Имеется интренет 100MBIT/S канал по PPPoE, сетевая карта на 1 гигабит.
Когда подключение по сети без фаервола - сеть работает отлично на скорости 1гб/с, но если пытаюсь раздаывать интернет через pf по локалке сразу же все отваливается, и сеть к тому же.
uname -a
Код: Выделить всё
FreeBSD loc 9.1-RELEASE FreeBSD 9.1-RELEASE #0: Fri Feb 22 23:35:34 MSK 2013 root@loc:/usr/obj/usr/src/sys/LOC amd64re0 - карта подключена к интернету
re1 - та самая карта на гигабит
rl0 - карта на 100мб с которой с таким же конфигом как и с 1 гигабит отлично работает
Код: Выделить всё
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether 1c:6f:65:85:1a:57
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet 100baseTX <full-duplex>
status: active
re1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether 64:70:02:00:9f:09
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (100baseTX <half-duplex>)
status: no carrier
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=2008<VLAN_MTU,WOL_MAGIC>
ether 00:e0:4c:50:07:cf
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::2e0:4cff:fe50:7cf%rl0 prefixlen 64 scopeid 0x9
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (100baseTX <full-duplex>)
status: activeКод: Выделить всё
re0@pci0:3:0:0: class=0x020000 card=0xe0001458 chip=0x816810ec rev=0x03 hdr=0x00
vendor = 'Realtek Semiconductor Co., Ltd.'
device = 'RTL8111/8168B PCI Express Gigabit Ethernet controller'
class = network
re1@pci0:4:6:0: class=0x020000 card=0x816910ec chip=0x816910ec rev=0x10 hdr=0x00
vendor = 'Realtek Semiconductor Co., Ltd.'
device = 'RTL-8169 Gigabit Ethernet'
class = network
rl0@pci0:4:8:0: class=0x020000 card=0x813910ec chip=0x813910ec rev=0x10 hdr=0x00
vendor = 'Realtek Semiconductor Co., Ltd.'
device = 'RTL-8139/8139C/8139C+'
class = network
Код: Выделить всё
ifconfig_re0="media 100baseTX mediaopt full-duplex"
ifconfig_re1="inet 192.168.1.1 netmask 255.255.255.0 media 1000baseTX mediaopt full-duplex"
ifconfig_rl0="inet 192.168.0.1 netmask 255.255.255.0"Код: Выделить всё
lan_if="rl0" # Локалка
ext_if="ng0" # Интернет
lan_net="{192.168.0.0/24, 192.168.1.0/24}"
ssh_users="{8.8.8.8}"
ftp_users="{8.8.8.8}"
allow_to_nat="{192.168.0.0/24}"
priv_nets = "{127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8}"
inet_open_ports = "{25,110,443,80}"
set block-policy drop
set state-policy floating
set loginterface $ext_if
set limit {frags 100000, states 100000}
set optimization normal
set skip on lo0
set timeout {frag 10, tcp.established 3600}
scrub in all
nat on $ext_if from $allow_to_nat to any -> $ext_if
antispoof quick for {$lan_if, $ext_if}
block log all
pass quick on lo0 all
block in quick from any os NMAP
pass in on {$lan_if} proto udp from $lan_net to {$lan_if} port domain
pass in on $ext_if inet proto {tcp, udp} from any to $ext_if port 53 flags S/SA keep state
pass in on {$lan_if} proto udp from $lan_net to any port ntp
pass in on $ext_if inet proto icmp icmp-type echoreq code 0 keep state
pass quick on {$ext_if} proto tcp from $ftp_users to any port 20:21 flags S/SA keep state
pass quick on {$ext_if} proto tcp from $ftp_users to any port 50000:50100 flags S/SA keep state
pass in on $ext_if proto tcp from $ssh_users to $ext_if port ssh
pass in on $ext_if inet proto {tcp,udp} from any to any port $inet_open_ports flags S/SA keep state
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
pass in quick on {$lan_if} from $lan_net to any
pass out quick on {$lan_if} from self to $lan_net
pass out quick on $ext_if from self to any keep state
