et 192.168.0.2.
Je voudrait rediriger le port 8080 de la dexième interface, l'adresse ip 192.168.0.2:8080 vers un serveur web qui est sur une autre machine du réseau dont l'ip est 192.168.0.3:80.
J'ai modifier le fichier netperm-table :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#
# Sample netperm configuration table
#
# To get a good sample working netperm-table, just globally
# substitute YOURNET for your network address (e.g.; 666.777.888)
#
 
# Example netacl rules:
# ---------------------
# if the next 2 lines are uncommented, people can get a login prompt
# on the firewall machine through the telnet proxy
#netacl-telnetd: permit-hosts 127.0.0.1 -exec /usr/libexec/telnetd
#netacl-telnetd: permit-hosts YOURADDRESS 198.6.73.2 -exec /usr/libexec/telnetd
#
# if the next line is uncommented, the telnet proxy is available
#netacl-telnetd: permit-hosts * -exec /usr/local/etc/tn-gw
#
# if the next 2 lines are uncommented, people can get a login prompt
# on the firewall machine through the rlogin proxy
#netacl-rlogind: permit-hosts 127.0.0.1 -exec /usr/libexec/rlogind -a
#netacl-rlogind: permit-hosts YOURADDRESS 198.6.73.2 -exec /usr/libexec/rlogind -a
#
# if the next line is uncommented, the rlogin proxy is available
#netacl-rlogind: permit-hosts * -exec /usr/local/etc/rlogin-gw
 
#
# to enable finger service uncomment these 2 lines
#netacl-fingerd: permit-hosts YOURNET.* -exec /usr/libexec/fingerd
#netacl-fingerd: permit-hosts * -exec /bin/cat /usr/local/etc/finger.txt
 
# Example smap rules:
# -------------------
smap, smapd:	userid 6
smap, smapd:	directory /var/spool/smap
smapd:		executable /usr/local/etc/smapd
smapd:		sendmail /usr/sbin/sendmail
smap:		timeout 3600
 
# Example ftp gateway rules:
# --------------------------
#ftp-gw:	denial-msg	/usr/local/etc/ftp-deny.txt
#ftp-gw:	welcome-msg	/usr/local/etc/ftp-welcome.txt
#ftp-gw:	help-msg	/usr/local/etc/ftp-help.txt
ftp-gw:		timeout 3600
# uncomment the following line if you want internal users to be
# able to do FTP with the internet
#ftp-gw:		permit-hosts YOURNET.*
# uncomment the following line if you want external users to be
# able to do FTP with the internal network using authentication
#ftp-gw:		permit-hosts * -authall -log { retr stor }
 
# Example telnet gateway rules:
# -----------------------------
#tn-gw:		denial-msg	/usr/local/etc/tn-deny.txt
#tn-gw:		welcome-msg	/usr/local/etc/tn-welcome.txt
#tn-gw:		help-msg	/usr/local/etc/tn-help.txt
tn-gw:		timeout 3600
tn-gw:		permit-hosts YOURNET.* -passok -xok
# if this line is uncommented incoming traffic is permitted WITH
# authentication required
#tn-gw:		permit-hosts * -auth
 
# Example rlogin gateway rules:
# -----------------------------
#a voir
#rlogin-gw:	denial-msg	/usr/local/etc/rlogin-deny.txt
#rlogin-gw:	welcome-msg	/usr/local/etc/rlogin-welcome.txt
#rlogin-gw:	help-msg	/usr/local/etc/rlogin-help.txt
rlogin-gw:	timeout 3600
rlogin-gw:	permit-hosts YOURNET.* -passok -xok
# if this line is uncommented incoming traffic is permitted WITH
# authentication required
#rlogin-gw:	permit-hosts * -auth -xok
 
 
# Example auth server and client rules
# ------------------------------------
authsrv:	hosts 127.0.0.1
authsrv:	database /usr/local/etc/fw-authdb
authsrv:	badsleep 1200
authsrv:	nobogus true
 
# clients using the auth server
*:		authserver 127.0.0.1 7777
 
# X-forwarder rules
tn-gw, rlogin-gw:	xforwarder /usr/local/etc/x-gw
plug-test1: port 8080 *.*.*.* -plug-to 192.168.0.3 -port 80

Et dans /etc/rc.local j'ai mi ca :
/usr/local/libexec/plug-gw -daemon 192.168.0.2:8080 -name plug-test1

Bien sur comme d'habitude ca marche pas, mon navigateur web me jete quand je fait 192.168.0.2:8080.

