Konfigurace NAT - jak na to?

[Zbynek Houska]

On Sat, Oct 11, 2003 at 01:09:14AM +0200, Jiri Calda wrote:
> AHoj,
> 
ahoj,
> 
> 
> na tun0 pomoci tcpdumpu. O tom, ze ip forwarding mas povolen (v rc.conf gateway_enable="YES") se ani nezminuji.
> 

Ano, gateway mam povolenou,
 ppp spusten s "-nat" takze by to melo prekladat adresy...
Prikladam vypis z tcpdump -i tun0:

22:39:02.019406 karkulin.mapper-nodemgr > 107.59.25.145.loc-srv: S
2466664111:24
66664111(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:39:02.020390 karkulin.mapper-mapethd > 107.59.25.146.loc-srv: S
2466706231:24
66706231(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:39:02.021334 karkulin.mapper-ws_ethd > 107.59.25.147.loc-srv: S
2466756105:24
66756105(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:39:02.022275 karkulin.3987 > 107.59.25.148.loc-srv: S
2466803505:2466803505(0
) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:39:02.023222 karkulin.3988 > 107.59.25.149.loc-srv: S
2466855668:2466855668(0
) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:39:02.024172 karkulin.3989 > 107.59.25.150.loc-srv: S
2466916416:2466916416(0
) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:39:02.025126 karkulin.3990 > 107.59.25.151.loc-srv: S
2466958857:2466958857(0
) win 16384 <mss 1460,nop,nop,sackOK> (DF)

Dale pak po ukonceni:

4259 packets received by filter
3317 packets dropped by kernel


Win masina v siti mi zahlecuje odchozi spojeni a to je ten duvod proc ja
nemam zadne odpovedi...

Tady je tcpdump -i rl1:

22:39:07.516467 karkulin.4104 > 107.59.25.205.loc-srv: S
2473863972:2473863972(0
) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:39:07.517452 karkulin.4105 > 107.59.25.206.loc-srv: S
2473918113:2473918113(0
) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:39:07.518399 karkulin.4106 > 107.59.25.207.loc-srv: S
2473972233:2473972233(0
) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:39:07.519348 karkulin.4107 > 107.59.25.208.loc-srv: S
2474036289:2474036289(0
) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:39:07.520301 karkulin.4108 > 107.59.25.209.loc-srv: S
2474093179:2474093179(0
) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:39:07.521244 karkulin.4109 > 107.59.25.210.loc-srv: S
2474129349:2474129349(0
) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:39:07.522239 karkulin.4110 > 107.59.25.211.loc-srv: S
2474164620:2474164620(0
) win 16384 <mss 1460,nop,nop,sackOK> (DF)

Dale po ukonceni dostanu:

4005 packets received by filter
3148 packets dropped by kernel


> Opet. Posilas nejaky konkretni packet a ten sledujes tcpdump -i karta na lan
> a pak se podivas na tun0. No a pokud to nepomuze, tak si vypises co dela ten
> natd, s tim, ze ppp nepustis na pozadi. Co dostavas?
> 
No tady je interactive ppp vypis (sputenej s "-nat" prepinacem):

tun0: IPCP: deflink: State change Ack-Sent --> Opened
tun0: IPCP: deflink: LayerUp.
tun0: IPCP: myaddr 160.218.150.29 hisaddr = 192.168.254.254
tun0: Warning: 192.168.254.254: Cannot determine ethernet address for
proxy ARP

Jediny co z toho vidim, ze win stanice karkulin (192.168.0.1) mi ven
sype spoustu paketu a pak halvni si myslim je ta hlaska z ppp:
Cannot...

Napada nekoho neco? Podotykam, ze firewall NEBEZI a win stanice by mela
byt spravne nastavena, t.j. default gateway je 192.168.0.3 - coz je IP
adresa na "rl1" stroje s gprs pripojenim...

Zbynek
> Jirka
> -- 
> FreeBSD mailing list (users-l at freebsd.cz)
> http://www.freebsd.cz/listserv/listinfo/users-l

-- 
...an eternity with Beelzebub and all his hellish instruments of death shall 
be a picnic compared to five minutes with me...and this pencil. 
(contributed by Chris Johnston)