Код: Выделить всё
gw# uname -a
FreeBSD gw.ekaterinburg.ibam.local 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Sat Mar 21 15:14:18 YEKT 2009 root@gw.ekaterinburg.ibam.local:/usr/obj/usr/src/sys/ASD_kernel.2009-21-03 i386
Код: Выделить всё
gw# cat /usr/local/etc/frox.conf
####################################################################
# Network Options #
####################################################################
Listen 192.168.114.198
Port 2121
####################################################################
# General Options #
####################################################################
User nobody
Group nogroup
WorkingDir /usr/local/frox
DontChroot Yes
LogLevel 25
LogFile /var/log/frox/frox.log
PidFile /var/run/frox.pid
####################################################################
# Ftp Protocol Options #
####################################################################
#APConv yes
#PAConv yes
BounceDefend yes
# SameAddress yes
AllowNonASCII yes
# TransparentData yes
# ControlPorts 40000-40999
# PassivePorts 41000-41999
# ActivePorts 42000-42999
# UseSSL yes
# DataSSL no
####################################################################
# Caching Options #
####################################################################
# CacheModule local
# CacheSize 400
# CacheModule http
# HTTPProxy 127.0.0.1:3128
# MinCacheSize 65536
####################################################################
# Access control #
####################################################################
DoNTP yes
NTPAddress 192.168.114.198:2121
# Timeout 300
MaxForks 10
MaxForksPerHost 4
# MaxTransferRate 4096
# CacheDlRate 8192
# MaxUploadRate 4096
ACL Allow * - *
####################################################################
# Subsections #
####################################################################
#
# SubSection * - ftp.dodgy.server
# StrictCaching yes
# EndSection
#
# SubSection * - 10.0.0.0/24 # A low latency high bandwidth connection
# MinCacheSize 4096
# EndSection
#
# Subsection * - ftp.localnetwork
# # To disable caching if it has been turned on in a parent section
# CacheModule None
# EndSection
Код: Выделить всё
gw# cat /var/log/frox/frox.log
Wed Apr 29 09:03:46 2009 frox[1372] Listening on 192.168.114.198(gw.ekaterinburg.ibam.local):2121
Wed Apr 29 09:03:46 2009 frox[1372] Dropped privileges
Wed Apr 29 09:04:11 2009 frox[1380] Connect from 192.168.114.234
Wed Apr 29 09:04:11 2009 frox[1380] S: 220 Frox transparent ftp proxy. Login with username[@host[:port]]
Wed Apr 29 09:04:11 2009 frox[1380] NTP: Host=ftp.FreeBSD.org
Wed Apr 29 09:04:11 2009 frox[1380] NTP: Port=21
Wed Apr 29 09:04:12 2009 frox[1380] ... to 204.152.184.73(ftp.FreeBSD.org)
Wed Apr 29 09:04:13 2009 frox[1380] Connecting to server...
Wed Apr 29 09:04:13 2009 frox[1380] OK
Wed Apr 29 09:04:13 2009 frox[1380] Apparent address = 192.168.114.198(gw.ekaterinburg.ibam.local)
Wed Apr 29 09:04:13 2009 frox[1380] Real address = 204.152.184.73(freebsd.isc.org)
Wed Apr 29 09:04:14 2009 frox[1380] Proxy address = 204.152.184.73(freebsd.isc.org)
Wed Apr 29 09:04:14 2009 frox[1380] C: USER anonymous
Wed Apr 29 09:04:14 2009 frox[1380] S: 331 Please specify the password.
Wed Apr 29 09:04:14 2009 frox[1380] C: PASS root@r1.ekaterinburg.ibam.local
Wed Apr 29 09:04:14 2009 frox[1380] S: 230 Login successful.
Wed Apr 29 09:04:14 2009 frox[1380] C: PWD
Wed Apr 29 09:04:14 2009 frox[1380] S: 257 "/"
Wed Apr 29 09:04:14 2009 frox[1380] C: CWD pub/FreeBSD/ports/local-distfiles/skv
Wed Apr 29 09:04:15 2009 frox[1380] S: 250 Directory successfully changed.
Wed Apr 29 09:04:15 2009 frox[1380] Strictpath = "pub%2fFreeBSD%2fports%2flocal-distfiles%2fskv/"
Wed Apr 29 09:04:15 2009 frox[1380] C: MODE S
Wed Apr 29 09:04:15 2009 frox[1380] S: 200 Mode set to S.
