MPD5 проблема с роутингом.

Настройка сетевых служб, маршрутизации, фаерволлов. Проблемы с сетевым оборудованием.
Правила форума
Убедительная просьба юзать теги [code] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
MrRC
рядовой
Сообщения: 10
Зарегистрирован: 2011-06-13 9:21:57
Контактная информация:

MPD5 проблема с роутингом.

Непрочитанное сообщение MrRC » 2012-12-16 20:10:40

Добрый вечер Всем !
Помогите пожалуйста разобраться с проблемой!
Имеем "роутер":

Код: Выделить всё

el-***# uname -a
FreeBSD el-system.in.ua 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Wed Feb  8 01:16:48 EET 2012     MrRC@el-***.in.ua:/usr/obj/usr/src/sys/mykern01  amd64
re0: - провайдер pppoe "без dhcp"
re1: - Локалка 192.168.241.1

Доступ к интернету осуществляет MPD5
Конфиг:

Код: Выделить всё

startup:
    set user adm 111 admin
    set console self 127.0.0.1 5005
    set web open

default:
    load pppoe_client

pppoe_client:
    create bundle static B1
    set iface route default
    set ipcp ranges 0.0.0.0/0 0.0.0.0/0
    set ipcp enable req-pri-dns
    set ipcp enable req-sec-dns

    create link static L1 pppoe
    set link action bundle B1
    set auth authname login
    set auth password password
    set link max-redial 0
    set link disable check-magic
    set link mtu 1480
    set link keep-alive 10 60
    set pppoe iface re0
    set pppoe service ""
    open
Суть проблемы в том что после поднятия коннекта к провайдеру не могу подключиться к NFS шаре роутера и при входе на роутер по ssh тормоз более минуты !

Код: Выделить всё

root@debian:/home/mrrc# mount 192.168.241.1://usr/www /media/www
mount.nfs: mount to NFS server '192.168.241.1://usr/www' failed: timed out, giving up
Если выключить MPD5 все замечательно работает. Настройкам и роутеру более года и всё работало нормально без никаких проблем. Ничего не обновлял не перенастраивал.
Подскажите в какую сторону смотреть ?!

Хостинговая компания Host-Food.ru
Хостинг HostFood.ru
 

Услуги хостинговой компании Host-Food.ru

Хостинг HostFood.ru

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

Аватара пользователя
Electronik
капитан
Сообщения: 1593
Зарегистрирован: 2008-11-15 17:32:56
Откуда: Минск
Контактная информация:

Re: MPD5 проблема с роутингом.

Непрочитанное сообщение Electronik » 2012-12-16 20:39:54

dmesg -a покажите
Предскажем будущее hw по логам и дампу, снимем сглаз и порчу с рута, поможем придумать пароль(С)
Блог

MrRC
рядовой
Сообщения: 10
Зарегистрирован: 2011-06-13 9:21:57
Контактная информация:

Re: MPD5 проблема с роутингом.

