Проблемы с pptp(клиент) соединением во FreeBSD

[OK999]

Ребята, помогите решить проблему в вобщем читал я все, что пишет гугл, ваш форум по проблеме FreeBSD, mpd5, PF и NAT.

Выполняю все рекомедации процентов десять сайтов, как не хотели открываться так и не открываються, хотя с Windows XP все открываеться нормально...
На машине с FreeBSD все открываеться на ура...

Проблема ясна не соответсвие mtu на интерфейсах. Давайте начнем с начала, провайдер предоставляет доступ к интернету через pptp соединение, т.е имееться две сетевухи одна смотрит в сторону провайдера др. в локальную сеть. Между ними бегает "NAT".

Пытался решить проблему в лоб:

т.е решил на всех интерфейсах поменять значение mtu с 1500 на 1400 и на клиентских машинах тоже выставил 1460

Код: Выделить всё

ifconfig ale0 mtu 1460
ifconfig sk0 mtu 1460
ifconfig ng0 mtu 1460

Значение mtu установились но проблема осталась...


Мои сетевые настройки:

ifconfig:

Код: Выделить всё

ale0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1460
        options=319a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MCAST,WOL_MAGIC>
        ether 00:21:97:29:0c:8f
        inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
sk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1460
        options=b<RXCSUM,TXCSUM,VLAN_MTU>
        ether 00:19:5b:85:c3:11
        inet 10.33.65.15 netmask 0xffffff00 broadcast 10.33.65.255
        media: Ethernet autoselect (none)
        status: active
sk1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1460
        options=b<RXCSUM,TXCSUM,VLAN_MTU>
        ether 00:19:5b:85:c3:0b
        media: Ethernet autoselect (none)
        status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 1460
        options=3<RXCSUM,TXCSUM>
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33200
pfsync0: flags=0<> metric 0 mtu 1460
        syncpeer: 224.0.0.240 maxupd: 128
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1460
        inet 10.33.65.152 --> 192.168.20.1 netmask 0xffffffff

cat /etc/rc.conf

Код: Выделить всё

static_routes="vpn"
route_vpn="-net 10.4.200.0/24 10.33.65.249"
ifconfig_ale0="inet 192.168.0.100  netmask 255.255.255.0"
ifconfig_sk0="inet 10.33.65.15 netmask 255.255.255.0"

keymap="us.iso"
sshd_enable="YES"

mpd_enable="YES"
gateway_enable="YES"

pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""

cat /etc/pf.conf

Код: Выделить всё

int_lan = "ale0"            # Интерфейс локальной сети
int_wan= "sk0"            # Интерфейс смотрящий в сеть провайдера
vpn_pptp = "ng0"          # Интерфейс pptp

set block-policy return
set state-policy floating
set loginterface $int_wan
set limit { frags 100000, states 100000 }
set optimization normal
set skip on lo0
scrub all
#NAT
nat on $int_wan proto { tcp udp icmp } from $int_lan:network to any -> ($int_wan)
nat on $vpn_pptp proto { tcp udp icmp gre } from $int_if:network to any -> ($vpn_pptp)

cat /usr/local/etc/mpd5/mpd.conf

Код: Выделить всё

startup:
        # configure mpd users
        set user foo bar admin
        set user foo1 bar1
        # configure the console
        set console self 127.0.0.1 5005
        set console open
        # configure the web server
        set web self 0.0.0.0 5006
        set web open
default:
        load pptp_client

pptp_client:

        create bundle static B1
        set iface route default
        set ipcp ranges 0.0.0.0/0 0.0.0.0/0

        create link static L1 pptp
        set link action bundle B1
        set auth authname test
        set auth password test
        set link max-redial 0
        set link mtu 1460
        set iface enable tcpmssfix
        set link keep-alive 20 75
        set pptp peer 10.4.200.1
        set pptp disable windowing
        open

Если есть какие-либо идеи пишите как можно решить данную проблему... Спасибо.

[Хостинг HostFood.ru]

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

[Гость]

плохо значит искали
купите книгу - гугл для чайников
потому что только вчера одному обьяснил, а в течении года почти каждую неделю такой топик поднимаеться

[Al]

icmp unreach code needfrag?

[OK999]

Ребят можно объяснить подробнее, как можно решить данную проблему?

