[FreeBSD] Redirection de port
Bonjour à tous,
j'ai mis en place un serveur FreeBSD 6.1, j'ai installé fwtk via port.
J'ai recompilé le noyau afin d'ajouter les options qui vont bien :
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_DEFAULT_TO_ACCEPT
options BRIDGE
....
Je souhaiterai tester le bon fonctionnment de tout ça en faisant une redirection de port simple.
J'ai attribué deux adresses IP à ma machines 192.168.0.1 et 192.168.0.2.
Je voudrait rediriger le port 8080 de la dexième interface, l'adresse ip 192.168.0.2:8080 vers un serveur web qui est sur une autre machine du réseau dont l'ip est 192.168.0.3:80.
J'ai modifier le fichier netperm-table :
Code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88
| #
# Sample netperm configuration table
#
# To get a good sample working netperm-table, just globally
# substitute YOURNET for your network address (e.g.; 666.777.888)
#
# Example netacl rules:
# ---------------------
# if the next 2 lines are uncommented, people can get a login prompt
# on the firewall machine through the telnet proxy
#netacl-telnetd: permit-hosts 127.0.0.1 -exec /usr/libexec/telnetd
#netacl-telnetd: permit-hosts YOURADDRESS 198.6.73.2 -exec /usr/libexec/telnetd
#
# if the next line is uncommented, the telnet proxy is available
#netacl-telnetd: permit-hosts * -exec /usr/local/etc/tn-gw
#
# if the next 2 lines are uncommented, people can get a login prompt
# on the firewall machine through the rlogin proxy
#netacl-rlogind: permit-hosts 127.0.0.1 -exec /usr/libexec/rlogind -a
#netacl-rlogind: permit-hosts YOURADDRESS 198.6.73.2 -exec /usr/libexec/rlogind -a
#
# if the next line is uncommented, the rlogin proxy is available
#netacl-rlogind: permit-hosts * -exec /usr/local/etc/rlogin-gw
#
# to enable finger service uncomment these 2 lines
#netacl-fingerd: permit-hosts YOURNET.* -exec /usr/libexec/fingerd
#netacl-fingerd: permit-hosts * -exec /bin/cat /usr/local/etc/finger.txt
# Example smap rules:
# -------------------
smap, smapd: userid 6
smap, smapd: directory /var/spool/smap
smapd: executable /usr/local/etc/smapd
smapd: sendmail /usr/sbin/sendmail
smap: timeout 3600
# Example ftp gateway rules:
# --------------------------
#ftp-gw: denial-msg /usr/local/etc/ftp-deny.txt
#ftp-gw: welcome-msg /usr/local/etc/ftp-welcome.txt
#ftp-gw: help-msg /usr/local/etc/ftp-help.txt
ftp-gw: timeout 3600
# uncomment the following line if you want internal users to be
# able to do FTP with the internet
#ftp-gw: permit-hosts YOURNET.*
# uncomment the following line if you want external users to be
# able to do FTP with the internal network using authentication
#ftp-gw: permit-hosts * -authall -log { retr stor }
# Example telnet gateway rules:
# -----------------------------
#tn-gw: denial-msg /usr/local/etc/tn-deny.txt
#tn-gw: welcome-msg /usr/local/etc/tn-welcome.txt
#tn-gw: help-msg /usr/local/etc/tn-help.txt
tn-gw: timeout 3600
tn-gw: permit-hosts YOURNET.* -passok -xok
# if this line is uncommented incoming traffic is permitted WITH
# authentication required
#tn-gw: permit-hosts * -auth
# Example rlogin gateway rules:
# -----------------------------
#a voir
#rlogin-gw: denial-msg /usr/local/etc/rlogin-deny.txt
#rlogin-gw: welcome-msg /usr/local/etc/rlogin-welcome.txt
#rlogin-gw: help-msg /usr/local/etc/rlogin-help.txt
rlogin-gw: timeout 3600
rlogin-gw: permit-hosts YOURNET.* -passok -xok
# if this line is uncommented incoming traffic is permitted WITH
# authentication required
#rlogin-gw: permit-hosts * -auth -xok
# Example auth server and client rules
# ------------------------------------
authsrv: hosts 127.0.0.1
authsrv: database /usr/local/etc/fw-authdb
authsrv: badsleep 1200
authsrv: nobogus true
# clients using the auth server
*: authserver 127.0.0.1 7777
# X-forwarder rules
tn-gw, rlogin-gw: xforwarder /usr/local/etc/x-gw
plug-test1: port 8080 *.*.*.* -plug-to 192.168.0.3 -port 80 |
Et dans /etc/rc.local j'ai mi ca :
/usr/local/libexec/plug-gw -daemon 192.168.0.2:8080 -name plug-test1
Bien sur comme d'habitude ca marche pas, mon navigateur web me jete quand je fait 192.168.0.2:8080.
J'ai peut être pas activé les bonnes options dans mon rc.conf
Voici mon rc.conf :
Code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
|
# -- sysinstall generated deltas -- # Fri Dec 1 09:36:28 2006
# Created: Fri Dec 1 09:36:28 2006
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
keymap="fr.iso.acc"
usbd_enable="YES"
linux_enable="YES"
sshd_enable="YES"
sendmail_enable="NO"
inetd_enable="NO"
moused_port="/dev/psm0"
moused_type="auto"
moused_enable="YES"
####################################################################
ifconfig_em0_alias0="inet 192.168.0.1 netmask 255.255.0.0"
ifconfig_em0_alias1="inet 192.168.0.2 netmask 255.255.0.0"
hostname="samy-fbsd1"
#ifconfig_em0="DHCP"
#router_enable="NO"
firewall_enable="NO"
gateway_enable="YES"
default_router="x.x.x.x"
####################################################################
apache2_enable="YES"
webmin_enable="YES"
check_quotas="NO" |
Merci