J'ai peut être pas activé les bonnes options dans mon rc.conf

Voici mon rc.conf :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# -- sysinstall generated deltas -- # Fri Dec  1 09:36:28 2006
# Created: Fri Dec  1 09:36:28 2006
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
keymap="fr.iso.acc"
usbd_enable="YES"
linux_enable="YES"
sshd_enable="YES"
sendmail_enable="NO"
inetd_enable="NO"
moused_port="/dev/psm0"
moused_type="auto"
moused_enable="YES"
####################################################################
ifconfig_em0_alias0="inet 192.168.0.1 netmask 255.255.0.0"
ifconfig_em0_alias1="inet 192.168.0.2 netmask 255.255.0.0"  
hostname="samy-fbsd1"
#ifconfig_em0="DHCP"
#router_enable="NO"
firewall_enable="NO"
gateway_enable="YES"
default_router="x.x.x.x"
####################################################################
apache2_enable="YES"
webmin_enable="YES"
check_quotas="NO"

Merci

[julp]

Votre configuration réseau me laisse sceptique :

ifconfig_em0_alias0="inet 192.168.0.1 netmask 255.255.0.0"
ifconfig_em0_alias1="inet 192.168.0.2 netmask 255.255.0.0"
#ifconfig_em0="DHCP"

alias Establish an additional network address for this interface. This
is sometimes useful when changing network numbers, and one wishes
to accept packets addressed to the old interface. If the address
is on the same subnet as the first network address for this
interface, a non-conflicting netmask must be given. Usually
0xffffffff is most appropriate.

D'où une correction en :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
ifconfig_em0="inet 192.168.0.1 netmask 255.255.0.0"
ifconfig_em0_alias0="inet 192.168.0.2 netmask 255.255.255.255"

De ce que j'ai lu, pour la redirection il faut voir directement avec ipfw (règle divert) - personnellement j'utilise Packet Filter ...


Julp.

[photorelief]

Apparament d'après la doc tu a raison mais en utilisant les élément que tu m'a données pour configurer le réseau ca ne marche pas, impossible de pinger la machine, par contre quand j'ai remis les valeurs précédentes ça marche, connection ssh, ping.
De toute façon tant que ça marche c le principale.

Le test que je voulais effectuer, la redirection de port n'était qu'une étape.
L'objectif c'est de cloner une autre machine qui fait le même chose et cela en partant de zéro.
Je ne réussi pas à faire mon test et à mon avis je configure mal netperm-table.
Le relais Firewall ToolKit FWTK est un vieux truck, je suis pas contre remplacer ça par ipfw ou Packet Filter.
Mais ipfw ou Packet Filter sont-ils capables de faire la même chose que le relais FWTK?

Au final si mon test était concluant, je comptais récupérer le fichier de conf netperm-table de la machine à cloner et le mettre sur la machine clonée.
Si je choisis ipfw ou Packet Filter, il faudra donc que je transcrit toutes les régles qui sont dans netperm-table en ligne de commande si je choisis ipfw par exemple.

A votre avis est possible?