[OK999]

посмотрите пожалуйста я исправил правила в фаерволе для того чтобы через pptp соединение открывались все сайты, если кто-нибудь может что-то дополнить буду рад выслушать любые предложения:


cat /etc/pf.conf

Код: Выделить всё

########################Правила фильтрации трафика#########################
#Описание наших интерфейсов

wan="sk0"  	#Сеть интернет провайдера
lan="ale0"	#Локальная сеть	
pptp="ng0"	#pptp соединение
martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, 0.0.0.0/8, 240.0.0.0/4 }" 


set block-policy return # блокировать все запросы не существующие сервисы
antispoof for $wan
antispoof for $lan #Защита от подделки IP адресов

scrub all #Нормализация всего трафика


# Описание NAT

nat on $wan proto {tcp udp icmp} from $lan:network to any -> ($wan)
nat on $pptp proto {tcp udp icmp gre} from $lan:network to any -> ($pptp)


pass in on $wan inet proto icmp all icmp-type unreach code needfrag keep state

block drop in quick on $wan from $martians to any   #Защита от ошибок
block drop out quick on $wan from any to $martians

Что ище можно сделать чтобы все сайты открывались?

[OK999]

Прилогаю трейсы:
Успешный с сервака FreeBSD:

15:26:04.048256 IP 10.33.65.152.57910 > ns1.gameline.tj.domain: 37269+ A? avesta.tj. (27)
15:26:04.076886 IP ns1.gameline.tj.domain > 10.33.65.152.57910: 37269 1/4/8 A 92.61.149.222 (302)
15:26:04.077121 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [S], seq 3184494370, win 65535, options [mss 1420,nop,wscale 3,sackOK,TS val 3964500 ecr 0], length 0
15:26:04.252628 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [S.], seq 613499144, ack 3184494371, win 5792, options [mss 1460,sackOK,TS val 35330731 ecr 3964500,nop,wscale 7], length 0
15:26:04.252660 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 1, win 8272, options [nop,nop,TS val 3964676 ecr 35330731], length 0
15:26:04.252822 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [P.], ack 1, win 8272, options [nop,nop,TS val 3964677 ecr 35330731], length 592
15:26:04.425382 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35330775 ecr 3964677], length 0
15:26:04.791908 IP 10.33.65.152.23825 > ns1.gameline.tj.domain: 16249+ PTR? 2.48.75.109.in-addr.arpa. (42)
15:26:04.814332 IP ns1.gameline.tj.domain > 10.33.65.152.23825: 16249* 1/1/1 PTR[|domain]
15:26:04.814494 IP 10.33.65.152.12731 > ns1.gameline.tj.domain: 16250+ PTR? 152.65.33.10.in-addr.arpa. (43)
15:26:04.843091 IP ns1.gameline.tj.domain > 10.33.65.152.12731: 16250 NXDomain 0/1/0 (120)
15:26:04.843237 IP 10.33.65.152.17575 > ns1.gameline.tj.domain: 16251+ PTR? 222.149.61.92.in-addr.arpa. (44)
15:26:04.889427 IP ns1.gameline.tj.domain > 10.33.65.152.17575: 16251 1/4/8 PTR[|domain]
15:26:05.701978 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331093 ecr 3964677], length 1408
15:26:05.706972 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331093 ecr 3964677], length 1408
15:26:05.706994 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 2817, win 8096, options [nop,nop,TS val 3966141 ecr 35331093], length 0
15:26:05.890711 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331138 ecr 3966141], length 1408
15:26:05.890746 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 4225, win 8272, options [nop,nop,TS val 3966326 ecr 35331138], length 0
15:26:05.895303 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331138 ecr 3966141], length 1408
15:26:05.901892 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331138 ecr 3966141], length 1408
15:26:05.901911 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 7041, win 8096, options [nop,nop,TS val 3966337 ecr 35331138], length 0
15:26:06.076148 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331185 ecr 3966326], length 1408
15:26:06.076176 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 8449, win 8272, options [nop,nop,TS val 3966513 ecr 35331185], length 0
15:26:06.080946 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331185 ecr 3966326], length 1408
15:26:06.083836 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331187 ecr 3966337], length 1408
15:26:06.083855 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 11265, win 8096, options [nop,nop,TS val 3966521 ecr 35331185], length 0
15:26:06.094821 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331187 ecr 3966337], length 1408
15:26:06.094839 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 11265, win 8272, options [nop,nop,TS val 3966532 ecr 35331185,nop,nop,sack 1 {12673:14081}], length 0
15:26:06.249702 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331229 ecr 3966513], length 1408
15:26:06.249720 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 11265, win 8272, options [nop,nop,TS val 3966688 ecr 35331185,nop,nop,sack 1 {12673:15489}], length 0
15:26:06.254694 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331229 ecr 3966513], length 1408
