yrkrus
Member | Редактировать | Профиль | Сообщение | ICQ | Цитировать | Сообщить модератору vlary Прошу прощения, но я к сожалению не нашел там нужного ответа... вот конфиги: может еще какие нужны? rc.conf Код: #clamav_milter_flags="--dont-wait --quiet --headers --local --force-scan --sign --quarantine=virus@localhost --noreject --dont-log-clean --server=localhost --pidfile=/var/run/clamav/clamav-milter.pid local:/var/run/clamav/clamav.sock" clamav_milter_enable="NO" clamd_enable="NO" # defaultrouter="№№№№№№№" #defaultrouter="3333333333" #defaultrouter="1111111111" (новый шлюз от нового ip) exim_enable="YES" firewall_enable="YES" firewall_script="/etc/rc.firewall" fsck_y_enable="YES" gateway_enable="YES" hostname="star-gw" ifconfig_fxp0="inet 11111111 netmask 255.255.255.252" ifconfig_fxp1="inet 192.168.133.3 netmask 255.255.255.0" #ifconfig_rl0="inet 111111 netmask 255.255.255.252" ifconfig_rl0="inet 1111111 netmask 255.255.255.252" (Новый ip) inetd_enable="YES" ipacctd_enable="NO" ipacctd_flags="-v -w" ##############-b 262144 ipacctd_rule_fxp0_flags="-p 10000 -f /var/ipacct/stats_fxp0.%d%m%y" ipacctd_rules="fxp0" mousechar_start="3" mysql_enable="YES" natd_enable="YES" natd_flags="-s" natd_interface="fxp0" #natd_interface="rl0" netams_enable="YES" # -- sysinstall generated deltas -- # Wed Sep 6 09:15:44 2006 mousechar_start="3" saver="daemon" font8x8="cp866-8x8" font8x14="cp866-8x14" font8x16="cp866b-8x16" scrnmap="koi8-r2cp866" keyrate="fast" keymap="ru.koi8-r" sshd_enable="YES" bruteblockd_enable="YES" bruteblockd_table="1" bruteblockd_flags="-s 10" proftpd_enable="YES" openvpn_enable="NO" openvpn_flags="" openvpn_configfile="/etc/openvpn/ofice.conf" openvpn_dir="/etc/openvpn" #ejabberd_enable="YES" #syslogd_flags="-a 85.172.0.0/16:* -a 83.239.0.0/16:*" clamav_clamd_enable="YES" clamav_freshclam_enable="YES" | rc.firewall Код: #!/bin/sh # # fwcmd="/sbin/ipfw -q" #oin2="fxp0" #oin="rl0" oin="fxp0" oin2="rl0" iin="fxp1" oip="1111111" oip2="111111" #oip2="111111" starsubnet="192.168.133.0/24" ipRUSLAN="80.69.156.74" ipLIRA="80.69.144.114" ip22="80.69.144.122" ipFORD="80.69.144.74" ipVOLTEK="217.107.143.158" ipBMW="217.107.142.202" ipOCEAN="80.69.146.250" ipNOVILUX="85.172.121.166" ipSTRELA="85.173.72.47" ipMARIA="88.87.92.193" $fwcmd flush $fwcmd add 1 allow ip from any to any via lo0 ### DENY Broadcasts $fwcmd add 5 deny ip from any to 192.168.133.255 via $iin $fwcmd add 10 deny ip from table\(1\) to me via $oin ################# Temprorary traf accounting by IPA#################### $fwcmd add 40 count ip from any to $oip via $oin2 $fwcmd add 41 count ip from $oip to any via $oin2 $fwcmd add 50 count ip from any to $oip via $oin $fwcmd add 51 count ip from $oip to any via $oin ### $fwcmd add 52 count tcp from any to $oip via $oin $fwcmd add 53 count tcp from $oip to any via $oin ### $fwcmd add 54 count tcp from $oip 110 to any via $oin $fwcmd add 55 count tcp from any 110 to $oip via $oin $fwcmd add 56 count tcp from any to $oip 25 via $oin $fwcmd add 57 count tcp from $oip to any 25 via $oin ### $fwcmd add 58 count tcp from any 80,443,20000-65000 to $oip via $oin $fwcmd add 59 count tcp from $oip 80,443,20000-65000 to any via $oin ### $fwcmd add 60 count esp from any to $oip via $oin $fwcmd add 62 count esp from $oip to any via $oin ### ########################################################################Z #$fwcmd add 100 check-state $fwcmd add 105 pass tcp from any to me 22 $fwcmd add 105 pass tcp from me 22 to any # MAIL $fwcmd