Возможно не к месту, но проблема та же, команда ifconfig re1 -rxcsum не помогла.
Host:
rc.conf
Код: Выделить всё
hostname="home.lan"
firewall_enable="YES"
firewall_logging="YES"
firewall_nat_enable="YES"
firewall_type="/etc/firewall/firewall"
ifconfig_re0="inet 178.25.26.6 netmask 255.255.255.0"
ifconfig_re1="inet 192.168.1.1 netmask 255.255.255.0"
ifconfig_re1_alias0="inet 192.168.1.5 netmask 255.255.255.255"
gateway_enable="YES"
ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="NO"
ppp_profile="SKTV_PPPoE"
local_unbound_enable="YES"
sshd_enable="YES"
squid_enable="YES"
dumpdev="NO"
jail_enable="YES"
ipfw list
Код: Выделить всё
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
01100 check-state
01200 allow ip from me to any keep-state
01250 allow ip from any to any via re1
01400 nat 1 ip from any to any via tun0
01600 nat 2 ip from any to any via re0
02500 deny ip from any to any
65535 deny ip from any to any
sysctrl.conf
Код: Выделить всё
net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=5
net.inet.ip.forwarding=1
jail.conf
Код: Выделить всё
samba {
host.hostname = "samba";
path = "/data/jails/mount/samba";
ip4.addr += "re1|192.168.1.5";
allow.raw_sockets = 1;
exec.clean;
exec.system_user = "root";
exec.jail_user = "root";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail_samba_console.log";
mount.devfs;
mount += "procfs /data/jails/mount/samba/proc procfs rw 0 0";
allow.set_hostname = 1;
allow.sysvipc = 1;
}
При работе в jail свободно пингуется клиенты сети 192.168.1.0/24 в том числе и сервер. Пинг на интерфейс re0 и интернет ресурсы не проходит.
jls -h
Код: Выделить всё
devfs_ruleset dying enforce_statfs host ip4 ip6 jid name parent path persist securelevel allow.chflags allow.mount allow.mount.devfs allow.mount.nullfs allow.mount.procfs allow.mount.tmpfs allow.mount.zfs allow.quotas allow.raw_sockets allow.set_hostname allow.socket_af allow.sysvipc children.cur children.max cpuset.id host.domainname host.hostid host.hostname host.hostuuid ip4.addr ip4.saddrsel ip6.addr ip6.saddrsel
0 false 2 new new disable 3 samba 0 /data/jails/mount/samba false -1 false false false false false false false false true true false true 0 0 2 "" 0 samba 00000000-0000-0000-0000-000000000000 192.168.1.5 true - true
Jail:
Вывод команды host google.com
Код: Выделить всё
google.com has address 173.194.32.161
google.com has address 173.194.32.162
google.com has address 173.194.32.167
google.com has address 173.194.32.168
google.com has address 173.194.32.174
google.com has address 173.194.32.169
google.com has address 173.194.32.166
google.com has address 173.194.32.160
google.com has address 173.194.32.164
google.com has address 173.194.32.163
google.com has address 173.194.32.165
google.com has IPv6 address 2a00:1450:4010:c03::71
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
Команда pkg
Код: Выделить всё
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/freebsd:10:x86:64/latest, please wait...
pkg: Error fetching http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/Latest/pkg.txz: Protocol not supported
A pre-built version of pkg could not be found for your system.
Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'.
Уверен, что проблема в правилах ipfw и nat но не понимаю где ... направьте на путь истинный