В общем к делу
Ставим MPD5
Код: Выделить всё
#cd /usr/ports/net/mpd5
#make
#make install
#make clean
Теперь конфигурируем сам MPD5
Код: Выделить всё
startup:
set user foo bar admin
set user foo1 bar1
set web self 172.31.31.1 5006
set web open
default:
load pppoe_client
pppoe_client:
create bundle static Bukrtel
set iface route default
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set iface up-script /usr/local/etc/mpd5/script/up-pppoe.sh
set iface down-script /usr/local/etc/mpd5/script/down-pppoe.sh
create link static Lukrtel pppoe
set link action bundle Bukrtel
set auth authname login@dsl.ukrtel.net
set auth password *******
set link max-redial 0
set link mtu 1492
set link keep-alive 10 60
set pppoe iface fxp0
set pppoe service "ukrtelecom"
open
Код: Выделить всё
#!/bin/sh
tmpdir="/usr/local/etc/mpd5/script/tmp"
wan0_if=$1
wan0_ip=$3
wan0_gw=$4
rm -f $tmpdir/pppoe
touch $tmpdir/pppoe
#WAN PORTS
wan_tcp_svc="10000 ssh http ftp domain pptp"
wan_udp_svc="domain"
#LAN RDR
lan0_if="fxp1"
host_ports_lan0="51413, 5900, 9091"
host_lan0="172.31.31.2"
#RDR
echo "rdr pass on $wan0_if inet proto tcp to ($wan0_if) port {$host_ports_lan0} -> $dima_lan0" >> $tmpdir/pppoe
echo "rdr pass on $lan0_if inet proto tcp to ($wan0_if) port {$host_ports_lan0} tag LAN0RDR0 -> $dima_lan0" >> $tmpdir/pppoe
echo "nat on $lan0_if tagged LAN0RDR0 -> ($lan0_if:0)" >> $tmpdir/pppoe
#NAT
echo "nat on $wan0_if from ($lan0_if:network) to {!10.0.0.0/8, !192.168.0.0/16, !172.16.0.0/12} -> ($wan0_if)" >> $tmpdir/pppoe
#RULES
#echo "block in quick on $wan0_if to !($wan0_if)" >> $tmpdir/pppoe
echo "block log on $wan0_if" >> $tmpdir/pppoe
echo "block return-rst in log on $wan0_if inet proto tcp" >> $tmpdir/pppoe
echo "pass out on $wan0_if inet" >> $tmpdir/pppoe
echo "pass in on $wan0_if inet proto icmp to ($wan0_if) icmp-type echoreq code 0" >> $tmpdir/pppoe
echo "pass in on $wan0_if inet proto tcp to ($wan0_if) port { $wan_tcp_svc }" >> $tmpdir/pppoe
echo "pass in on $wan0_if inet proto udp to ($wan0_if) port { $wan_udp_svc }" >> $tmpdir/pppoe
#Execute
pfctl -a adsl-if/pppoe -f $tmpdir/pppoe
Код: Выделить всё
#!/bin/sh
pfctl -a adsl-if/pppoe -F all
Код: Выделить всё
#RFC1918
table <rfc1918> const {192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8}
#LAN0 - besic lan
if_lan0="fxp1"
net_lan0="172.31.31.0/24"
inet_addr="172.31.31.2, 172.31.31.3, 172.31.31.4, 172.31.31.5, 172.31.31.6, 172.31.31.7"
#LAN1 - adsl modem
if_lan1="fxp0"
net_lan1="192.168.1.0/24"
dsl2500u_lan1="192.168.1.1"
set skip on lo0
set block-policy return
scrub in all
nat-anchor "adsl-if/*"
rdr-anchor "adsl-if/*"
#NAT
nat on $if_lan1 from $net_lan0 to $dsl2500u_lan1 -> ($if_lan1)
#WAN0
block all
anchor "adsl-if/*"
#LAN0
block log on $if_lan0
block return-rst in log on $if_lan0 inet proto tcp
pass out on $if_lan0 inet
pass in on $if_lan0 inet proto tcp from $net_lan0 to $if_lan0
pass in on $if_lan0 inet proto udp from $net_lan0 to $if_lan0
pass in on $if_lan0 inet proto icmp from $net_lan0 to $if_lan0
pass in on $if_lan0 inet proto tcp from {$inet_addr} to !<rfc1918>
pass in on $if_lan0 inet proto icmp from {$inet_addr} to !<rfc1918> icmp-type echoreq code 0
pass in on $if_lan0 inet proto tcp from $net_lan0 to $dsl2500u_lan1
pass in on $if_lan0 inet proto icmp from $net_lan0 to $dsl2500u_lan1 icmp-type echoreq code 0
#LAN1
block log on $if_lan1
block return-rst in log on $if_lan1 inet proto tcp
pass out on $if_lan1 inet