本文档向大家介绍了用 bsd 中的 pf 实现同一个端口针对不同IP提供不同服务的样例
转载请注明出自 Linux伊甸园
在系统中启用 pf,pf 中做以下设置:
ext_if="fxp0"
#本机IP地址
table { 202.202.202.202 }
#
# IP for the service external interface:
serverext="202.202.202.202 port 80"
#
# servers bound on localhost aliases:
server0="127.0.0.10 port 80" # apache
server1="127.0.0.11 port 80" # ftpd
server2="127.0.0.12 port 80" # smtp
server3="127.0.0.13 port 80" # pop3
table { 127.0.0.10, 127.0.0.11, 127.0.0.12, 127.0.0.13}
# TABLES for redirection ( if you change anything here pls also see
#
table persist file "/usr/local/rang1/conf/acl"
table persist file "/usr/local/rang2/conf/acl"
table persist file "/usr/local/rang3/conf/acl"
# RULES for redirection (first match wins!)
rdr on $ext_if proto tcp from to $serverext -> $server3
rdr on $ext_if proto tcp from to $serverext -> $server2
rdr on $ext_if proto tcp from to $serverext -> $server1
rdr on $ext_if proto tcp from any to $serverext -> $server0
# this is required to access the local servers from localhost:
pass in quick on lo0 inet from 127.0.0.0/8 to 127.0.0.0/8
pass in quick on lo0 inet from any to
#
pass in on $ext_if proto { tcp, udp } from any to $ext_if port 80 keep state
pass in on $ext_if proto { tcp, udp } from any to port 80 keep state
/usr/local/rang*/conf/acl 中的文件定义了用户的来源IP列表,每个IP一行
本地的服务可以在定义在这些IP上,端口可以设置为其他的;
127.0.0.10 port 80" # apache
127.0.0.11 port 80" # ftpd
127.0.0.12 port 80" # smtp
127.0.0.13 port 80" # pop3
遮掩,随着 三个文件 /usr/local/rang1/conf/acl /usr/local/rang2/conf/acl /usr/local/rang3/conf/acl 中指定的IP的不同,用户访问 80 端口获得的服务也不相同,可以是apache,ftp,smtp,pop3;也可以是同一个服务器的不同实例,比如多个配置不同的ftp服务器。
--------------------next---------------------
阅读(473) | 评论(0) | 转发(0) |
