Сервер FreeBSD, стоит NAT, SQUID, все прозрачно ... трабла в том, что провайдер говорит, что с нашего внешнего ip идет сканирование по 2048 порту. Как узнать с какой машины идут эти пакеты ? Или как это пресечь.
Мой rc.firewall
fxp0 - внешний интерф.
ed1 - внутренний
${fwcmd} add divert natd all from 192.168.100.0/24 to any out via fxp0
${fwcmd} add divert natd all from any to внешний_ip in via fxp0
${fwcmd} add 30 fwd 192.168.100.2,3128 tcp from 192.168.100.2/24 to any 80
${fwcmd} add pass tcp from any to any established
${fwcmd} add pass ip from 192.168.100.0/24 to any via lo0
${fwcmd} add deny icmp from any to any frag
${fwcmd} add pass ICMP from any to any
${fwcmd} add pass tcp from 192.168.100.0/24 to 192.168.100.2 80,143,20,21,110,3128 setup in via ed1
${fwcmd} add pass udp from 192.168.100.0/24 to 192.168.100.2 80,143,20,21,110,3128 in via ed1
${fwcmd} add pass tcp from 192.168.100.0/24 to 192.168.100.2 22,135,137,139 setup in via ed1
${fwcmd} add pass udp from 192.168.100.0/24 to 192.168.100.2
135,137,139 in via ed1
${fwcmd} add deny log ip from 192.168.100.0/24 to 192.168.100.2 in via ed1
# Enable FTP
${fwcmd} add pass tcp from any to me 21 setup
${fwcmd} add pass tcp from any 20 to me setup
${fwcmd} add pass tcp from any to me 32768-65535 setup
# icmp
${fwcmd} add deny icmp from any to any frag
${fwcmd} add pass icmp from any to me icmptype 0,3,4,8,11,12
${fwcmd} add pass icmp from me to any icmptype 0,3,4,8,11,12
# Stop RFC1918 nets
${fwcmd} add deny all from 10.0.0.0/8 to any via fxp0
${fwcmd} add deny all from 172.16.0.0/12 to any via fxp0
${fwcmd} add deny all from 192.168.0.0/16 to any via fxp0
${fwcmd} add pass tcp from any to me 53 setup
${fwcmd} add pass udp from any to me 53
${fwcmd} add pass tcp from any 53 to me setup
Вариант для распечатки
Информационная безопасность (Public)
on
10-Окт-03, 12:08 (MSK)
