yrkrus
Member | Редактировать | Профиль | Сообщение | ICQ | Цитировать | Сообщить модератору
vlary
Прошу прощения, но я к сожалению не нашел там нужного ответа...
вот конфиги:
может еще какие нужны?
rc.conf
Код:
#clamav_milter_flags="--dont-wait --quiet --headers --local --force-scan --sign --quarantine=virus@localhost --noreject --dont-log-clean --server=localhost --pidfile=/var/run/clamav/clamav-milter.pid local:/var/run/clamav/clamav.sock"
clamav_milter_enable="NO"
clamd_enable="NO"
#
defaultrouter="№№№№№№№"
#defaultrouter="3333333333"
#defaultrouter="1111111111" (новый шлюз от нового ip)
exim_enable="YES"
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
fsck_y_enable="YES"
gateway_enable="YES"
hostname="star-gw"
ifconfig_fxp0="inet 11111111 netmask 255.255.255.252"
ifconfig_fxp1="inet 192.168.133.3 netmask 255.255.255.0"
#ifconfig_rl0="inet 111111 netmask 255.255.255.252"
ifconfig_rl0="inet 1111111 netmask 255.255.255.252" (Новый ip)
inetd_enable="YES"
ipacctd_enable="NO"
ipacctd_flags="-v -w" ##############-b 262144
ipacctd_rule_fxp0_flags="-p 10000 -f /var/ipacct/stats_fxp0.%d%m%y"
ipacctd_rules="fxp0"
mousechar_start="3"
mysql_enable="YES"
natd_enable="YES"
natd_flags="-s"
natd_interface="fxp0"
#natd_interface="rl0"
netams_enable="YES"
# -- sysinstall generated deltas -- # Wed Sep 6 09:15:44 2006
mousechar_start="3"
saver="daemon"
font8x8="cp866-8x8"
font8x14="cp866-8x14"
font8x16="cp866b-8x16"
scrnmap="koi8-r2cp866"
keyrate="fast"
keymap="ru.koi8-r"
sshd_enable="YES"
bruteblockd_enable="YES"
bruteblockd_table="1"
bruteblockd_flags="-s 10"
proftpd_enable="YES"
openvpn_enable="NO"
openvpn_flags=""
openvpn_configfile="/etc/openvpn/ofice.conf"
openvpn_dir="/etc/openvpn"
#ejabberd_enable="YES"
#syslogd_flags="-a 85.172.0.0/16:* -a 83.239.0.0/16:*"
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
|
rc.firewall
Код:
#!/bin/sh
#
#
fwcmd="/sbin/ipfw -q"
#oin2="fxp0"
#oin="rl0"
oin="fxp0"
oin2="rl0"
iin="fxp1"
oip="1111111"
oip2="111111"
#oip2="111111"
starsubnet="192.168.133.0/24"
ipRUSLAN="80.69.156.74"
ipLIRA="80.69.144.114"
ip22="80.69.144.122"
ipFORD="80.69.144.74"
ipVOLTEK="217.107.143.158"
ipBMW="217.107.142.202"
ipOCEAN="80.69.146.250"
ipNOVILUX="85.172.121.166"
ipSTRELA="85.173.72.47"
ipMARIA="88.87.92.193"
$fwcmd flush
$fwcmd add 1 allow ip from any to any via lo0
### DENY Broadcasts
$fwcmd add 5 deny ip from any to 192.168.133.255 via $iin
$fwcmd add 10 deny ip from table\(1\) to me via $oin
################# Temprorary traf accounting by IPA####################
$fwcmd add 40 count ip from any to $oip via $oin2
$fwcmd add 41 count ip from $oip to any via $oin2
$fwcmd add 50 count ip from any to $oip via $oin
$fwcmd add 51 count ip from $oip to any via $oin
###
$fwcmd add 52 count tcp from any to $oip via $oin
$fwcmd add 53 count tcp from $oip to any via $oin
###
$fwcmd add 54 count tcp from $oip 110 to any via $oin
$fwcmd add 55 count tcp from any 110 to $oip via $oin
$fwcmd add 56 count tcp from any to $oip 25 via $oin
$fwcmd add 57 count tcp from $oip to any 25 via $oin
###
$fwcmd add 58 count tcp from any 80,443,20000-65000 to $oip via $oin
$fwcmd add 59 count tcp from $oip 80,443,20000-65000 to any via $oin
###
$fwcmd add 60 count esp from any to $oip via $oin
$fwcmd add 62 count esp from $oip to any via $oin
###
########################################################################Z
#$fwcmd add 100 check-state
$fwcmd add 105 pass tcp from any to me 22
$fwcmd add 105 pass tcp from me 22 to any
