PF - design/configure firewall for network using ADSL connection -- please help me
PF - design/configure firewall for network using ADSL connection
I have some problem when build my firewall on openbsd 3.7 Here is my network diagram: {Internet}------{ADSL modem}----{openbsd-gateway}-----{localnetwork}---{win2k3} Detail: ---Internet--- ip: Dynamic IP type: ADSL connection ---modem ADSL--- ip: 192.168.3.254/24 ---openbsd-gateway--- + interface - xl0: connect to modem ADSL, ip: 192.168.3.10/24 - xl1: connect to localnetwork, ip: 192.168.2.10/24 + service: - DHCP for localnetwork - Web server for localnetwork - DNS for localnetwork with domain abc.ex - LDAP for localnetwork - Mailserver for localnetwork and also is mail gateway from domain abc.ex outsite Internet - Squid proxy ---win2k3--- + interface ip: 192.168.2.2/24 + service - Active Directory - File server Purpose: --localnetwork-- - allow all traffic only in localnetwork - work better with win2k3 when join domain xyz.ex - all request from localnetwork to Internet such as: web, ftp must be checked at Squid proxy server. --openbsd gateway-- - allow all request to web server, mail server (POP3s, IMAPs), LDAP, squid,....running on openbsd-gateway server. - allow transparent all request from localnetwork to win2k3 server running DNS "xyz.ex" - allow VIP1 user has IP address {192.168.2.9, 192.168.2.10} can use FTP - allow VIP2 user can connect to all port from inside to outside without restriction. - Redirect all request from localnetwork to Internet to port 8080 which Squid proxy is listening. - Deny all request of service from localnetwork to Internet such as: games online, Xmule, bittorrent, POP (users used local mailserver), FTP....general speak, deny all traffic no need from users inside. - Deny all scan port program, inject, exploit from inside. - NAT all allow traffic from inside to outside network - Log all action exploit from inside --internet-- - deny all dangerous traffic from internet to inside network - prevent all action exploit from outsite internet. - Log all action exploit from outside These are my firewall/gateway that i want to configure for my local network. I really confuse about PF. Please help me. Thank you very much. |
Please help me. I am waiting for your help. :cry:
|
I know much a lot about firewalling with OpenBSD but no-one wants to write a complex file for you. Do a
>man pf.conf There is a very detailed description of rules configuration including sections and examples. I am working now but perhaps I can give you a rudimentary copy to begin with. I would suggest opening up entirely and starting to ping and go from there. Experiment then ping .... |
Thank you very much.
I always waiting for your help, your guide and your suggestions. However if your guid match with my purpose is very thanks. :) I also read Asolutely Openbsd book and i think it will help me more, and with your help. |
All times are GMT -5. The time now is 09:02 PM. |