CDTOWER : IP 163.20.39.13
須要用的port 554 , 1445, 1446 , 1449 , 1755
行政nat 在 /etc/ipf.rules 中加入
pass in quick on xl0 proto tcp from 163.20.39.13 to any keep state
pass out quick on xl0 proto tcp from 192.168.1.0/24 to 163.20.39.13 port = 1755 keep state
pass out quick on xl0 proto tcp from 192.168.1.0/24 to 163.20.39.13 port = 554 keep state
pass out quick on xl0 proto tcp from 192.168.1.0/24 to 163.20.39.13 port = 1445 keep state
pass out quick on xl0 proto tcp from 192.168.1.0/24 to 163.20.39.13 port = 1446 keep state
pass out quick on xl0 proto tcp from 192.168.1.0/24 to 163.20.39.13 port = 1449 keep state
在教師NAT 中 /etc/pf.conf 裡面加上
pass out quick on $ext_if proto tcp from any to $cd port {554, 1445, 1446, 1449, 1755} keep state
pass in quick on $ext_if proto tcp from $cd to any keep state
這樣兩台NAT 下的使用者都可以連到CDTOWER
CDTOWER使用者必須為電腦的管理者 , 受限制使用者無法使用
沒有留言:
張貼留言