Voici le fichier de conf netperm-table que je dois utiliser avec toutes les règles :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
#
# Sample netperm configuration table
#
# To get a good sample working netperm-table, just globally
# substitute YOURNET for your network address (e.g.; 666.777.888)
#
 
# Example netacl rules:
# ---------------------
# if the next 2 lines are uncommented, people can get a login prompt
# on the firewall machine through the telnet proxy
#netacl-telnetd: permit-hosts 127.0.0.1 -exec /usr/libexec/telnetd
#netacl-telnetd: permit-hosts YOURADDRESS 198.6.73.2 -exec /usr/libexec/telnetd
#
# if the next line is uncommented, the telnet proxy is available
#netacl-telnetd: permit-hosts * -exec /usr/local/etc/tn-gw
#
# if the next 2 lines are uncommented, people can get a login prompt
# on the firewall machine through the rlogin proxy
#netacl-rlogind: permit-hosts 127.0.0.1 -exec /usr/libexec/rlogind -a
#netacl-rlogind: permit-hosts YOURADDRESS 198.6.73.2 -exec /usr/libexec/rlogind -a
#
# if the next line is uncommented, the rlogin proxy is available
#netacl-rlogind: permit-hosts * -exec /usr/local/etc/rlogin-gw
 
#
# to enable finger service uncomment these 2 lines
netacl-fingerd: permit-hosts *.*.*.* -exec /usr/libexec/fingerd
netacl-fingerd: permit-hosts * -exec /bin/cat /usr/local/etc/finger.txt
 
# Example smap rules:
# -------------------
smap, smapd:	userid 6
smap, smapd:	directory /var/spool/smap
smapd:		executable /usr/local/etc/smapd
smapd:		sendmail /usr/sbin/sendmail
smap:		timeout 3600
 
# Example ftp gateway rules:
# --------------------------
#ftp-gw:	denial-msg	/usr/local/etc/ftp-deny.txt
#ftp-gw:	welcome-msg	/usr/local/etc/ftp-welcome.txt
#ftp-gw:	help-msg	/usr/local/etc/ftp-help.txt
ftp-gw:		timeout 3600
# uncomment the following line if you want internal users to be
# able to do FTP with the internet
#ftp-gw:		permit-hosts YOURNET.*
# uncomment the following line if you want external users to be
# able to do FTP with the internal network using authentication
#ftp-gw:		permit-hosts * -authall -log { retr stor }
 
# Example telnet gateway rules:
# -----------------------------
tn-gw:		denial-msg	/usr/local/etc/tn-deny.txt
tn-gw:		welcome-msg	/usr/local/etc/tn-welcome.txt
tn-gw:		help-msg	/usr/local/etc/tn-help.txt
tn-gw:		timeout 3600
tn-gw:		permit-hosts 81.57.* -passok -xok
# if this line is uncommented incoming traffic is permitted WITH
# authentication required
tn-gw:		permit-hosts * -auth
 
# Example rlogin gateway rules:
# -----------------------------
#rlogin-gw:	denial-msg	/usr/local/etc/rlogin-deny.txt
#rlogin-gw:	welcome-msg	/usr/local/etc/rlogin-welcome.txt
#rlogin-gw:	help-msg	/usr/local/etc/rlogin-help.txt
#rlogin-gw:	timeout 3600
#rlogin-gw:	permit-hosts 81.57.*.* -passok -xok
# if this line is uncommented incoming traffic is permitted WITH
# authentication required
#rlogin-gw:	permit-hosts * -auth -xok
 
 
# Example auth server and client rules
# ------------------------------------
authsrv:	hosts 127.0.0.1
authsrv:	database /usr/local/etc/fw-authdb
authsrv: 	permit-hosts * # Autorisation d'acces a tous le monde
authsrv:	badsleep 1200
authsrv:	nobogus true
 
# clients using the auth server
*:		authserver 127.0.0.1 7777
 
# X-forwarder rules
tn-gw, rlogin-gw:	xforwarder /usr/local/etc/x-gw
 
 
# NetNews Pluged gateway
plug-gw:  timeout 3600
# Declaration de redirection  pop3 - 25, smtp - 110
#plug-gw:port 110  *.*.*.* -plug-to pop.log.intra.titi.fr -port  110
#plug-gw:port 25 *.*.*.* -plug-to mail.log.intra.titi.fr -port 25   
#plug-gw:  permit-hosts * -authall -log 
 
