uname -a FreeBSD mvdmain 7.3-STABLE FreeBSD 7.3-STABLE #1: Tue Jun 8 21:00:29 EEST 2010 root@mvdmain:/usr/obj/usr/src/sys/MVDMAIN i386
rc.conf
Код: Выделить всё
gateway_enable="YES"
ifconfig_rl0="inet 192.168.10.1 netmask 255.255.255.0"
ifconfig_rl0_alias0="inet 192.168.0.1 netmask 255.255.255.0"
# ISP1
ifconfig_rl2="inet XXX.XXX.85.105 netmask 255.255.255.0 -rxcsum"
# ISP2
ifconfig_rl1="inet XXX.XXX.252.120 netmask 255.255.255.0 -arp"
#ifconfig_rl1="dhcp"
hostname="mvdmain"
# ISP1
defaultrouter="XXX.XXX.85.97"
# ISP2
#defaultrouter="XXX.XXX.252.1"
setfib1_enable="YES"
setfib1_defaultroute="XXX.XXX.252.1"
#firewall_enable="YES"
#firewall_type="/etc/rc.fwmvd"
#firewall_flags=" add allow all from any to any"
#natd_enable="YES"
#natd_interface="rl2"
#natd_flags="-m -u"
pf_enable="NO"
#firewall_script="/etc/rc.firewall"
#ipsec_enable="YES"
#ipsec_file="/etc/ipsec.conf"
#ipnat_enable="NO"
#ipnat_rules="/etc/ipnat.conf"
sendmail_enable="NONE"
clamav_freshclam_enable="YES"
clamav_clamd_enable="YES"
racoon_enable="NO"
font8x8="cp866-8x8"
font8x14="cp866-8x14"
font8x16="cp866-8x16"
moused_enable="YES"
sshd_enable=YES
exim_enable="YES"
named_enable="YES"
inetd_enable="YES"
ntpdate_enable="YES"
smbd_enable="YES"
nmbd_enable="YES"
mpd_enable="YES"
#squid_enable="YES"
apache_enable="YES"
fsck_y_enable="YES"
background_fsck="YES"
Код: Выделить всё
/etc/natd.sh
Код: Выделить всё
#\!/bin/sh
/sbin/natd -p 8664/divert -f /etc/natd_rl1.conf -n rl1
/sbin/natd -p 8665/divert -f /etc/natd_rl2.conf -n rl2
/sbin/ipfw -q -f flush
cmd="/sbin/ipfw -q "
${cmd} add 10 divert 8664 all from 192.168.0.0/24 to any via rl1
${cmd} add 20 divert 8664 all from any to XXX.XXX.252.120 in recv rl1
${cmd} add 200 divert 8665 all from 192.168.10.0/24 to any via rl2
${cmd} add 201 divert 8665 all from any to XXX.XXX.85.105 in recv rl2
////////////////////////////////////////////////////////////////////////////A2 Взято с примера forum.lissyara.su (Честное разделение трафика между двумя ISP)
#${cmd} add 1010 prob 0.5 skipto 1060 ip from any to any in recv rl0
#${cmd} add 1040 setfib 0 ip from any to any via rl0 keep-state
#${cmd} add 1050 allow ip from any to any via rl0
#${cmd} add 1060 setfib 1 ip from any to any via rl0 keep-state
#${cmd} add 1070 allow ip from any to any via rl0
//A1////////////////////////////////////////////////////////////////////////// Этот кусок вообще блокирует выход в Инет
#${cmd} add 1080 deny ip from any to 192.168.0.0/16 in recv rl2
#${cmd} add 1090 deny ip from 192.168.0.0/16 to any in recv rl2 //#A1////////// По сюда :)
#${cmd} add 10100 deny ip from any to 172.16.0.0/12 in recv rl2
#${cmd} add 10110 deny ip from 172.16.0.0/12 to any in recv rl2
#${cmd} add 10120 deny ip from any to 10.0.0.0/8 in recv rl2
#${cmd} add 10130 deny ip from 10.0.0.0/8 to any in recv rl2