15:26:06.254710 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 11265, win 8272, options [nop,nop,TS val 3966693 ecr 35331185,nop,nop,sack 1 {12673:16897}], length 0
15:26:06.265278 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331232 ecr 3966521], length 1408
15:26:06.265293 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 11265, win 8272, options [nop,nop,TS val 3966703 ecr 35331185,nop,nop,sack 1 {12673:18305}], length 0
15:26:06.272368 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331232 ecr 3966521], length 1408
15:26:06.272383 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 11265, win 8272, options [nop,nop,TS val 3966710 ecr 35331185,nop,nop,sack 1 {12673:19713}], length 0
15:26:06.286648 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331232 ecr 3966521], length 1408
15:26:06.286664 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 11265, win 8272, options [nop,nop,TS val 3966725 ecr 35331185,nop,nop,sack 1 {12673:21121}], length 0
15:26:06.317005 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331235 ecr 3966532], length 1408
15:26:06.317022 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 11265, win 8272, options [nop,nop,TS val 3966755 ecr 35331185,nop,nop,sack 1 {12673:22529}], length 0
15:26:06.455911 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331280 ecr 3966688], length 1408
15:26:06.455927 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 11265, win 8272, options [nop,nop,TS val 3966895 ecr 35331185,nop,nop,sack 1 {12673:23937}], length 0
15:26:06.460702 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331280 ecr 3966693], length 1408
15:26:06.460726 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 23937, win 6688, options [nop,nop,TS val 3966900 ecr 35331280], length 0
15:26:06.460765 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 23937, win 8272, options [nop,nop,TS val 3966900 ecr 35331280], length 0
15:26:06.463597 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331280 ecr 3966710], length 1408
15:26:06.503445 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331293 ecr 3966755], length 1408
15:26:06.503465 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 26753, win 8096, options [nop,nop,TS val 3966943 ecr 35331280], length 0
15:26:06.628567 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331324 ecr 3966895], length 1408
15:26:06.628600 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 28161, win 8272, options [nop,nop,TS val 3967069 ecr 35331324], length 0
15:26:06.644347 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331327 ecr 3966900], length 1408
15:26:06.678196 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331337 ecr 3966943], length 1408
15:26:06.678215 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 30977, win 8096, options [nop,nop,TS val 3967119 ecr 35331327], length 0
15:26:06.686785 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331337 ecr 3966943], length 1408
15:26:06.686815 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 32385, win 8272, options [nop,nop,TS val 3967128 ecr 35331337], length 0
15:26:06.689780 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331337 ecr 3966943], length 1408
15:26:06.789782 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 33793, win 8272, options [nop,nop,TS val 3967232 ecr 35331337], length 0
15:26:06.814404 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331371 ecr 3967069], length 1408
15:26:06.913271 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331396 ecr 3967119], length 1408
15:26:06.913291 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 36609, win 8096, options [nop,nop,TS val 3967356 ecr 35331371], length 0
15:26:06.923251 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331396 ecr 3967119], length 1408
15:26:06.923288 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 38017, win 8272, options [nop,nop,TS val 3967366 ecr 35331396], length 0
15:26:06.937232 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331396 ecr 3967128], length 1408
15:26:06.946217 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331396 ecr 3967128], length 1408
15:26:06.946235 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 40833, win 8096, options [nop,nop,TS val 3967389 ecr 35331396], length 0
15:26:07.086021 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331439 ecr 3967356], length 1408
15:26:07.086056 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 42241, win 8272, options [nop,nop,TS val 3967530 ecr 35331439], length 0
15:26:07.090411 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331439 ecr 3967356], length 1408
15:26:07.095402 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331439 ecr 3967356], length 1408