Непрочитанное сообщение MrRC » 2012-12-16 20:50:35

Код: Выделить всё

Copyright (c) 1992-2012 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 9.0-RELEASE #0: Wed Feb  8 01:16:48 EET 2012
    MrRC@el-***.in.ua:/usr/obj/usr/src/sys/mykern01 amd64
can't re-use a leaf (hwpstate_verbose)!
module_register: module cpu/ichss already exists!
Module cpu/ichss failed to register: 17
module_register: module cpu/powernow already exists!
Module cpu/powernow failed to register: 17
module_register: module cpu/est already exists!
Module cpu/est failed to register: 17
module_register: module cpu/hwpstate already exists!
Module cpu/hwpstate failed to register: 17
module_register: module cpu/p4tcc already exists!
Module cpu/p4tcc failed to register: 17
CPU: Intel(R) Pentium(R) CPU G630 @ 2.70GHz (2693.94-MHz K8-class CPU)
  Origin = "GenuineIntel"  Id = 0x206a7  Family = 6  Model = 2a  Stepping = 7
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x59ae3bf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,TSCDLT,XSAVE>
  AMD Features=0x28000800<SYSCALL,RDTSCP,LM>
  AMD Features2=0x1<LAHF>
  TSC: P-state invariant, performance statistics
real memory  = 17179869184 (16384 MB)
avail memory = 16471810048 (15708 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <ALASKA A M I>
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s)
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  2
ioapic0 <Version 2.0> irqs 0-23 on motherboard
kbd1 at kbdmux0
acpi0: <ALASKA A M I> on motherboard
acpi0: Power Button (fixed)
acpi0: reservation of 67, 1 (4) failed
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
vgapci0: <VGA-compatible display> port 0xf000-0xf03f mem 0xf7800000-0xf7bfffff,0xe0000000-0xefffffff irq 16 at device 2.0 on pci0
pci0: <simple comms> at device 22.0 (no driver attached)
ehci0: <EHCI (generic) USB 2.0 controller> mem 0xf7d04000-0xf7d043ff irq 16 at device 26.0 on pci0
usbus0: EHCI version 1.0
usbus0: <EHCI (generic) USB 2.0 controller> on ehci0
pcib1: <ACPI PCI-PCI bridge> irq 16 at device 28.0 on pci0
pci1: <ACPI PCI bus> on pcib1
re0: <RealTek 8168/8111 B/C/CP/D/DP/E PCIe Gigabit Ethernet> port 0xe000-0xe0ff mem 0xf7c00000-0xf7c00fff,0xf0100000-0xf010ffff irq 16 at device 0.0 on pci1
re0: Using 1 MSI-X message
re0: Chip rev. 0x3c000000
re0: MAC rev. 0x00400000
miibus0: <MII bus> on re0
rgephy0: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on miibus0
rgephy0:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re0: Ethernet address: 00:e0:4c:80:1a:50
pcib2: <ACPI PCI-PCI bridge> irq 18 at device 28.2 on pci0
pci2: <ACPI PCI bus> on pcib2
re1: <RealTek 8168/8111 B/C/CP/D/DP/E PCIe Gigabit Ethernet> port 0xd000-0xd0ff mem 0xf0004000-0xf0004fff,0xf0000000-0xf0003fff irq 18 at device 0.0 on pci2
re1: Using 1 MSI-X message
re1: Chip rev. 0x2c800000
re1: MAC rev. 0x00000000
miibus1: <MII bus> on re1
rgephy1: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on miibus1
rgephy1:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re1: Ethernet address: bc:5f:f4:14:d9:67
ehci1: <EHCI (generic) USB 2.0 controller> mem 0xf7d03000-0xf7d033ff irq 23 at device 29.0 on pci0
usbus1: EHCI version 1.0
usbus1: <EHCI (generic) USB 2.0 controller> on ehci1
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
ahci0: <Intel Cougar Point AHCI SATA controller> port 0xf0b0-0xf0b7,0xf0a0-0xf0a3,0xf090-0xf097,0xf080-0xf083,0xf060-0xf07f mem 0xf7d02000-0xf7d027ff irq 19 at device 31.2 on pci0
ahci0: AHCI v1.30 with 4 3Gbps ports, Port Multiplier not supported
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
ahcich2: <AHCI channel> at channel 4 on ahci0
ahcich3: <AHCI channel> at channel 5 on ahci0
pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
acpi_button0: <Power Button> on acpi0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 550
Event timer "HPET1" frequency 14318180 Hz quality 440
Event timer "HPET2" frequency 14318180 Hz quality 440
Event timer "HPET3" frequency 14318180 Hz quality 440
