Bonjour à tous,
j'ai mis en place un serveur FreeBSD 6.1, j'ai installé fwtk via port.
J'ai recompilé le noyau afin d'ajouter les options qui vont bien :
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_DEFAULT_TO_ACCEPT
options BRIDGE
....
Je souhaiterai tester le bon fonctionnment de tout ça en faisant une redirection de port simple.
J'ai attribué deux adresses IP à ma machines 192.168.0.1 et 192.168.0.2.
Je voudrait rediriger le port 8080 de la dexième interface, l'adresse ip 192.168.0.2:8080 vers un serveur web qui est sur une autre machine du réseau dont l'ip est 192.168.0.3:80.
J'ai modifier le fichier netperm-table :
Et dans /etc/rc.local j'ai mi ca :
Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88 # # Sample netperm configuration table # # To get a good sample working netperm-table, just globally # substitute YOURNET for your network address (e.g.; 666.777.888) # # Example netacl rules: # --------------------- # if the next 2 lines are uncommented, people can get a login prompt # on the firewall machine through the telnet proxy #netacl-telnetd: permit-hosts 127.0.0.1 -exec /usr/libexec/telnetd #netacl-telnetd: permit-hosts YOURADDRESS 198.6.73.2 -exec /usr/libexec/telnetd # # if the next line is uncommented, the telnet proxy is available #netacl-telnetd: permit-hosts * -exec /usr/local/etc/tn-gw # # if the next 2 lines are uncommented, people can get a login prompt # on the firewall machine through the rlogin proxy #netacl-rlogind: permit-hosts 127.0.0.1 -exec /usr/libexec/rlogind -a #netacl-rlogind: permit-hosts YOURADDRESS 198.6.73.2 -exec /usr/libexec/rlogind -a # # if the next line is uncommented, the rlogin proxy is available #netacl-rlogind: permit-hosts * -exec /usr/local/etc/rlogin-gw # # to enable finger service uncomment these 2 lines #netacl-fingerd: permit-hosts YOURNET.* -exec /usr/libexec/fingerd #netacl-fingerd: permit-hosts * -exec /bin/cat /usr/local/etc/finger.txt # Example smap rules: # ------------------- smap, smapd: userid 6 smap, smapd: directory /var/spool/smap smapd: executable /usr/local/etc/smapd smapd: sendmail /usr/sbin/sendmail smap: timeout 3600 # Example ftp gateway rules: # -------------------------- #ftp-gw: denial-msg /usr/local/etc/ftp-deny.txt #ftp-gw: welcome-msg /usr/local/etc/ftp-welcome.txt #ftp-gw: help-msg /usr/local/etc/ftp-help.txt ftp-gw: timeout 3600 # uncomment the following line if you want internal users to be # able to do FTP with the internet #ftp-gw: permit-hosts YOURNET.* # uncomment the following line if you want external users to be # able to do FTP with the internal network using authentication #ftp-gw: permit-hosts * -authall -log { retr stor } # Example telnet gateway rules: # ----------------------------- #tn-gw: denial-msg /usr/local/etc/tn-deny.txt #tn-gw: welcome-msg /usr/local/etc/tn-welcome.txt #tn-gw: help-msg /usr/local/etc/tn-help.txt tn-gw: timeout 3600 tn-gw: permit-hosts YOURNET.* -passok -xok # if this line is uncommented incoming traffic is permitted WITH # authentication required #tn-gw: permit-hosts * -auth # Example rlogin gateway rules: # ----------------------------- #a voir #rlogin-gw: denial-msg /usr/local/etc/rlogin-deny.txt #rlogin-gw: welcome-msg /usr/local/etc/rlogin-welcome.txt #rlogin-gw: help-msg /usr/local/etc/rlogin-help.txt rlogin-gw: timeout 3600 rlogin-gw: permit-hosts YOURNET.* -passok -xok # if this line is uncommented incoming traffic is permitted WITH # authentication required #rlogin-gw: permit-hosts * -auth -xok # Example auth server and client rules # ------------------------------------ authsrv: hosts 127.0.0.1 authsrv: database /usr/local/etc/fw-authdb authsrv: badsleep 1200 authsrv: nobogus true # clients using the auth server *: authserver 127.0.0.1 7777 # X-forwarder rules tn-gw, rlogin-gw: xforwarder /usr/local/etc/x-gw plug-test1: port 8080 *.*.*.* -plug-to 192.168.0.3 -port 80
/usr/local/libexec/plug-gw -daemon 192.168.0.2:8080 -name plug-test1
Bien sur comme d'habitude ca marche pas, mon navigateur web me jete quand je fait 192.168.0.2:8080.
J'ai peut être pas activé les bonnes options dans mon rc.conf
Voici mon rc.conf :
Merci
Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 # -- sysinstall generated deltas -- # Fri Dec 1 09:36:28 2006 # Created: Fri Dec 1 09:36:28 2006 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. keymap="fr.iso.acc" usbd_enable="YES" linux_enable="YES" sshd_enable="YES" sendmail_enable="NO" inetd_enable="NO" moused_port="/dev/psm0" moused_type="auto" moused_enable="YES" #################################################################### ifconfig_em0_alias0="inet 192.168.0.1 netmask 255.255.0.0" ifconfig_em0_alias1="inet 192.168.0.2 netmask 255.255.0.0" hostname="samy-fbsd1" #ifconfig_em0="DHCP" #router_enable="NO" firewall_enable="NO" gateway_enable="YES" default_router="x.x.x.x" #################################################################### apache2_enable="YES" webmin_enable="YES" check_quotas="NO"
Partager