add 349 pass tcp from any to me 25 $fwcmd add 350 pass tcp from me 25 to any # #$fwcmd add 260 allow all from $t800 to any via $oin keep-state #$fwcmd add 261 allow all from any to me via $oin keep-state #$fwcmd add 262 allow all from me to any via $oin keep-state ###### DIVERT $fwcmd add 300 divert natd ip from $starsubnet to any via ${oin} $fwcmd add 301 divert natd ip from any to $oip via ${oin} ### $fwcmd add 302 divert 8442 ip from $starsubnet to any via ${oin2} $fwcmd add 303 divert 8442 ip from any to $oip2 via ${oin2} ###pass any traff from gate $fwcmd add 350 pass ip from $oip to any keep-state via $oin $fwcmd add 351 pass ip from $oip2 to any keep-state via $oin2 ########################################################################### ########################################################################### ### DNS Resolv $fwcmd add 450 allow udp from $starsubnet to any 53 via $iin keep-state ### MPD ### GRE $fwcmd add 455 pass gre from any to any $fwcmd add 457 pass tcp from any to me 21,40000-65535 keep-state via $oin $fwcmd add 458 pass tcp from any to me 21,40000-65535 keep-state via $oin2 ##Proxy allow to internet #$fwcmd add 460 allow tcp from $proxy to any 80,443,5190 via $iin keep-state $fwcmd add 460 allow tcp from $proxy to any via $iin keep-state #$fwcmd add allow all from $proxy to any 8530 keep-state ###Priveleged USERS ##tmp #$fwcmd add 462 allow all from any to 192.168.133.28 #$fwcmd add 463 allow all from 192.168.133.28 to any ### bossnt $fwcmd add 465 allow all from 192.168.133.19 to any $fwcmd add 466 allow all from any to 192.168.133.19 ### ### Kostyukov $fwcmd add 476 allow all from niko28.dlinkddns.com to any $fwcmd add 477 allow all from any to niko28.dlinkddns.com ###MARIA $fwcmd add 481 pass tcp from 88.87.92.193 to me 1723 keep-state # Wi-Fi Access Point Clients(xalyava kak ni kak) $fwcmd add 500 allow all from 192.168.133.0/24{151-155} to any $fwcmd add 501 allow all from any to 192.168.133.0/24{151-155} # Wi-Fi Access Point IP camers $fwcmd add 502 allow all from 192.168.133.156 to any $fwcmd add 503 allow all from any to 192.168.133.156 # SEAT MAIL $fwcmd add 520 allow all from mail.vlg.seatrus.ru to any $fwcmd add 521 allow all from any to mail.vlg.seatrus.ru ###### $fwcmd add 550 allow icmp from any to any icmptypes 0,3,4,8,11,12 ############## RUSLAN USERS $fwcmd add 590 pass ip from 192.168.131.0/24 to 192.168.133.0/24 keep-state via ${iin} $fwcmd add 591 pass ip from 192.168.133.0/24 to 192.168.133.0/24 keep-state via ${iin} $fwcmd add 595 pass ip from any to any via ng* ############## STRELA USERS(ulbreaker) $fwcmd add 596 pass ip from 192.168.134.0/24 to 192.168.133.0/24 keep-state via ${iin} $fwcmd add 597 pass ip from 192.168.133.0/24 to 192.168.133.0/24 keep-state via ${iin} $fwcmd add 598 pass ip from any to any via ng* ############### ### ANY TRAFFIC in OUR SUBNET $fwcmd add 600 allow all from $starsubnet to me via ${iin} $fwcmd add 601 allow all from me to $starsubnet via ${iin} ### #### #### IPSEC ESP $fwcmd add 700 allow esp from any to any $fwcmd add 9990 deny log logamount 10000 ip from any to any ##### #/usr/local/etc/rc.d/netams.sh restart#!/bin/sh ############################################################################# ############################################################################# | resolv.conf Код: domain star-gw #nameserver 192.168.133.1 |
| Всего записей: 379 | Зарегистр. 30-11-2010 | Отправлено: 14:50 11-01-2011 | Исправлено: yrkrus, 10:30 13-01-2011 |
|