natd + ipfw
Martyn conf.
mkudlacekconf at centrum.cz
Thu Feb 26 18:48:42 CET 2004
Zdravim vsechny (uz je to tu zas:-()
mam problem s pripojenim z vnitrni lokalni site (192.168.0.x) pres server
FreeBSD 5.1 Release (natd + ipfw) do Internetu (je to pres ADSL: sitovka
(10.0.0.100,) - ten se pripojuje na modem 10.0.0.138 - a dal se to stara
ADSL jde do vnitrni site providera (viz. nize ifconfig s tun0, brana by
mela byt 81.2.208.129) : do tohoto uz ale nevidim zcela.
Pres program PPTPClient se prihlasim na Internet. Ze sitovky (server)
10.0.0.100 s Internetem komunikuji. Bohuzel z vnitrni site pingnu pouze
192.168.0.198 z pocitace 192.168.0.120 ale nedostanu se dal. Myslim ze
chyba bude v natd. Postupoval jsem podle man natd a z prispevku v teto
konferenci.
Ja bych chtel, aby uzivatele z vnitrni site (192.168.0.x) mohli provozovat
sluzby www, ftp, smtp, pop3, mysql 3306...) na Internetu.
A ted specifikace, nejdrive co jsem nastavil (dle navodu) a pak vypisy
(bude toho dost:-(() Omlouvam se za tak rozsahly email,ale nechtel jsem nic
vynechat. Pokud mi dokaze nekdo poradit, kde jsem udelal chybu, tak mu budu
velmi vdecny
Mam zavedenou podporu v jadre : IPFIREWALL, IPFIREWALL_VERBOSE, IPDIVERT
obe sitovky funguji
rl0: 10.0.0.100, netmask 255.0.0.0
rl1: 192.168.0.198, netmask 255.255.255.0
rc.conf :
hostname="kohoutek.monstav2.com"
ifconfig_rl0="inet 10.0.0.100 netmask 255.0.0.0"
ifconfig_rl1="inet 192.168.0.198 netmask 255.255.255.0"
defaultrouter="81.2.208.129"
gateway_enable="YES"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-s -m -dynamic"
firewall_enable="YES"
firewall_type="/etc/ipfw.conf"
firewall_script="/etc/rc.firewall"
sendmail_enable="NONE"
sshd_enable="YES"
inetd_enable="YES"
linux_enable="YES"
pravidla v /etc/ipfw.conf (udelal jsem to uplne otevrene, az to rozchodim
budu je upravovat):
add divert natd all from any to any via rl0
add pass all from any to any
nameservery v /etc/resolv.conf
nameserver 81.2.194.208
nameserver 81.2.194.201
Pridavam z vypisu
tcpdump na rl0 - vubec nic nechyta kdyz pingnu z 192.168.0.120 na 10.0.0.100
tcpdump na rl1 (vnitrni sit) z 192.168.0.120 na 10.0.0.100
18:36:14.219309 0.00:c0:9f:1b:cf:52.453 >
0.ff:ff:ff:ff:ff:ff.453:ipx-rip-resp 8293b429/1.2
18:36:18.076879 kohoutek.monstav2.com.netbios-ns >
192.168.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
- vypis sysctl -A | grep forward
net.inet.ip.forwarding: 1
net.inet.ip.fastforwarding: 0
net.inet6.ip6.forwarding: 0
- nastartovani sitovych sluzeb po pripojeni do site ADSL: pomoci
/etc/netstart > soubor.txt
hw.bus.devctl_disable: 1 -> 1
Setting hostname: kohoutek.monstav2.com
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::250:fcff:fea8:5f92%rl0 prefixlen 64 scopeid 0x1
inet 10.0.0.100 netmask 0xff000000 broadcast 10.255.255.255
ether 00:50:fc:a8:5f:92
media: Ethernet autoselect (10baseT/UTP)
status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::208:54ff:fe05:2e8a%rl1 prefixlen 64 scopeid 0x2
inet 192.168.0.198 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:08:54:05:2e:8a
media: Ethernet autoselect (100baseTX)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff000000
Flushed all rules.
00100 divert 8668 ip from any to any via rl0
00200 allow ip from any to any
Firewall rules loaded, starting divert daemons: natdnatd: Unable to bind
divert socket.:Address already in use
.
net.inet.ip.fw.enable: 1 -> 1
add net default: gateway 81.2.208.129: File exists
Additional routing options: IP gateway=YES.
- ifconfig ma navic mimo rl0, rl1, lo i tun0 (PPTP pripojeni ADSL)
ifconfig > soubor.txt
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 81.2.208.129 --> 81.2.224.3 netmask 0xffffffff
Opened by PID 576
Martyn Kudlacek
More information about the Users-l
mailing list