#${cmd} add 10140 deny ip from any to 169.254.0.0/16 in recv rl2
#${cmd} add 10150 deny ip from 169.254.0.0/16 to any in recv rl2
#${cmd} add 1081 deny ip from any to 192.168.0.0/16 in recv rl1
#${cmd} add 1091 deny ip from 192.168.0.0/16 to any in recv rl1
#${cmd} add 10101 deny ip from any to 172.16.0.0/12 in recv rl1
#${cmd} add 10111 deny ip from 172.16.0.0/12 to any in recv rl1
#${cmd} add 10121 deny ip from any to 10.0.0.0/8 in recv rl1
#${cmd} add 10131 deny ip from 10.0.0.0/8 to any in recv rl1
#${cmd} add 10141 deny ip from any to 169.254.0.0/16 in recv rl1
#${cmd} add 10151 deny ip from 169.254.0.0/16 to any in recv rl1
//A2//////////////////////////////////////////////////////////////////////////////////// Взято с примера forum.lissyara.su (Честное разделение трафика между двумя ISP) ну толком не работает - НЕ РОУТИТ (Может и руки) Но SKype роуты все равно находит :)
#${cmd} pipe 1 config bw 100Mbit/s queue 60 gred 0.002/10/30/0.1
#${cmd} queue 1 config pipe 1 mask src-ip 0xffffffff queue 60 gred 0.002/10/30/0.1
#${cmd} pipe 2 config bw 100Mbit/s queue 60 gred 0.002/10/30/0.1
#${cmd} queue 2 config pipe 2 mask dst-ip 0xffffffff queue 60 gred 0.002/10/30/0.1
#${cmd} pipe 3 config bw 100Mbit/s queue 60 gred 0.002/10/30/0.1
#${cmd} queue 3 config pipe 3 mask src-ip 0xffffffff queue 60 gred 0.002/10/30/0.1
#${cmd} pipe 4 config bw 100Mbit/s queue 60 gred 0.002/10/30/0.1
#${cmd} queue 4 config pipe 4 mask dst-ip 0xffffffff queue 60 gred 0.002/10/30/0.1
#${cmd} nat 1 config log if rl2 same_ports reset deny_in redirect_port tcp 192.168.10.22:XXXX XXXX redirect_port tcp 192.168.10.22:XXXX XXXX redirect_port tcp 192.168.10.105:XXXX XXXX
#${cmd} nat 2 config log if rl1 same_ports reset deny_in
#${cmd} add 10160 queue 1 ip from any to any out xmit rl2
#${cmd} add 10170 nat 1 ip from any to any via rl2
#${cmd} add 10180 queue 2 ip from any to any in recv rl2
#${cmd} add 10190 queue 3 ip from any to any out xmit rl1
#${cmd} add 10200 nat 2 ip from any to any via rl1
#${cmd} add 10210 queue 4 ip from any to any in recv rl1
#${cmd} add 10220 allow all from any to any
#${cmd} add 65534 deny all from any to any //////////////////////////////////////////// #A2
echo "nameserver XXX.XXX.XXX.XXX">/etc/resolv.conf ///ISP1
echo "nameserver XXX.XXX.XXX.XXX">>/etc/resolv.conf ///ISP1
echo "nameserver XXX.XXX.XXX.XXX">>/etc/resolv.conf ///ISP2
Код: Выделить всё
options IPDIVERT
#options BRIDGE
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
options IPFIREWALL_NAT
options DUMMYNET
options LIBALIAS
options ROUTETABLES=2
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFILTER
options IPFILTER_LOG
options ALTQ
С подсети 192.168.10.0/24 все прекрастно ходит через rl2 туда и обратно
А как добиться чтобы машинки ездили из под сети 192.168.0.0/24 на rl1 и возвращались оттудаго обратно не допру!