 
#plug-pop3:   port 110 *.*.*.*      -plug-to pop.log.intra.titi.fr    -port 110
#plug-smtp:   port 25  *.*.*.*      -plug-to mail.log.intra.titi.fr   -port 25
 
 
#plug-rs6000:   port ibm-mqseries usphi2 -plug-to rs6000                  -port ibm-mqseries
#plug-usphi2:   port ibm-mqseries rs6000 -plug-to usphi2                  -port ibm-mqseries
#plug-usphi2:   port 5900 210.205.150.*  -plug-to usphi2                  -port 5900
#plug-usphi2:   port 5900 81.57.156.*  -plug-to usphi2                  -port 5900
#plug-usphi2:   port 5900 210.205.136.*  -plug-to usphi2                  -port 5900
#plug-usphi2:   port 5000 210.205.136.*  -plug-to usphi2                  -port 5000
#plug-usphi2:   port 5000 81.57.156.*  -plug-to usphi2                  -port 5000
 
#plug-insa1:    port 5900 81.57.156.*  -plug-to N017                    -port 5900
#plug-insa1:    port 5900 210.205.150.*  -plug-to N017                    -port 5900
#plug-insa1:    port 5900 210.205.136.*  -plug-to N017                    -port 5900
#plug-insa2:    port 5900 210.210.150.*  -plug-to FRPIS01                 -port 5900
#plug-insa2:    port 5900 81.57.156.*  -plug-to FRPIS01                 -port 5900
#plug-insa2:    port 5900 210.205.136.*  -plug-to FRPIS01                 -port 5900
#######################################################################################
plug-proxy1:   port 443 192.168.95.*    -plug-to wts01.post.ch           -port 443
plug-proxy1:   port 443 81.57.*.*     -plug-to wts01.post.ch           -port 443
plug-proxy2:   port 443 192.168.95.*    -plug-to wts02.post.ch           -port 443
plug-proxy2:   port 443 81.57.*.*     -plug-to wts02.post.ch           -port 443
##swisspost
plug-proxy3:   port 80  *.*.*.*         -plug-to lisa.swisspostnet.com   -port 80
plug-proxy31:  port 443 *.*.*.*         -plug-to lisa.swisspostnet.com   -port 443
plug-proxy4:   port 80  *.*.*.*         -plug-to www.swisspostnet.com    -port 80
plug-proxy41:  port 443 *.*.*.*         -plug-to www.swisspostnet.com    -port 443
plug-proxy5:   port 80  *.*.*.*         -plug-to www.swisspost.com       -port 80
plug-proxy51:  port 443 *.*.*.*         -plug-to www.swisspost.com       -port 443
plug-proxy81:  port 80  *.*.*.*         -plug-to 81.57.155.110         -port 81
#plug-proxy100: port 80  *.*.*.*         -plug-to my.swisspostnet.com     -port 80
#plug-proxy101: port 443 *.*.*.*         -plug-to my.swisspostnet.com     -port 443
plug-gw1:      port 443 *.*.*.* -plug-to my.swisspostnet.com  -ssl
 
plug-proxy6:   port 80  *.*.*.*         -plug-to quizz.pompom.fr         -port 80
plug-pop3:     port 110 *.*.*.*         -plug-to pop.log.intra.laposte.fr -port 110
plug-smtp:     port 25  *.*.*.*         -plug-to mail.log.intra.laposte.fr -port 25
plug-capev:    port 443 *.*.*.*         -plug-to sgwy.ipc.be		  -port 443
plug-proxy7:   port 443 *.*.*.*         -plug-to rp.swisspostnet.com      -port 443
plug-proxy8:   port 443 *.*.*.*         -plug-to sgate1.post.ch          -port 443
plug-proxy9:   port 443 *.*.*.*         -plug-to sgate2.post.ch           -port 443
#
plug-proxy102: port 10010  *.*.*.*         -plug-to myint.swisspostnet.com     -port 10010
pluog-proxy103: port 10011 *.*.*.*         -plug-to myint.swisspostnet.com     -port 10011
plug-proxy104: port 10010  *.*.*.*         -plug-to my.swisspostnet.com     -port 10010
plug-proxy105: port 10011 *.*.*.*         -plug-to my.swisspostnet.com     -port 10011
 
