OpenForum RSS: �� PF � OpenBSD

�� PF � OpenBSD (Junior)

Thu, 09 Oct 2008 16:29:34 GMT

>��, � �� ? � firewall'� ��
>�� . �� .

�� , ��, �� Stalker-�, ��
�� . �� , �� , � � - �� .

>[�� ]
>
>�� firewall � �� , �� 80��
>�� , � �� ?
>
>�� firewall'�.
>
>� �� nginx, � �� reverse proxy.
>�� 80 �� , �
>��
>�� (� �� jail)

�� , � �� .

�� PF � OpenBSD (vagif zeynalov)

Thu, 09 Oct 2008 15:32:34 GMT

>��.
>� �� , �� 2 (3, 4, 5) Web-��
>� DMZ, � ��
>�� ϣ �� ? � ��
>��, ��.

��, � �� ? � firewall'� �� . �� .

>web1_ip="11.22.33.44"
>web2_ip="22.33.44.55"
>web3_ip="33.44.55.66"
>web_in="{ 80, 443 }"
>rdr on $ext_if inet proto tcp from any to $web1_ip port $web_in -> $web1_ip
>rdr on $ext_if inet proto tcp from any to $web2_ip port $web_in -> $web2_ip
>rdr on $ext_if inet proto tcp from any to $web3_ip port $web_in -> $web3_ip

�� firewall � �� , �� 80�� , � �� ?

�� firewall'�.

� �� nginx, � �� reverse proxy.
�� 80 �� , � �� (� ��

�� PF � OpenBSD (Junior)

Thu, 09 Oct 2008 12:29:13 GMT

>�� web ��
>rdr-�� .
>�� .

�� !
�� .

�� PF � OpenBSD (Stalker)

Thu, 09 Oct 2008 12:26:57 GMT

>[�� ]
>
>�� ϣ� ��, �� DMZ ��
>��
>� ��, � �� . �� , ��
>� ��
>�� . �� , �� -��, ��
>
>�� . 1 �� -> 1 �� -> 1 �� .
>�� . ��, � ��
>��.

�� web �� rdr-�� .
�� .

�� PF � OpenBSD (Junior)

Thu, 09 Oct 2008 11:30:29 GMT

>�� ( �� )
>��
>�� www_in �� web ��.
>� ��-��

��, �� .
�� , �� web-��, �� (��),
web-�� DMZ. �� web-��
� DNS. �� , ��
�� . �� LAN, �� , ��
�� DMZ � � ��.
�� :

ext_if="rl0" # ��
lan_if="rl1" # �� LAN
dmz_if="rl2" # �� DMZ
ext_ip="11.22.33.99" # ��
lan_net="192.168.1.0/24" # ��
dmz_net="11.22.33.0/

�� PF � OpenBSD (Stalker)

Thu, 09 Oct 2008 11:03:27 GMT

>web1_ip="11.22.33.44"
>web2_ip="22.33.44.55"
>web3_ip="33.44.55.66"
>web_in="{ 80, 443 }"
>rdr on $ext_if inet proto tcp from any to $web1_ip port $web_in -> $web1_ip
>rdr on $ext_if inet proto tcp from any to $web2_ip port $web_in -> $web2_ip
>rdr on $ext_if inet proto tcp from any to $web3_ip port $web_in -> $web3_ip
>
>�� . �� ?

��.
�� rdr �� port forwarding'� � �� , �.�. �� to �� ip �� ( �� ) � �� -> ip ��

�� ( �� ) �� www_in �� web ��.

� ��-��

�� PF � OpenBSD (Junior)

Thu, 09 Oct 2008 10:41:00 GMT

>�� DMZ �� rdr ��
>��
>
>rdr on ��_$ext_if inet proto tcp from any to IP_�� port $www_in -> IP_��_�_DMZ

��.
� �� , �� 2 (3, 4, 5) Web-�� DMZ, � ��
�� ϣ �� ? � �� , ��.
�� ?
�� ӣ-��
web-��, �� ?

web1_ip="11.22.33.44"
web2_ip="22.33.44.55"
web3_ip="33.44.55.66"
web_in="{ 80, 443 }"
rdr on $ext_if inet proto tcp from any to $web1_ip port $web_in -> $web1_ip
rdr on $ext_if inet proto tcp from any to $web2_ip port $web_in -> $web2_ip
rdr on $ext_if inet proto tcp from any to $web3_ip port $web_in -> $web3_ip

�� . �� ?

�� PF � OpenBSD (Stalker)

Thu, 09 Oct 2008 10:29:19 GMT

�� DMZ �� rdr ��

rdr on ��_$ext_if inet proto tcp from any to IP_�� port $www_in -> IP_��_�_DMZ

�� PF � OpenBSD (Junior)

Thu, 09 Oct 2008 08:49:52 GMT

>[�� ]
>rdr on ��_$ext_if inet proto tcp from any to ��_$www port 443 -> ��_$www
>
>�� :
>
>�� port forwarding ��
>�� ( ��
>�� )
>
>� �� .�. ��
>�� .

�� . �� ۣ� ��
� DMZ. �� ?
� �� ? �� ģ� �� :)

OpenForum RSS: ������ PF � OpenBSD

������ PF � OpenBSD (Junior)

������ PF � OpenBSD (vagif zeynalov)

������ PF � OpenBSD (Junior)

������ PF � OpenBSD (Stalker)

������ PF � OpenBSD (Junior)

������ PF � OpenBSD (Stalker)

������ PF � OpenBSD (Junior)

������ PF � OpenBSD (Stalker)

������ PF � OpenBSD (Junior)

OpenForum RSS: �� PF � OpenBSD

�� PF � OpenBSD (Junior)

�� PF � OpenBSD (vagif zeynalov)

�� PF � OpenBSD (Junior)

�� PF � OpenBSD (Stalker)

�� PF � OpenBSD (Junior)

�� PF � OpenBSD (Stalker)

�� PF � OpenBSD (Junior)

�� PF � OpenBSD (Stalker)

�� PF � OpenBSD (Junior)