15:26:07.095411 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 45057, win 7920, options [nop,nop,TS val 3967539 ecr 35331439], length 0
15:26:07.098561 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 45057, win 8272, options [nop,nop,TS val 3967542 ecr 35331439], length 0
15:26:07.126167 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331447 ecr 3967389], length 1408
15:26:07.136149 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331447 ecr 3967389], length 1408
15:26:07.136168 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 47873, win 8096, options [nop,nop,TS val 3967580 ecr 35331447], length 0
15:26:07.151128 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331447 ecr 3967389], length 1408
15:26:07.151154 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 49281, win 8272, options [nop,nop,TS val 3967595 ecr 35331447], length 0
15:26:07.161114 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331447 ecr 3967389], length 1408
15:26:07.260674 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 50689, win 8272, options [nop,nop,TS val 3967706 ecr 35331447], length 0
15:26:07.286038 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331490 ecr 3967539], length 1408
15:26:07.291031 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331490 ecr 3967539], length 1408
15:26:07.291049 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 53505, win 8096, options [nop,nop,TS val 3967736 ecr 35331490], length 0
15:26:07.296023 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331490 ecr 3967539], length 1408
15:26:07.296052 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 54913, win 8272, options [nop,nop,TS val 3967741 ecr 35331490], length 0
15:26:07.325083 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331499 ecr 3967595], length 1408
15:26:07.335068 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331499 ecr 3967595], length 1408
15:26:07.335087 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 57729, win 8096, options [nop,nop,TS val 3967780 ecr 35331499], length 0
15:26:07.350046 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331499 ecr 3967595], length 1408
15:26:07.350076 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 59137, win 8272, options [nop,nop,TS val 3967796 ecr 35331499], length 0
15:26:07.493945 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331541 ecr 3967736], length 1408
15:26:07.498933 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331541 ecr 3967736], length 1408
15:26:07.498942 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 61953, win 8096, options [nop,nop,TS val 3967945 ecr 35331541], length 0
15:26:07.503925 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [.], ack 593, win 55, options [nop,nop,TS val 35331541 ecr 3967736], length 1408
15:26:07.511456 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 63361, win 8272, options [nop,nop,TS val 3967958 ecr 35331541], length 0
15:26:07.518811 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [P.], ack 593, win 55, options [nop,nop,TS val 35331543 ecr 3967741], length 1301
15:26:07.618450 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 64662, win 8272, options [nop,nop,TS val 3968066 ecr 35331543], length 0
15:26:16.779634 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.43808: Flags [F.], seq 64662, ack 593, win 55, options [nop,nop,TS val 35333840 ecr 3968066], length 0
15:26:16.779659 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [.], ack 64663, win 8272, options [nop,nop,TS val 3977290 ecr 35333840], length 0
15:26:27.087925 IP 10.33.65.152.29126 > 92-61-149-222.static.servage.net.http: Flags [F.], seq 2282141291, ack 2592639619, win 8272, options [nop,nop,TS val 3987670 ecr 35296279], length 0
15:26:27.519912 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [F.], seq 593, ack 64663, win 8272, options [nop,nop,TS val 3988105 ecr 35333840], length 0
15:26:28.162339 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [F.], seq 593, ack 64663, win 8272, options [nop,nop,TS val 3988752 ecr 35333840], length 0
15:26:29.247648 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [F.], seq 593, ack 64663, win 8272, options [nop,nop,TS val 3989845 ecr 35333840], length 0
15:26:31.223110 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [F.], seq 593, ack 64663, win 8272, options [nop,nop,TS val 3991834 ecr 35333840], length 0
15:26:34.966249 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [F.], seq 593, ack 64663, win 8272, options [nop,nop,TS val 3995603 ecr 35333840], length 0
15:26:42.253949 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [F.], seq 593, ack 64663, win 8272, options [nop,nop,TS val 4002940 ecr 35333840], length 0
15:26:52.400128 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [F.], seq 593, ack 64663, win 8272, options [nop,nop,TS val 4013157 ecr 35333840], length 0