# MAIL
$fwcmd add 349 pass tcp from any to me 25
$fwcmd add 350 pass tcp from me 25 to any
#
#$fwcmd add 260 allow all from $t800 to any via $oin keep-state
#$fwcmd add 261 allow all from any to me via $oin keep-state
#$fwcmd add 262 allow all from me to any via $oin keep-state
###### DIVERT
$fwcmd add 300 divert natd ip from $starsubnet to any via ${oin}
$fwcmd add 301 divert natd ip from any to $oip via ${oin}
###
$fwcmd add 302 divert 8442 ip from $starsubnet to any via ${oin2}
$fwcmd add 303 divert 8442 ip from any to $oip2 via ${oin2}
###pass any traff from gate
$fwcmd add 350 pass ip from $oip to any keep-state via $oin
$fwcmd add 351 pass ip from $oip2 to any keep-state via $oin2
###########################################################################
###########################################################################
### DNS Resolv
$fwcmd add 450 allow udp from $starsubnet to any 53 via $iin keep-state
### MPD
### GRE
$fwcmd add 455 pass gre from any to any
$fwcmd add 457 pass tcp from any to me 21,40000-65535 keep-state via $oin
$fwcmd add 458 pass tcp from any to me 21,40000-65535 keep-state via $oin2
##Proxy allow to internet
#$fwcmd add 460 allow tcp from $proxy to any 80,443,5190 via $iin keep-state
$fwcmd add 460 allow tcp from $proxy to any via $iin keep-state
#$fwcmd add allow all from $proxy to any 8530 keep-state
###Priveleged USERS
##tmp
#$fwcmd add 462 allow all from any to 192.168.133.28
#$fwcmd add 463 allow all from 192.168.133.28 to any
### bossnt
$fwcmd add 465 allow all from 192.168.133.19 to any
$fwcmd add 466 allow all from any to 192.168.133.19
###
### Kostyukov
$fwcmd add 476 allow all from niko28.dlinkddns.com to any
$fwcmd add 477 allow all from any to niko28.dlinkddns.com
###MARIA
$fwcmd add 481 pass tcp from 88.87.92.193 to me 1723 keep-state
# Wi-Fi Access Point Clients(xalyava kak ni kak)
$fwcmd add 500 allow all from 192.168.133.0/24{151-155} to any
$fwcmd add 501 allow all from any to 192.168.133.0/24{151-155}
# Wi-Fi Access Point IP camers
$fwcmd add 502 allow all from 192.168.133.156 to any
$fwcmd add 503 allow all from any to 192.168.133.156
# SEAT MAIL
$fwcmd add 520 allow all from mail.vlg.seatrus.ru to any
$fwcmd add 521 allow all from any to mail.vlg.seatrus.ru
######
$fwcmd add 550 allow icmp from any to any icmptypes 0,3,4,8,11,12
############## RUSLAN USERS
$fwcmd add 590 pass ip from 192.168.131.0/24 to 192.168.133.0/24 keep-state via ${iin}
$fwcmd add 591 pass ip from 192.168.133.0/24 to 192.168.133.0/24 keep-state via ${iin}
$fwcmd add 595 pass ip from any to any via ng*
############## STRELA USERS(ulbreaker)
$fwcmd add 596 pass ip from 192.168.134.0/24 to 192.168.133.0/24 keep-state via ${iin}
$fwcmd add 597 pass ip from 192.168.133.0/24 to 192.168.133.0/24 keep-state via ${iin}
$fwcmd add 598 pass ip from any to any via ng*
###############
### ANY TRAFFIC in OUR SUBNET
$fwcmd add 600 allow all from $starsubnet to me via ${iin}
$fwcmd add 601 allow all from me to $starsubnet via ${iin}
###
####
#### IPSEC ESP
$fwcmd add 700 allow esp from any to any
$fwcmd add 9990 deny log logamount 10000 ip from any to any
#####
#/usr/local/etc/rc.d/netams.sh restart#!/bin/sh
#############################################################################
#############################################################################
|
resolv.conf
Код:
domain star-gw
#nameserver 192.168.133.1
|
|
Всего записей: 379 | Зарегистр. 30-11-2010 | Отправлено: 14:50 11-01-2011 | Исправлено: yrkrus, 10:30 13-01-2011 |
|
