Хочу уточнить детали этой задачи!
Прересобрал ядро - FreeBSD 8.1-RELEASE-p2 /usr/src/sys/amd64/compile/HAMMER!
Код: Выделить всё
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPFIREWALL_FORWARD
options DUMMYNET
dmesg -a | grep ipfw
ipfw2 initialized, divert loadable, nat loadable, rule-based forwarding enabled, default to deny, logging disabled
Интерфейсы BSD :
1) re0 (нат выключен) -> CISCO (NAT работает) -> Internet
2) sk0 (DNS,SQUID) -> LAN
При запуске фаера ошибка
Код: Выделить всё
/etc/rc.d/ipfw restart
net.inet.ip.fw.enable: 1 -> 0
ipfw: getsockopt(IP_FW_ADD): Invalid argument
Firewall rules loaded.
Установлен Squid - http_port 192.168.43.3:3128
Код: Выделить всё
squid squid 1055 10 udp4 *:18945 *:*
squid squid 1055 11 tcp4 192.168.43.3:3128 *:*
squid squid 1055 13 tcp4 127.0.0.1:3128 *:*
>cat /var/log/squid/logs/cache.log
Код: Выделить всё
2011/03/11 12:19:49| Squid is already running! Process ID 1055
2011/03/11 12:21:38| NETDB state saved; 0 entries, 0 msec
2011/03/11 12:25:36| Reconfiguring Squid Cache (version 3.1.11)...
2011/03/11 12:25:36| FD 16 Closing HTTP connection
2011/03/11 12:25:36| FD 17 Closing HTTP connection
2011/03/11 12:25:36| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2011/03/11 12:25:37| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP
2011/03/11 12:25:37| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP
2011/03/11 12:25:37| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP
2011/03/11 12:25:37| WARNING: use of 'ignore-no-cache' in 'refresh_pattern' violates HTTP
2011/03/11 12:25:37| Initializing https proxy context
2011/03/11 12:25:37| User-Agent logging is disabled.
2011/03/11 12:25:37| Referer logging is disabled.
2011/03/11 12:25:37| DNS Socket created at 0.0.0.0, FD 10
2011/03/11 12:25:37| Adding nameserver 192.168.43.3 from squid.conf
2011/03/11 12:25:37| Accepting HTTP connections at 192.168.43.3:3128, FD 11.
2011/03/11 12:25:37| Accepting HTTP connections at 127.0.0.1:3128, FD 13.
2011/03/11 12:25:37| HTCP Disabled.
2011/03/11 12:25:37| Loaded Icons.
2011/03/11 12:25:37| Ready to serve requests.
2011/03/11 12:50:44| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:50:44| idnsSendQuery: FD 10: sendto: (13) Permission denied
2011/03/11 12:50:49| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:50:49| idnsSendQuery: FD 10: sendto: (13) Permission denied
2011/03/11 12:50:59| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:50:59| idnsSendQuery: FD 10: sendto: (13) Permission denied
2011/03/11 12:51:01| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:51:01| idnsSendQuery: FD 10: sendto: (13) Permission denied
2011/03/11 12:51:07| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:51:07| idnsSendQuery: FD 10: sendto: (13) Permission denied
2011/03/11 12:51:17| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:51:17| idnsSendQuery: FD 10: sendto: (13) Permission denied
2011/03/11 12:51:19| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:51:19| idnsSendQuery: FD 10: sendto: (13) Permission denied
2011/03/11 12:51:37| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:51:37| idnsSendQuery: FD 10: sendto: (13) Permission denied
2011/03/11 12:51:59| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:51:59| idnsSendQuery: FD 10: sendto: (13) Permission denied
2011/03/11 12:52:17| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:52:17| idnsSendQuery: FD 10: sendto: (13) Permission denied
2011/03/11 12:53:56| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:53:56| idnsSendQuery: FD 10: sendto: (13) Permission denied
2011/03/11 12:54:01| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:54:01| idnsSendQuery: FD 10: sendto: (13) Permission denied
2011/03/11 12:54:11| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:54:11| idnsSendQuery: FD 10: sendto: (13) Permission denied
2011/03/11 12:54:31| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:54:31| idnsSendQuery: FD 10: sendto: (13) Permission denied
2011/03/11 12:55:11| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:55:11| idnsSendQuery: FD 10: sendto: (13) Permission denied
2011/03/11 12:56:47| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:56:47| idnsSendQuery: FD 10: sendto: (13) Permission denied
2011/03/11 12:56:52| comm_udp_sendto: FD 10, (family=2) 192.168.43.3:53: (13) Permission denied
2011/03/11 12:56:52| idnsSendQuery: FD 10: sendto: (13) Permission denied
Правила фаервола следующие
Код: Выделить всё
00040 0 0 fwd 192.168.43.3,3128 tcp from 192.168.43.0/24 to any dst-port 80,443 via sk0
00400 434 40875 allow tcp from any to any established
00410 23 1748 allow ip from 192.168.120.117 to any out xmit re0
00505 0 0 deny log logamount 100 tcp from not me to any dst-port 25 out via re0
00525 0 0 allow log logamount 100 tcp from any to me dst-port 5222 keep-state
00526 0 0 deny log logamount 100 tcp from any to any dst-port 5222
00600 0 0 allow tcp from any to any dst-port 110 via re0
00610 0 0 allow tcp from any 110 to any via re0
00620 0 0 allow udp from any to any dst-port 53 via re0
00630 0 0 allow udp from any 53 to any via re0
00650 23 1748 allow udp from any to any dst-port 123 via re0
00660 0 0 allow udp from any 123 to any via re0
00700 3 329 allow ip from any to any via sk0
65535 17134 785431 deny ip from any to any
Подскажите в чем "грабли" - инет работает если фаер опен !? Спасибо!