The OpenNET Project / Index page

[ новости/++ | форум | wiki | теги | ]

форумы  помощь  поиск  регистрация  майллист  вход/выход  слежка  RSS
"PF+Internet Connection"
Вариант для распечатки  
Пред. тема | След. тема 
Форум Информационная безопасность (OpenBSD PF / FreeBSD)
Изначальное сообщение [ Отслеживать ]

"PF+Internet Connection"  +/
Сообщение от cracker1985 email(ok) on 14-Янв-14, 15:04 
Hello Everyone.

First i am sorry for my bad Russian language. But i am understand your language. You may write in your language.

I have two types internet users: Domain Based (500 users) and IP Based (1000 users). I have already configured FreeBSD 8.2 server, with Squid, PF and Samba. We have already added this server to our monitoring systems (Whatsup Gold) with the ICMP protocol. Every 4-5 minutes it is monitoring our server and gives an alarm for when our FreeBSD server goes down. After a few seconds it goes up. But we are doing [cmd]ping server_lan_side_ip[cmd] to this server on down time it looks fine :) Ping does not interrupt. In this time our end users (NAT and proxy users) called to us : "Our internet connection lost or web pages not responding."

My pf.conf :

### managed by puppet.
# do no edit manually. use /var/puppet/templates/firewall/pf.conf.erb instead
ext_if="em0"
ext_ip="85.132.24.74"
int_if="vr0"
sync_if="msk0"
vlan1000_if="vlan1000"
safe_ports="{ 53,8080,22,8140 }"
safe_nat_ports="{ 110,25,143,993,443,587,465,995,3000,389,21,20,53,161 }"
table <clients> persist file "/etc/clients.conf"

#set block-policy drop
#set skip on lo0
#set skip on $int_if
#set skip on $vlan1000_if
#set debug misc

scrub in all
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
nat on $ext_if from 192.168.99.128/25 to any port $safe_nat_ports -> $ext_if
nat on $ext_if from 12.0.0.0/21 to any port $safe_nat_ports -> $ext_if
nat on $ext_if from <clients> to any -> $ext_ip
anchor "ftp-proxy/*"

pass in all
block out quick on ext_if proto tcp to port 445
block out quick on ext_if proto udp to port 445
pass out all
antispoof quick for { lo $int_if }

# allow pfsync over the internal nics connected by a cross cable
#pass quick on $sync_if proto pfsync
#pass quick on $int_if proto carp
#pass quick on $ext_if proto carp
#pass quick on $vlan1000_if proto carp
#pass in quick on $ext_if proto tcp to ($ext_if) port 5631
#pass in quick on $int_if proto tcp to 12.0.0.1 port 53
#pass in quick on $int_if proto udp to 12.0.0.1 port 53
#pass in quick on $int_if proto tcp to 12.0.0.1 port 8080
#pass in quick on $int_if inet proto icmp all
#pass in quick on $ext_if inet proto icmp all
#pass in quick on $vlan1000_if inet proto icmp all

What is the problem? I don't know. Please help to us. Thanks!

Ответить | Правка | Cообщить модератору

Оглавление

Сообщения по теме [Сортировка по времени | RSS]


1. "PF+Internet Connection"  +/
Сообщение от Аноним (??) on 15-Янв-14, 09:53 
Look at var\log\messages, maybe it contain some strange like "iface up/ iface down"
Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору

2. "PF+Internet Connection"  +/
Сообщение от PavelR (ok) on 15-Янв-14, 11:31 
> Look at var\log\messages, maybe it contain some strange like "iface up/ iface
> down"

It also can be useful to examine 'dmesg' command output...

Ответить | Правка | ^ к родителю #1 | Наверх | Cообщить модератору

Архив | Удалить

Рекомендовать для помещения в FAQ | Индекс форумов | Темы | Пред. тема | След. тема


  Закладки на сайте
  Проследить за страницей
Created 1996-2018 by Maxim Chirkov  
ДобавитьПоддержатьВебмастеруГИД  
Hosting by Ihor