Event timer "HPET4" frequency 14318180 Hz quality 440
Event timer "HPET5" frequency 14318180 Hz quality 440
Event timer "HPET6" frequency 14318180 Hz quality 440
atrtc0: <AT realtime clock> port 0x70-0x77 irq 8 on acpi0
atrtc0: Warning: Couldn't map I/O.
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
coretemp0: <CPU On-Die Thermal Sensors> on cpu0
est0: <Enhanced SpeedStep Frequency Control> on cpu0
coretemp1: <CPU On-Die Thermal Sensors> on cpu1
est1: <Enhanced SpeedStep Frequency Control> on cpu1
ZFS filesystem version 5
ZFS storage pool version 28
Timecounters tick every 1.000 msec
ipfw2 initialized, divert enabled, nat loadable, rule-based forwarding enabled, default to deny, logging disabled
usbus0: 480Mbps High Speed USB v2.0
usbus1: 480Mbps High Speed USB v2.0
ugen0.1: <Intel> at usbus0
uhub0: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus0
ugen1.1: <Intel> at usbus1
uhub1: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <WDC WD5000AADS-00S9B0 01.00A01> ATA-8 SATA 2.x device
ada0: 300.000MB/s transfers (SATA 2.x, UDMA6, PIO 8192bytes)
ada0: Command Queueing enabled
ada0: 476940MB (976773168 512 byte sectors: 16H 63S/T 16383C)
ada0: Previously was known as ad4
ada1 at ahcich1 bus 0 scbus1 target 0 lun 0
ada1: <WDC WD5000AACS-00G8B1 05.04C05> ATA-8 SATA 2.x device
ada1: 300.000MB/s transfers (SATA 2.x, UDMA6, PIO 8192bytes)
ada1: Command Queueing enabled
ada1: 476940MB (976773168 512 byte sectors: 16H 63S/T 16383C)
ada1: Previously was known as ad6
SMP: AP CPU #1 Launched!
Timecounter "TSC-low" frequency 10523215 Hz quality 1000
Root mount waiting for: usbus1 usbus0
uhub0: 2 ports with 2 removable, self powered
uhub1: 2 ports with 2 removable, self powered
Root mount waiting for: usbus1 usbus0
ugen0.2: <vendor 0x8087> at usbus0
uhub2: <vendor 0x8087 product 0x0024, class 9/0, rev 2.00/0.00, addr 2> on usbus0
ugen1.2: <vendor 0x8087> at usbus1
uhub3: <vendor 0x8087 product 0x0024, class 9/0, rev 2.00/0.00, addr 2> on usbus1
uhub2: 4 ports with 4 removable, self powered
uhub3: 6 ports with 6 removable, self powered
Trying to mount root from zfs:zfs-root/root []...
Setting hostuuid: 584c5ac0-f9ce-11df-810c-bcaec59647fc.
Setting hostid: 0x2ac8b719.
Entropy harvesting: interrupts ethernet point_to_point kickstart.
Starting file system checks:
Mounting local file systems:.
Setting hostname: el-***.in.ua.
Starting Network: lo0 re1.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet 127.0.0.1 netmask 0xff000000 
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=389b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
	ether bc:5f:f4:14:d9:67
	inet 192.168.241.1 netmask 0xffffff00 broadcast 192.168.241.255
	media: Ethernet autoselect (none)
	status: no carrier
Starting devd.
route: writing to routing socket: Network is unreachable
add net default: gateway 193.151.***.***: Network is unreachable
Additional inet routing options: gateway=YES.
Flushed all rules.
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from 192.168.241.0/24 to any in via ng0
00500 deny ip from 193.151.***.****/26 to any in via re1
00600 deny ip from any to 10.0.0.0/8 in via ng0
00700 deny ip from any to 172.16.0.0/12 in via ng0
00800 deny ip from any to 192.168.0.0/16 in via ng0
00900 deny ip from any to 0.0.0.0/8 in via ng0
01000 deny ip from any to 169.254.0.0/16 in via ng0
01100 deny ip from any to 224.0.0.0/4 in via ng0
01200 deny ip from any to 240.0.0.0/4 in via ng0
01300 deny icmp from any to any frag
01400 deny log icmp from any to 255.255.255.255 in via ng0
01500 deny log icmp from any to 255.255.255.255 out via ng0
01600 divert 8668 ip from 192.168.241.0/24 to any out via ng0
01700 divert 8668 ip from any to 193.151.***.*** in via ng0
01800 deny ip from 10.0.0.0/8 to any out via ng0
01900 deny ip from 172.16.0.0/12 to any out via ng0
02000 deny ip from 192.168.0.0/16 to any out via ng0
02100 deny ip from 0.0.0.0/8 to any out via ng0
02200 deny ip from 169.254.0.0/16 to any out via ng0