plug-proxy106: port 80 *.*.*.*   -plug-to my.swisspostnet.com     -port 80
plug-proxy107: port 443 *.*.*.*   -plug-to my.swisspostnet.com     -port 443
plug-proxy108: port 5730 *.*.*.*   -plug-to 211.4.1.240     -port 5730
 
plug-proxy109: port 80 *.*.*.* -plug-to 196.76.136.11 -port 80
plug-proxy110: port 443 *.*.*.* -plug-to 196.76.136.11 -port 443 
plug-proxy111: port 1494 *.*.*.* -plug-to 196.76.136.11 -port 1494 
plug-proxy112: port 1495 *.*.*.* -plug-to 196.76.136.11 -port 1495 
plug-proxy113: port 2598 *.*.*.* -plug-to 196.76.136.11 -port 2598
plug-proxy114: port 80 *.*.*.* -plug-to 196.123.160.12 -port 80
plug-proxy115: port 443 *.*.*.* -plug-to 196.123.160.12 -port 443
plug-proxy116: port 1494 *.*.*.* -plug-to 196.123.160.12 -port 1494
plug-proxy117: port 1495 *.*.*.* -plug-to 196.123.160.12 -port 1495
plug-proxy118: port 2598 *.*.*.* -plug-to 196.123.160.12 -port 2598
######################################################################################
http-gw:	timeout	3600	timeout avant la deconnexion
http-gw:	directory	/var/httproot	environnement chrooté
#http-gw	default-policy	-nojava -nojavascript -noactivex	par defaut, supprime java, js et ocx
#http-gw:	deny-hosts	unknown  *.hacker.com	interdit les machines non résolvables
http-gw:	permit-hosts	*.*.*.* -java	autorise Java pour ces machines
#http-gw:	permit-hosts	2.2.2.* -permit nomfonction	autorise cette fonction
#http-gw:	permit-hosts	3.3.3.* -deny nomfonction	interdit cette fonction
#http-gw:	permit-hosts	5.5.5.* -log nomfonction	logue les appels à cette fonction
#http-gw:	permit-hosts	*.*.*.* -dest *	ces machines  pourront  se connecter sur les serveurs 
http-gw:        permit-hosts    81.57.*.* -dest wwwpublic.dci.local
plug-gw:      port 443 81.57.152.* -plug-to wwwpublic.dci.local  -ssl 
# CT le 13/06/2006
# Passerelle inerne pour la poste.net
plug-smtpnet: 	port 25   *.*.*.*         -plug-to smtp.laposte.net -port 25 
plug-popnet: 	port 110  *.*.*.*         -plug-to pop.laposte.net  -port 110

J'ai corriger le netperm-table pour faire mon test il manquait des trucks mais ca ne marche toujours pas.
Voici le nouveau :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#
# Sample netperm configuration table
#
# To get a good sample working netperm-table, just globally
# substitute YOURNET for your network address (e.g.; 666.777.888)
#
 
# Example netacl rules:
# ---------------------
# if the next 2 lines are uncommented, people can get a login prompt
# on the firewall machine through the telnet proxy
#netacl-telnetd: permit-hosts 127.0.0.1 -exec /usr/libexec/telnetd
#netacl-telnetd: permit-hosts YOURADDRESS 198.6.73.2 -exec /usr/libexec/telnetd
#
# if the next line is uncommented, the telnet proxy is available
#netacl-telnetd: permit-hosts * -exec /usr/local/etc/tn-gw
#
# if the next 2 lines are uncommented, people can get a login prompt
# on the firewall machine through the rlogin proxy
#netacl-rlogind: permit-hosts 127.0.0.1 -exec /usr/libexec/rlogind -a
#netacl-rlogind: permit-hosts YOURADDRESS 198.6.73.2 -exec /usr/libexec/rlogind -a
#
# if the next line is uncommented, the rlogin proxy is available
#netacl-rlogind: permit-hosts * -exec /usr/local/etc/rlogin-gw
 