[OK999]

не успешный трайс:
15:30:16.408458 IP 10.33.65.152.61016 > 217.69.133.22.http: Flags [F.], seq 4249252599, ack 2313357245, win 16882, length 0
15:30:16.891151 IP 10.33.65.152.10940 > ns1.gameline.tj.domain: 45313+ PTR? 22.133.69.217.in-addr.arpa. (44)
15:30:17.049225 IP ns1.gameline.tj.domain > 10.33.65.152.10940: 45313 NXDomain 0/1/0 (104)
15:30:17.049342 IP 10.33.65.152.39084 > ns1.gameline.tj.domain: 45314+ PTR? 152.65.33.10.in-addr.arpa. (43)
15:30:17.218184 IP ns1.gameline.tj.domain > 10.33.65.152.39084: 45314 NXDomain 0/1/0 (120)
15:30:18.212804 IP 10.33.65.152.53086 > ns1.gameline.tj.domain: 45315+ PTR? 2.48.75.109.in-addr.arpa. (42)
15:30:18.236544 IP ns1.gameline.tj.domain > 10.33.65.152.53086: 45315* 1/1/1 PTR[|domain]
15:30:24.574453 IP 10.33.65.152.51562 > 92-61-149-222.static.servage.net.http: Flags [S], seq 3330857884, win 16384, options [mss 1460,nop,nop,sackOK], length 0
15:30:24.744450 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.51562: Flags [S.], seq 392465901, ack 3330857885, win 5840, options [mss 1460,nop,nop,sackOK], length 0
15:30:24.745390 IP 10.33.65.152.51562 > 92-61-149-222.static.servage.net.http: Flags [.], ack 1, win 17520, length 0
15:30:24.745702 IP 10.33.65.152.51562 > 92-61-149-222.static.servage.net.http: Flags [P.], ack 1, win 17520, length 425
15:30:25.193117 IP 10.33.65.152.25902 > ns1.gameline.tj.domain: 45316+ PTR? 222.149.61.92.in-addr.arpa. (44)
15:30:25.229365 IP ns1.gameline.tj.domain > 10.33.65.152.25902: 45316 1/4/8 PTR[|domain]
15:30:26.467743 IP 10.33.65.152.61016 > 217.69.133.22.http: Flags [F.], seq 0, ack 1, win 16882, length 0
15:30:26.981350 IP 10.33.65.152.54550 > ns2.gameline.tj.domain: 29681+ A? r.mail.ru. (27)
15:30:27.181113 IP ns2.gameline.tj.domain > 10.33.65.152.54550: 29681 2/2/2 CNAME reklama.mail.ru., A[|domain]
15:30:27.182700 IP 10.33.65.152.56244 > f244-3.mail.ru.http: Flags [S], seq 884052156, win 16384, options [mss 1460,nop,nop,sackOK], length 0
15:30:27.216454 IP 10.33.65.152.59574 > ns1.gameline.tj.domain: 45317+ PTR? 2.49.75.109.in-addr.arpa. (42)
15:30:27.246017 IP ns1.gameline.tj.domain > 10.33.65.152.59574: 45317* 1/1/1 PTR[|domain]
15:30:27.246162 IP 10.33.65.152.40467 > ns1.gameline.tj.domain: 45318+ PTR? 158.179.100.94.in-addr.arpa. (45)
15:30:27.290842 IP f244-3.mail.ru.http > 10.33.65.152.56244: Flags [S.], seq 3285926055, ack 884052157, win 5840, options [mss 1460,nop,nop,sackOK], length 0
15:30:27.291561 IP 10.33.65.152.56244 > f244-3.mail.ru.http: Flags [.], ack 1, win 17520, length 0
15:30:27.291940 IP 10.33.65.152.56244 > f244-3.mail.ru.http: Flags [P.], ack 1, win 17520, length 517
15:30:27.370039 IP ns1.gameline.tj.domain > 10.33.65.152.40467: 45318 1/6/1 PTR[|domain]
15:30:27.407088 IP f244-3.mail.ru.http > 10.33.65.152.56244: Flags [.], ack 518, win 6432, length 0
15:30:27.407099 IP f244-3.mail.ru.http > 10.33.65.152.56244: Flags [P.], ack 518, win 6432, length 172
15:30:27.573202 IP 10.33.65.152.56244 > f244-3.mail.ru.http: Flags [.], ack 173, win 17348, length 0
15:30:27.673995 IP 10.33.65.152.51562 > 92-61-149-222.static.servage.net.http: Flags [P.], ack 1, win 17520, length 425
15:30:27.840574 IP 92-61-149-222.static.servage.net.http > 10.33.65.152.51562: Flags [.], ack 426, win 6432, options [nop,nop,sack 1 {1:426}], length 0
15:30:29.409562 IP f244-3.mail.ru.http > 10.33.65.152.56244: Flags [F.], seq 173, ack 518, win 6432, length 0
15:30:29.410205 IP 10.33.65.152.56244 > f244-3.mail.ru.http: Flags [.], ack 174, win 17348, length 0
15:30:41.286979 IP 10.33.65.152.29126 > 92-61-149-222.static.servage.net.http: Flags [R.], seq 2282141292, ack 2592639619, win 8272, options [nop,nop,TS val 4243674 ecr 35296279], length 0
15:30:46.385405 IP 10.33.65.152.61016 > 217.69.133.22.http: Flags [F.], seq 0, ack 1, win 16882, length 0
15:31:03.114023 IP 10.33.65.152.43808 > 92-61-149-222.static.servage.net.http: Flags [F.], seq 3184494963, ack 613563807, win 8272, options [nop,nop,TS val 4265658 ecr 35333840], length 0