Wed Apr 29 09:04:15 2009 frox[1380] C: TYPE I
Wed Apr 29 09:04:15 2009 frox[1380] S: 200 Switching to Binary mode.
Wed Apr 29 09:04:15 2009 frox[1380] C: SIZE BSDPAN-5.8.9_20090303.tar.bz2
Wed Apr 29 09:04:15 2009 frox[1380] S: 213 8157
Wed Apr 29 09:04:15 2009 frox[1380] C: MDTM BSDPAN-5.8.9_20090303.tar.bz2
Wed Apr 29 09:04:16 2009 frox[1380] S: 213 20090303154603
Wed Apr 29 09:04:16 2009 frox[1380] C: MODE S
Wed Apr 29 09:04:16 2009 frox[1380] S: 200 Mode set to S.
Wed Apr 29 09:04:16 2009 frox[1380] C: TYPE I
Wed Apr 29 09:04:16 2009 frox[1380] S: 200 Switching to Binary mode.
Wed Apr 29 09:04:16 2009 frox[1380] Intercepted a PASV command
Wed Apr 29 09:04:16 2009 frox[1380] C: PASV
Wed Apr 29 09:04:17 2009 frox[1380] Rewritten 227 reply:
Wed Apr 29 09:04:17 2009 frox[1380] S: 227 Entering Passive Mode (192,168,114,198,167,84)
Wed Apr 29 09:04:17 2009 frox[1380] Client has connected to proxy data line
Wed Apr 29 09:05:32 2009 frox[1380] Operation timed out when trying to connect to 204.152.184.73
Wed Apr 29 09:05:32 2009 frox[1380] Failed to contact server data port
Wed Apr 29 09:05:32 2009 frox[1380] C: RETR BSDPAN-5.8.9_20090303.tar.bz2
Wed Apr 29 09:06:11 2009 frox[1380] Client closed connection
Wed Apr 29 09:06:11 2009 frox[1380] Closing session
Wed Apr 29 09:06:12 2009 frox[1396] Connect from 192.168.114.234
Wed Apr 29 09:06:12 2009 frox[1396] S: 220 Frox transparent ftp proxy. Login with username[@host[:port]]
Wed Apr 29 09:06:12 2009 frox[1396] NTP: Host=ftp.se.FreeBSD.org
Wed Apr 29 09:06:12 2009 frox[1396] NTP: Port=21
Wed Apr 29 09:06:12 2009 frox[1396] ... to 130.240.22.195(ftp.se.FreeBSD.org)
Wed Apr 29 09:06:13 2009 frox[1396] Connecting to server...
Wed Apr 29 09:06:13 2009 frox[1396] OK
Wed Apr 29 09:06:13 2009 frox[1396] Apparent address = 192.168.114.198(gw.ekaterinburg.ibam.local)
Wed Apr 29 09:06:13 2009 frox[1396] Real address = 130.240.22.195(gort.ludd.ltu.se)
Wed Apr 29 09:06:13 2009 frox[1396] Proxy address = 130.240.22.195(gort.ludd.ltu.se)
Wed Apr 29 09:06:13 2009 frox[1396] C: USER anonymous
Wed Apr 29 09:06:14 2009 frox[1396] S: 331 Guest login ok, type your name as password.
Wed Apr 29 09:06:14 2009 frox[1396] C: PASS root@r1.ekaterinburg.ibam.local
Wed Apr 29 09:06:14 2009 frox[1396] S: 230-
Wed Apr 29 09:06:14 2009 frox[1396] S:
Wed Apr 29 09:06:14 2009 frox[1396] S:
Wed Apr 29 09:06:14 2009 frox[1396] S: Welcome to the top ftp archive of Europe!
Wed Apr 29 09:06:14 2009 frox[1396] S:
Wed Apr 29 09:06:14 2009 frox[1396] S: All transfers to and from ftp.luth.se are logged.
Wed Apr 29 09:06:14 2009 frox[1396] S: If you don't like this then disconnect now!
Wed Apr 29 09:06:14 2009 frox[1396] S:
Wed Apr 29 09:06:14 2009 frox[1396] S: ftp.luth.se consists of 1 Sun Enterprise 4000 with 7.5GB memory
Wed Apr 29 09:06:14 2009 frox[1396] S: and 12 CPUs and has a gigabit-connection to Internet. The total
Wed Apr 29 09:06:14 2009 frox[1396] S: disk capacity of ftp.luth.se is right now about 500GB.