02300 deny ip from 224.0.0.0/4 to any out via ng0
02400 deny ip from 240.0.0.0/4 to any out via ng0
02500 allow icmp from any to any icmptypes 0,8,11
02600 allow ip from any to 192.168.241.0/24 in via re1
02700 allow ip from 192.168.241.0/24 to any out via re1
02800 allow tcp from any to any established
02900 allow udp from any 53 to any via ng0
03000 allow udp from any to any dst-port 53 via ng0
03100 allow udp from any to any dst-port 53
03200 allow udp from any 53 to any
03300 allow udp from any to any dst-port 123 via ng0
03400 allow tcp from any to 193.151.***.*** dst-port 80 in via ng0 setup
03600 allow tcp from any to 193.151.***.*** dst-port 25 in via ng0 setup
03700 allow tcp from any to 193.151.***.*** dst-port 993 in via ng0 setup
03800 allow tcp from any to 193.151.***.*** dst-port 321 in via ng0 setup
03900 allow tcp from any to 193.151.***.*** dst-port 49152-65535 via ng0
04000 allow tcp from any to 193.151.***.*** dst-port 32200 in via ng0 setup
04100 allow tcp from 192.168.241.0/24 to any dst-port 5190 in via re1 setup
04200 deny log tcp from any to 193.151.***.*** in via ng0 setup
04300 allow tcp from 193.151.***.*** to any out via ng0 setup
04400 allow tcp from any to 193.151.***.*** in via re1 setup
04500 allow tcp from 192.168.241.2 to not 192.168.241.0/24 in via re1 setup
04600 allow tcp from 192.168.241.3 to not 192.168.241.0/24 in via re1 setup
04700 allow tcp from 192.168.241.4 to not 192.168.241.0/24 in via re1 setup
04800 allow tcp from 192.168.241.5 to not 192.168.241.0/24 in via re1 setup
04900 allow tcp from 192.168.241.6 to not 192.168.241.0/24 in via re1 setup
05000 allow tcp from 192.168.241.7 to not 192.168.241.0/24 in via re1 setup
05100 allow tcp from 192.168.241.8 to not 192.168.241.0/24 in via re1 setup
05200 allow tcp from 192.168.241.9 to not 192.168.241.0/24 in via re1 setup
05300 allow tcp from 192.168.241.10 to not 192.168.241.0/24 in via re1 setup
05400 allow tcp from 192.168.241.11 to not 192.168.241.0/24 in via re1 setup
05500 allow tcp from 192.168.241.12 to not 192.168.241.0/24 in via re1 setup
05600 deny ip from any to any
Firewall rules loaded.
Starting natd.
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/dovecot /usr/local/lib/dovecot/imap /usr/local/lib/dovecot/lda /usr/local/lib/dovecot/pop3 /usr/local/lib/event2 /usr/local/lib/mysql
32-bit compatibility ldconfig path: /usr/lib32
Creating and/or trimming log files.
Starting syslogd.
Starting named.
Dec 16 18:44:29 el-*** named[1042]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Starting rpcbind.
Dec 16 18:44:29 el-*** rpcbind: cannot create socket for udp6
Clearing /tmp (X related).
Starting mountd.
NFSv4 is disabled
Starting nfsd.
Starting mpd5.
Starting pureftpd.
re0: link state changed to DOWN
Running: /usr/local/sbin/pure-ftpd -g/var/run/pure-ftpd.pid -A -c5 -B -C3 -D -E -fftp -H -I2 -lmysql:/usr/local/etc/pureftpd-mysql.conf -L100:10 -m4 -p49152:65534 -s -S193.151.***.***,321 -U133:022 -u1000 -k99 -Z -4 -8koi8-r -9cp1251
Dec 16 18:44:30 el-*** pure-ftpd: (?@?) [ERROR] Unable to start a standalone server: [Can't assign requested address]
Updating motd:.
Starting powerd.
Starting dhcpd.
Internet Systems Consortium DHCP Server 4.2.4-P2
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 2 leases to leases file.
Listening on BPF/re1/bc:5f:f4:14:d9:67/192.168.241.0/24
Sending on   BPF/re1/bc:5f:f4:14:d9:67/192.168.241.0/24
Sending on   Socket/fallback/fallback-net
Removing stale Samba tdb files:  done
Starting mysql.
re1: link state changed to UP
re0: link state changed to UP
Starting dovecot.
postfix/postfix-script: starting the Postfix mail system
Starting lighttpd.
Configuring syscons: keymap blanktime.
Starting sshd.
Starting cron.
Starting background file system checks in 60 seconds.

Sun Dec 16 18:44:40 EET 2012
ipfw: 4200 Deny TCP 193.151.40.79:26712 193.151.***.***:445 in via ng0
ipfw: 4200 Deny TCP 193.151.40.79:26713 193.151.***.***:139 in via ng0