/etc/ipnat.rules
map vr0 172.16.64.0/24 -> 0/32 portmap tcp/udp 10000:60000
rdr vr0 0.0.0.0/0 port 80 -> 172.16.64.10 port 80
rdr vr0 0.0.0.0/0 port 22 -> 172.16.64.10 port 22
rdr vr0 0.0.0.0/0 port 21 -> 172.16.64.10 port 21
rdr vr0 0.0.0.0/0 port 333 -> 172.16.64.9 port 22
rdr vr0 0.0.0.0/0 port 4662 -> 172.16.64.9 port 4662
rdr vr0 0.0.0.0/0 port 4665 -> 172.16.64.9 port 4665
rdr vr0 0.0.0.0/0 port 4672 -> 172.16.64.9 port 4672
/etc/rc.conf
hostname="alita"
ifconfig_vr0="DHCP"
ifconfig_vr0_alias0="inet 172.16.64.10 netmask 0xfffffff0"
ifconfig_vr0_alias1="inet 172.16.64.9 netmask 0xfffffff0"
sshd_enable="YES"
syslogd_flags="-ss"
ntpdate_enable="NO" #Not working now
ntpdate_flags="tick.stdtime.gov.tw" #Reset the URL
portmap_enable="NO" # Run the portmapper service (or NO).
sendmail_enable="NO" # Run the sendmail daemon (or NO).
sendmail_flags="-bd"
sendmail_profile="/var/spool/postfix/pid/master.pid"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
enable_quotas="NO" # turn on quotas on startup (or NO).
check_quotas="NO" # Check quotas on startup (or NO).
clear_tmp_enable="NO" # Clear /tmp at startup.
apache2_enable="NO"
mysql_enable="NO"
tcp_extensions="YES" # Set to YES to turn on RFC1323 extensions.
log_in_vain="NO" # YES to log connects to ports w/o listeners.
tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO).
tcp_drop_synfin="YES" # Set to YES to drop TCP packets with SYN+FIN
# NOTE: this violates the TCP specification
icmp_drop_redirect="YES" # Set to YES to ignore ICMP REDIRECT packets
icmp_log_redirect="YES" # Set to YES to log ICMP REDIRECT packets
##############################################################
### IP Filter NAT Configuration ##############################
##############################################################
ipfilter_enable="YES" # Start ipf firewall
ipfilter_rules="/etc/ipf.rules" # loads rules definition text file
ipmon_enable="YES" # Start IP monitor log
ipmon_flags="-Ds" # D = start as daemon
# s = log to syslog
# v = log tcp window, ack, seq
# n = map IP & port to names
gateway_enable="YES" # Enable as LAN gateway
ipnat_enable="YES" # Start ipnat function
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
##############################################################
### Jail Configuration #######################################
##############################################################
jail_enable="YES" # Set to NO to disable starting of any jails
jail_list="blacktea milktea"
# Space separated list of names of jails
jail_set_hostname_allow="NO"
# Allow root user in a jail to change its hostname
jail_socket_unixiproute_only="YES"
# Route only TCP/IP within a jail
jail_sysvipc_allow="NO" # Allow SystemV IPC use from within a jail
#
# To use rc's built-in jail infrastructure create entries for
# each jail, specified in jail_list, with the following variables.
# NOTES:
# global jail variables if you don't specify a jail name
# (ie. jail_interface).
# First Jail Blacktea ==================== #####
jail_blacktea_rootdir="/srv/blacktea" # Jail's root directory
jail_blacktea_hostname="blacktea" # Jail's hostname
jail_blacktea_ip="172.16.64.10" # Jail's IP number
jail_blacktea_interface="vr0" # Interface to create the IP alias on
jail_blacktea_exec_start="/bin/sh /etc/rc"
# command to execute in jail for starting
jail_blacktea_exec_stop="/bin/sh /etc/rc.shutdown"
# command to execute in jail for stopping
jail_blacktea_devfs_enable="YES" # mount devfs in the jail
#jail_blacktea_fdescfs_enable="NO" # mount fdescfs in the jail
jail_blacktea_procfs_enable="YES" # mount procfs in jail
#jail_blacktea_mount_enable="NO" #mount/umount jail's fs
#jail_blacktea_devfs_ruleset="ruleset_name" # devfs ruleset to apply to jail
#jail_blacktea_fstab="" # fstab(5) for mount/umount
jail_blacktea_flags="-l -U root" # flags for jail(8)
# First Jail Milktea ==================== #####
jail_milktea_rootdir="/srv/milktea" # Jail's root directory
jail_milktea_hostname="milktea" # Jail's hostname
jail_milktea_ip="172.16.64.9" # Jail's IP number
jail_milktea_interface="vr0" # Interface to create the IP alias on
jail_milktea_exec_start="/bin/sh /etc/rc"
# command to execute in jail for starting
jail_milktea_exec_stop="/bin/sh /etc/rc.shutdown"
# command to execute in jail for stopping
jail_milktea_devfs_enable="YES" # mount devfs in the jail
#jail_blacktea_fdescfs_enable="NO" # mount fdescfs in the jail
jail_milktea_procfs_enable="YES" # mount procfs in jail
#jail_milktea_mount_enable="NO" #mount/umount jail's fs
#jail_milktea_devfs_ruleset="ruleset_name" # devfs ruleset to apply to jail
#jail_milktea_fstab="" # fstab(5) for mount/umount
jail_milktea_flags="-l -U root" # flags for jail(8)
沒有留言:
張貼留言