Wed Apr 29 09:06:14 2009 frox[1396] S:
Wed Apr 29 09:06:14 2009 frox[1396] S: Mail your comments and suggestions to:
Wed Apr 29 09:06:14 2009 frox[1396] S:
Wed Apr 29 09:06:14 2009 frox[1396] S: The localtime is: Wed Apr 29 04:57:22 2009
Wed Apr 29 09:06:14 2009 frox[1396] S: You are user #53 in your class (max 500)
Wed Apr 29 09:06:14 2009 frox[1396] S:
Wed Apr 29 09:06:14 2009 frox[1396] S: WE HAVE REBUILT THIS FTP-SITE. SO THERE MIGHT BE A FEW
Wed Apr 29 09:06:14 2009 frox[1396] S: PROBLEMS WITH SOME MIRRORS ETC. IF YOU DON'T FIND WHAT
Wed Apr 29 09:06:14 2009 frox[1396] S: YOU ARE LOOKING FOR PLEASE SEND A MAIL TO ftp@ludd.luth.se.
Wed Apr 29 09:06:14 2009 frox[1396] S:
Wed Apr 29 09:06:14 2009 frox[1396] S: 230 Guest login ok, access restrictions apply.
Wed Apr 29 09:06:14 2009 frox[1396] C: PWD
Wed Apr 29 09:06:14 2009 frox[1396] S: 257 "/" is the current directory.
Wed Apr 29 09:06:14 2009 frox[1396] C: CWD pub/FreeBSD/ports/local-distfiles/skv
Wed Apr 29 09:06:14 2009 frox[1396] S: 250 CWD command successful.
Wed Apr 29 09:06:14 2009 frox[1396] Strictpath = "pub%2fFreeBSD%2fports%2flocal-distfiles%2fskv/"
Wed Apr 29 09:06:14 2009 frox[1396] C: MODE S
Wed Apr 29 09:06:15 2009 frox[1396] S: 200 MODE S ok.
Wed Apr 29 09:06:15 2009 frox[1396] C: TYPE I
Wed Apr 29 09:06:15 2009 frox[1396] S: 200 Type set to I.
Wed Apr 29 09:06:15 2009 frox[1396] C: SIZE BSDPAN-5.8.9_20090303.tar.bz2
Wed Apr 29 09:06:15 2009 frox[1396] S: 213 8157
Wed Apr 29 09:06:15 2009 frox[1396] C: MDTM BSDPAN-5.8.9_20090303.tar.bz2
Wed Apr 29 09:06:15 2009 frox[1396] S: 213 20090303154603
Wed Apr 29 09:06:15 2009 frox[1396] C: MODE S
Wed Apr 29 09:06:15 2009 frox[1396] S: 200 MODE S ok.
Wed Apr 29 09:06:15 2009 frox[1396] C: TYPE I
Wed Apr 29 09:06:15 2009 frox[1396] S: 200 Type set to I.
Wed Apr 29 09:06:15 2009 frox[1396] Intercepted a PASV command
Wed Apr 29 09:06:15 2009 frox[1396] C: PASV
Wed Apr 29 09:06:15 2009 frox[1396] Rewritten 227 reply:
Wed Apr 29 09:06:15 2009 frox[1396] S: 227 Entering Passive Mode (192,168,114,198,160,94)
Wed Apr 29 09:06:15 2009 frox[1396] Client has connected to proxy data line
Wed Apr 29 09:07:30 2009 frox[1396] Operation timed out when trying to connect to 130.240.22.195
Wed Apr 29 09:07:30 2009 frox[1396] Failed to contact server data port
Wed Apr 29 09:07:30 2009 frox[1396] C: RETR BSDPAN-5.8.9_20090303.tar.bz2
Код: Выделить всё
gw# ipfw -d list
00010 0 0 allow ip from any to any via lo0
00015 0 0 check-state
00020 3679 4548016 allow ip from any to any out via re0
00021 2341 190934 allow ip from any to any in via re0
00030 24 1150 allow ip from any to any out via tun0
00031 27 1296 allow ip from any to any in via tun0
00110 0 0 allow tcp from any to 195.38.33.2 dst-port 53 out via rl0 setup keep-state
00111 34 4290 allow udp from any to 195.38.33.2 dst-port 53 out via rl0 keep-state
00112 0 0 allow tcp from any to 195.38.32.2 dst-port 53 out via rl0 setup keep-state
00113 0 0 allow udp from any to 195.38.32.2 dst-port 53 out via rl0 keep-state
00200 15 2585 allow tcp from any to any dst-port 80 out via rl0 setup keep-state
00201 16 1216 allow udp from me to any dst-port 123 out via rl0 keep-state
00202 41 2716 allow tcp from any to any dst-port 21 out via rl0 setup keep-state
00220 36 1566 allow tcp from any to any dst-port 443 out via rl0 keep-state
00221 0 0 allow tcp from any to any dst-port 1443 out via rl0 keep-state
