Bonjour à tous,
j'ai mis en place un serveur FreeBSD 6.1, j'ai installé fwtk via port.
J'ai recompilé le noyau afin d'ajouter les options qui vont bien :
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_DEFAULT_TO_ACCEPT
options BRIDGE
....

Je souhaiterai tester le bon fonctionnment de tout ça en faisant une redirection de port simple.
J'ai attribué deux adresses IP à ma machines 192.168.0.1 et 192.168.0.2.
Je voudrait rediriger le port 8080 de la dexième interface, l'adresse ip 192.168.0.2:8080 vers un serveur web qui est sur une autre machine du réseau dont l'ip est 192.168.0.3:80.
J'ai modifier le fichier netperm-table :

Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#
# Sample netperm configuration table
#
# To get a good sample working netperm-table, just globally
# substitute YOURNET for your network address (e.g.; 666.777.888)
#
 
# Example netacl rules:
# ---------------------
# if the next 2 lines are uncommented, people can get a login prompt
# on the firewall machine through the telnet proxy
#netacl-telnetd: permit-hosts 127.0.0.1 -exec /usr/libexec/telnetd
#netacl-telnetd: permit-hosts YOURADDRESS 198.6.73.2 -exec /usr/libexec/telnetd
#
# if the next line is uncommented, the telnet proxy is available
#netacl-telnetd: permit-hosts * -exec /usr/local/etc/tn-gw
#
# if the next 2 lines are uncommented, people can get a login prompt
# on the firewall machine through the rlogin proxy
#netacl-rlogind: permit-hosts 127.0.0.1 -exec /usr/libexec/rlogind -a
#netacl-rlogind: permit-hosts YOURADDRESS 198.6.73.2 -exec /usr/libexec/rlogind -a
#
# if the next line is uncommented, the rlogin proxy is available
#netacl-rlogind: permit-hosts * -exec /usr/local/etc/rlogin-gw
 
#
# to enable finger service uncomment these 2 lines
#netacl-fingerd: permit-hosts YOURNET.* -exec /usr/libexec/fingerd
#netacl-fingerd: permit-hosts * -exec /bin/cat /usr/local/etc/finger.txt
 
# Example smap rules:
# -------------------
smap, smapd:	userid 6
smap, smapd:	directory /var/spool/smap
smapd:		executable /usr/local/etc/smapd
smapd:		sendmail /usr/sbin/sendmail
smap:		timeout 3600
 
# Example ftp gateway rules:
# --------------------------
#ftp-gw:	denial-msg	/usr/local/etc/ftp-deny.txt
#ftp-gw:	welcome-msg	/usr/local/etc/ftp-welcome.txt
#ftp-gw:	help-msg	/usr/local/etc/ftp-help.txt
ftp-gw:		timeout 3600
# uncomment the following line if you want internal users to be
# able to do FTP with the internet
#ftp-gw:		permit-hosts YOURNET.*
# uncomment the following line if you want external users to be
# able to do FTP with the internal network using authentication
#ftp-gw:		permit-hosts * -authall -log { retr stor }
 
# Example telnet gateway rules:
# -----------------------------
#tn-gw:		denial-msg	/usr/local/etc/tn-deny.txt
#tn-gw:		welcome-msg	/usr/local/etc/tn-welcome.txt
#tn-gw:		help-msg	/usr/local/etc/tn-help.txt
tn-gw:		timeout 3600
tn-gw:		permit-hosts YOURNET.* -passok -xok
# if this line is uncommented incoming traffic is permitted WITH
# authentication required
#tn-gw:		permit-hosts * -auth
 
# Example rlogin gateway rules:
# -----------------------------
#a voir
#rlogin-gw:	denial-msg	/usr/local/etc/rlogin-deny.txt
#rlogin-gw:	welcome-msg	/usr/local/etc/rlogin-welcome.txt
#rlogin-gw:	help-msg	/usr/local/etc/rlogin-help.txt
rlogin-gw:	timeout 3600
rlogin-gw:	permit-hosts YOURNET.* -passok -xok
# if this line is uncommented incoming traffic is permitted WITH
# authentication required
#rlogin-gw:	permit-hosts * -auth -xok
 
 
# Example auth server and client rules
# ------------------------------------
authsrv:	hosts 127.0.0.1
authsrv:	database /usr/local/etc/fw-authdb
authsrv:	badsleep 1200
authsrv:	nobogus true
 
# clients using the auth server
*:		authserver 127.0.0.1 7777
 
# X-forwarder rules
tn-gw, rlogin-gw:	xforwarder /usr/local/etc/x-gw
plug-test1: port 8080 *.*.*.* -plug-to 192.168.0.3 -port 80
Et dans /etc/rc.local j'ai mi ca :
/usr/local/libexec/plug-gw -daemon 192.168.0.2:8080 -name plug-test1

Bien sur comme d'habitude ca marche pas, mon navigateur web me jete quand je fait 192.168.0.2:8080.

J'ai peut être pas activé les bonnes options dans mon rc.conf

Voici mon rc.conf :
Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# -- sysinstall generated deltas -- # Fri Dec  1 09:36:28 2006
# Created: Fri Dec  1 09:36:28 2006
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
keymap="fr.iso.acc"
usbd_enable="YES"
linux_enable="YES"
sshd_enable="YES"
sendmail_enable="NO"
inetd_enable="NO"
moused_port="/dev/psm0"
moused_type="auto"
moused_enable="YES"
####################################################################
ifconfig_em0_alias0="inet 192.168.0.1 netmask 255.255.0.0"
ifconfig_em0_alias1="inet 192.168.0.2 netmask 255.255.0.0"  
hostname="samy-fbsd1"
#ifconfig_em0="DHCP"
#router_enable="NO"
firewall_enable="NO"
gateway_enable="YES"
default_router="x.x.x.x"
####################################################################
apache2_enable="YES"
webmin_enable="YES"
check_quotas="NO"
Merci