[BSD-INDIA] dmz zone
M E
manpages at yahoo.com
Tue Nov 17 09:45:39 UTC 2009
I appreciated that. But what about if the both prv_if -- LAN private interface
> dmz_if -- DMZ interface are not on the same network segment. This is what I meant,
prv_if = 192.168.1.0/24
dmz_if = 192.168.2.0/24
sorry if I am asking for too much. I am just newbie that is trying to learn.
Thanks in advanced anyway.
Remain Bless.
--- On Tue, 11/17/09, Siju George <sgeorge.ml at gmail.com> wrote:
From: Siju George <sgeorge.ml at gmail.com>
Subject: Re: [BSD-INDIA] dmz zone
To: "BSD users in India" <bsd-india at bsd-india.org>
Date: Tuesday, November 17, 2009, 3:45 AM
On Mon, Nov 16, 2009 at 11:24 PM, M E <manpages at yahoo.com> wrote:
>
> hello guys,
> Is there anyone that care to share an OpenBSD pf configuration with me ?
> I am trying to set up a network which will include a demilitirized zone.
>Here is my network scenerio :
>
> ext_if -- external interface, connects the firewall to the outside world
> prv_if -- LAN private interface
> dmz_if -- DMZ interface
>
writing one for you :-)
assuming the interfaces are vr0,vr1 and vr2
prv_if="vr0"
dmz_if="vr1"
ext_if="vr2"
rfcpriv_nets="{ 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }"
webserver="192.168.1.10"
mailserver="192.168.1.11"
set skip on { lo0, $dmz_if }
nat on $ext_if from $prv_if:network to any -> ($ext_if)
nat on $ext_if from $dmz_if:network to any -> ($ext_if)
rdr on $ext_if from !$rfcpriv_nets to any port { 80, 443 } ->
192.168.1.10 port { 80, 443 }
rdr on $ext_if from !$rfcpriv_nets to any port { 25, 110 } ->
192.168.1.11 port { 25, 110 }
block in quick on $ext_if from $rfcpriv_nets to any
block out quick on $ext_if from any to $rfcpriv_nets
block in quick on $prv_if from $dmz_if:network to any
block all
pass in on $prv_if from $prv_if:network to any
pass out on $prv_if from $ $prv_if to any
pass in on $ext_if from any port { 25, 80, 110, 443 } to any
pass out on $ext_if from any to any flags S/SA modulate state.
_______________________________________________
bsd-india mailing list
bsd-india at bsd-india.org
http://www.bsd-india.org/mailman/listinfo/bsd-india
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.bsd-india.org/pipermail/bsd-india/attachments/20091117/c57e9e93/attachment.html>
More information about the bsd-india
mailing list