Jonny_Chimpo
Member
Hallo,
leider bin ich ein absoluter Laie auf dem Gebiet. Ein Freund hat mir die pf eingerichtet. Ich wollte TCP Port 4761:4762, sowie UDP Port 4766
für emule öffnen.
Leider schlägt der Porttest immer fehl!
Vielleicht findet ja jemand den Fehler.. hier die pf:
int_if = "rl0"
ext_if = "tun0"
tcp_services = "{ 22, 113 }"
udp_services = "{ }"
icmp_types = "echoreq"
mldonkeyTCPports="{ 4761, 4762, 6347, 6346, 1214, 8558, 4661, 4662, 19486, 6969, 6881, 6882 }"
#mldonkeyTCPports="{ 6347, 6346, 1214, 8558, 19486, 6969, }"
mldonkeyUDPports="{ 4766, 6347, 6364, 1214, 3665, 8558, 4666, 19486, 6881, 6882 }"
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
10.0.0.0/8 }"
block_ip = "{ 207.88.221.230 }"
# options
set block-policy return
set loginterface $ext_if
#table <sshscan> persist
# scrub
scrub in all
#ackpi queue
altq on $ext_if priq bandwidth 8000Kb queue { q_pri, q_def }
queue q_pri priority 7
queue q_def priority 1 priq(default)
# nat/rdr
nat on $ext_if from $int_if:network to any -> ($ext_if)
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 \
port 8021
#donkey
rdr on $ext_if proto tcp from $int_if to any port 4761:4762 -> \
192.168.0.11 port 4761:4762
rdr on $ext_if proto udp from $int_if to any port 4766 -> \
192.168.0.11 port 4766
#bittorrent
#rdr on $ext_if proto tcp from $int_if to any port 6881:6889 -> \
# 192.168.0.10 port 6881:6889
#rdr on $ext_if proto tcp from $int_if to any port 6969 -> \
# 192.168.0.10 port 6969
# filter rules
block all
pass quick on lo0 all
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
block drop out quick on $ext_if from any to $block_ip
#block drop in quick on $ext_if proto tcp from <sshscan> \
# to any port 22
#sipgate
#pass in quick log on $ext_if inet proto udp from any to ($ext_if) \
# port 5060 queue (q_def, q_pri)
pass in quick log on $ext_if inet proto udp from any to ($ext_if) \
port 8000:8012 queue (q_def, q_pri)
#mldonkey
pass in quick on $ext_if proto tcp from any to $ext_if port \
$mldonkeyTCPports keep state
pass in quick log on $ext_if proto udp from any to $ext_if port \
$mldonkeyUDPports keep state
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state queue (q_def, q_pri)
#pass in on $ext_if inet proto udp from any to ($ext_if) \
# port $udp_services queue (q_def, q_pri)
pass in on $ext_if inet proto tcp from port 20 to ($ext_if) \
user proxy flags S/SA keep state queue (q_def, q_pri)
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $int_if from $int_if:network to any keep state \
queue (q_def, q_pri)
#mldonkey
pass out on $ext_if inet proto tcp from $int_if:network to \
any port $mldonkeyTCPports keep state
pass out log on $ext_if inet proto udp from $int_if:network to \
any port $mldonkeyUDPports keep state
ich glaub da ist sicher viel unwichtiges Zeugs bei, doch weiß ich nicht genau worauf es ankommt... also hab ich einfach alles kopiert...
vielen Dank im vorraus
Jonny
leider bin ich ein absoluter Laie auf dem Gebiet. Ein Freund hat mir die pf eingerichtet. Ich wollte TCP Port 4761:4762, sowie UDP Port 4766
für emule öffnen.
Leider schlägt der Porttest immer fehl!
Vielleicht findet ja jemand den Fehler.. hier die pf:
int_if = "rl0"
ext_if = "tun0"
tcp_services = "{ 22, 113 }"
udp_services = "{ }"
icmp_types = "echoreq"
mldonkeyTCPports="{ 4761, 4762, 6347, 6346, 1214, 8558, 4661, 4662, 19486, 6969, 6881, 6882 }"
#mldonkeyTCPports="{ 6347, 6346, 1214, 8558, 19486, 6969, }"
mldonkeyUDPports="{ 4766, 6347, 6364, 1214, 3665, 8558, 4666, 19486, 6881, 6882 }"
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
10.0.0.0/8 }"
block_ip = "{ 207.88.221.230 }"
# options
set block-policy return
set loginterface $ext_if
#table <sshscan> persist
# scrub
scrub in all
#ackpi queue
altq on $ext_if priq bandwidth 8000Kb queue { q_pri, q_def }
queue q_pri priority 7
queue q_def priority 1 priq(default)
# nat/rdr
nat on $ext_if from $int_if:network to any -> ($ext_if)
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 \
port 8021
#donkey
rdr on $ext_if proto tcp from $int_if to any port 4761:4762 -> \
192.168.0.11 port 4761:4762
rdr on $ext_if proto udp from $int_if to any port 4766 -> \
192.168.0.11 port 4766
#bittorrent
#rdr on $ext_if proto tcp from $int_if to any port 6881:6889 -> \
# 192.168.0.10 port 6881:6889
#rdr on $ext_if proto tcp from $int_if to any port 6969 -> \
# 192.168.0.10 port 6969
# filter rules
block all
pass quick on lo0 all
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
block drop out quick on $ext_if from any to $block_ip
#block drop in quick on $ext_if proto tcp from <sshscan> \
# to any port 22
#sipgate
#pass in quick log on $ext_if inet proto udp from any to ($ext_if) \
# port 5060 queue (q_def, q_pri)
pass in quick log on $ext_if inet proto udp from any to ($ext_if) \
port 8000:8012 queue (q_def, q_pri)
#mldonkey
pass in quick on $ext_if proto tcp from any to $ext_if port \
$mldonkeyTCPports keep state
pass in quick log on $ext_if proto udp from any to $ext_if port \
$mldonkeyUDPports keep state
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state queue (q_def, q_pri)
#pass in on $ext_if inet proto udp from any to ($ext_if) \
# port $udp_services queue (q_def, q_pri)
pass in on $ext_if inet proto tcp from port 20 to ($ext_if) \
user proxy flags S/SA keep state queue (q_def, q_pri)
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $int_if from $int_if:network to any keep state \
queue (q_def, q_pri)
#mldonkey
pass out on $ext_if inet proto tcp from $int_if:network to \
any port $mldonkeyTCPports keep state
pass out log on $ext_if inet proto udp from $int_if:network to \
any port $mldonkeyUDPports keep state
ich glaub da ist sicher viel unwichtiges Zeugs bei, doch weiß ich nicht genau worauf es ankommt... also hab ich einfach alles kopiert...
vielen Dank im vorraus
Jonny