00222 0 0 allow tcp from any to any dst-port 5190 out via rl0 keep-state
00223 1 48 allow tcp from any to any dst-port 5222 out via rl0 keep-state
00240 0 0 allow tcp from me to any out via rl0 setup uid root keep-state
00250 0 0 allow icmp from any to any out via rl0 keep-state
00270 61 6880 allow udp from any to 62.212.234.46 out via rl0 keep-state
00271 6 528 allow udp from 62.212.234.46 to any in via rl0 keep-state
00280 74 15098 divert 8668 ip from any to any via rl0
00281 0 0 allow tcp from x.x.x.x 1222 to any out via rl0
00282 0 0 allow tcp from any to 192.168.114.222 dst-port 1222
00283 0 0 allow tcp from x.x.x.x 1024 to any out via rl0
00284 0 0 allow tcp from any to 192.168.114.204 dst-port 1024
00285 0 0 allow tcp from x.x.x.x to 194.186.201.105 dst-port 995
00286 0 0 allow tcp from 194.186.201.105 995 to 192.168.114.0/24
00287 0 0 allow tcp from x.x.x.x to 194.186.201.105 dst-port 465
00288 0 0 allow tcp from 194.186.201.105 465 to 192.168.114.0/24
00289 0 0 allow tcp from x.x.x.x to 194.186.201.116 dst-port 2212
00290 0 0 allow tcp from 194.186.201.116 2212 to 192.168.114.0/24
00299 40 3120 deny log logamount 100 ip from any to any out via rl0
00300 0 0 deny ip from 192.168.0.0/16 to any in via rl0
00301 0 0 deny ip from 172.16.0.0/12 to any in via rl0
00302 0 0 deny ip from 10.0.0.0/8 to any in via rl0
00303 0 0 deny ip from 127.0.0.0/8 to any in via rl0
00304 0 0 deny ip from 0.0.0.0/8 to any in via rl0
00305 0 0 deny ip from 169.254.0.0/16 to any in via rl0
00306 0 0 deny ip from 192.0.2.0/24 to any in via rl0
00307 0 0 deny ip from 204.152.64.0/23 to any in via rl0
00308 0 0 deny ip from 224.0.0.0/3 to any in via rl0
00310 0 0 deny icmp from any to any in via rl0
00315 0 0 deny tcp from any to any dst-port 113 in via rl0
00320 0 0 deny tcp from any to any dst-port 137 in via rl0
00321 0 0 deny tcp from any to any dst-port 138 in via rl0
00322 0 0 deny tcp from any to any dst-port 139 in via rl0
00323 0 0 deny tcp from any to any dst-port 81 in via rl0
00330 0 0 deny ip from any to any frag in via rl0
00332 33 11918 deny tcp from any to any established in via rl0
01499 1 60 deny log logamount 100 ip from any to any in via rl0
01999 0 0 deny log logamount 100 ip from any to any
65535 0 0 deny ip from any to any
## Dynamic rules (20):
00200 5 1334 (298s) STATE tcp x.x.x.x 58482 <-> 195.68.160.248 80
00111 9 1007 (7s) STATE udp x.x.x.x 51410 <-> 195.38.33.2 53
00202 40 2656 (282s) STATE tcp x.x.x.x 40553 <-> 204.152.184.73 21
Код: Выделить всё
setenv FTP_PROXY ftp://192.168.114.198:2121
cd /usr/local/lang/perl5.8
make
===> Found saved configuration for perl-5.8.9_2
=> BSDPAN-5.8.9_20090303.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/perl.
=> Attempting to fetch from ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/skv/.
fetch: transfer timed out
=> Attempting to fetch from ftp://ftp.se.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/skv/.
fetch: transfer timed out
=> Attempting to fetch from ftp://ftp.uk.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/skv/.
fetch: transfer timed out
=> Attempting to fetch from ftp://ftp.ru.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/skv/.
fetch: transfer timed out
=> Attempting to fetch from ftp://ftp.jp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/skv/.
fetch: transfer timed out
=> Attempting to fetch from ftp://ftp.tw.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/skv/.