#
# to enable finger service uncomment these 2 lines
netacl-fingerd: permit-hosts *.*.*.* -exec /usr/libexec/fingerd
netacl-fingerd: permit-hosts * -exec /bin/cat /usr/local/etc/finger.txt
 
# Example smap rules:
# -------------------
smap, smapd:	userid 6
smap, smapd:	directory /var/spool/smap
smapd:		executable /usr/local/etc/smapd
smapd:		sendmail /usr/sbin/sendmail
smap:		timeout 3600
 
# Example ftp gateway rules:
# --------------------------
#ftp-gw:	denial-msg	/usr/local/etc/ftp-deny.txt
#ftp-gw:	welcome-msg	/usr/local/etc/ftp-welcome.txt
#ftp-gw:	help-msg	/usr/local/etc/ftp-help.txt
ftp-gw:		timeout 3600
# uncomment the following line if you want internal users to be
# able to do FTP with the internet
#ftp-gw:		permit-hosts YOURNET.*
# uncomment the following line if you want external users to be
# able to do FTP with the internal network using authentication
#ftp-gw:		permit-hosts * -authall -log { retr stor }
 
# Example telnet gateway rules:
# -----------------------------
tn-gw:		denial-msg	/usr/local/etc/tn-deny.txt
tn-gw:		welcome-msg	/usr/local/etc/tn-welcome.txt
tn-gw:		help-msg	/usr/local/etc/tn-help.txt
tn-gw:		timeout 3600
tn-gw:		permit-hosts 81.57.* -passok -xok
# if this line is uncommented incoming traffic is permitted WITH
# authentication required
tn-gw:		permit-hosts * -auth
 
# Example rlogin gateway rules:
# -----------------------------
#rlogin-gw:	denial-msg	/usr/local/etc/rlogin-deny.txt
#rlogin-gw:	welcome-msg	/usr/local/etc/rlogin-welcome.txt
#rlogin-gw:	help-msg	/usr/local/etc/rlogin-help.txt
#rlogin-gw:	timeout 3600
#rlogin-gw:	permit-hosts 81.57.*.* -passok -xok
# if this line is uncommented incoming traffic is permitted WITH
# authentication required
#rlogin-gw:	permit-hosts * -auth -xok
 
 
# Example auth server and client rules
# ------------------------------------
authsrv:	hosts 127.0.0.1
authsrv:	database /usr/local/etc/fw-authdb
authsrv: 	permit-hosts * # Autorisation d'acces a tous le monde
authsrv:	badsleep 1200
authsrv:	nobogus true
 
# clients using the auth server
*:		authserver 127.0.0.1 7777
 
# X-forwarder rules
tn-gw, rlogin-gw:	xforwarder /usr/local/etc/x-gw
# NetNews Pluged gateway
plug-gw:  timeout 3600
plug-proxy1: port 8080 *.*.*.* -plug-to exploitation-lpci.courrier.intra.laposte.fr    -port 80
######################################################################################
plug-test1: port 8080 *.*.*.* -plug-to 81.57.155.100 -port 80
http-gw:	timeout	3600	timeout avant la deconnexion
http-gw:	directory	/var/httproot	environnement chrooté
#http-gw	default-policy	-nojava -nojavascript -noactivex	par defaut, supprime java, js et ocx
http-gw:	permit-hosts	*.*.*.* -java	autorise Java pour ces machines
#http-gw:	permit-hosts	2.2.2.* -permit nomfonction	autorise cette fonction
#http-gw:	permit-hosts	3.3.3.* -deny nomfonction	interdit cette fonction
#http-gw:	permit-hosts	5.5.5.* -log nomfonction	logue les appels à cette fonction
#http-gw:	permit-hosts	*.*.*.* -dest *	ces machines  pourront  se connecter sur les serveurs 
http-gw:        permit-hosts    81.57.*.* -dest wwwpublic.dci.local
plug-gw:      port 443 81.57.152.* -plug-to wwwpublic.dci.local  -ssl