[OK999]

ребята есть какие-либо конкретные предложения? Или опять пошлете в google и или еще куда-либо
Прошу помочь советом

[FreeBSP]

уважаемый, поднимите глаза к верху страницы и прочтите то, что написано в красном квадратике
по теме - у меня mpd5 работает на почти стандартных настройках

mpd.conf

Код: Выделить всё

 16 startup:
 18         set user admin password admin
 19         set user guest guest
 21         set console self 127.0.0.1 5005
 22         set console open
 24         set web self 0.0.0.0 5006
 25         set web open
 26
 30 default:
 31         load pptp_client
 32 common:
 34         set link enable multilink
 36         set link action bundle B
 38         set link disable chap pap
 39         set link accept chap pap
 41         set link max-redial 0
 42
 43 pptp_client:
 50         create bundle static B1
 52         set ipcp ranges 0.0.0.0/0 0.0.0.0/0
 53         set iface up-script /usr/local/etc/mpd5/pptp-up.sh
 54         set iface down-script /usr/local/etc/mpd5/pptp-down.sh
 55         set iface enable tcpmssfix
 56         create link static L1 pptp
 57         set link action bundle B1
 58         set auth authname ***
 59         set auth password ***
 60         set link max-redial 0
 61         set link mtu 1460
 62         set link keep-alive 10 750
 63         set pptp peer vpn.corbina.net
 64         set pptp disable windowing
 65         open
 66

pf.conf

Код: Выделить всё

cat /etc/pf.conf                                                                    [/root]root@freebsp.homeip.net
#       $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

ext_if="rl0"
int_if="ngeth0"
vpn_if="ng0"

## Основной комп
server="192.168.0.2"

## Порт uTorrent основного компа
ut_port="25893"

## Порт мула основного компа
em_port="4662"

ftp_port1=21
ftp_port2=20
ra_port=4899
vnc_port=5900

## Второй комп
server2="192.168.0.3"
## Порт uTorrent второго компа
ut_port2=23789

mcast_ll="224.0.0.0/24"
mcast_as="233.0.0.0/8"
mcast_ssm="239.255.255.0/24"

set optimization aggressive

## отбрасывать пакеты будем тихо, чтобы никто не догадался.. ))
set block-policy drop

# Не фильтруем пакеты на кольцевом интерфейсе
set skip on lo0

## нормализуем входящий трафик
scrub in all fragment reassemble

## нормализуем исходящий трафик
## max-mss необходим из-за низкого mtu на внешнем канале
scrub out all random-id max-mss 1460

nat on $ext_if proto { tcp udp icmp } from $int_if:network to any -> ($ext_if)
nat on $vpn_if proto { tcp udp icmp gre } from $int_if:network to any -> ($vpn_if)

#ряд правил для проброса портовснаружи на внутренние машины
rdr pass on $vpn_if proto { tcp udp } from any to any port XXX -> $server port XXX

pass quick on { $int_if $ext_if } proto { icmp udp } to { $mcast_ll $mcast_as $mcast_ssm } allow-opts modulate state

pass out

pptp-up.sh

Код: Выделить всё

#!/bin/sh

LocalGW="10.***.***.***" #`cat /tmp/Current_Local_GW`
Today=`date "+%Y-%m-%d"`
TimeNow=`date "+%H:%M:%S"`

route delete $4
route add $4 $LocalGW
route delete default
route add default $4

echo $4 > /tmp/vpn_GW
echo $Today $TimeNow -PPTP-Up- GW = $4 WAN-IP = $3 >> /var/log/vpn.log

pptp-down.sh

Код: Выделить всё

#!/bin/sh

LocalGW="10.***.***.***" #`cat /tmp/Current_Local_GW`

vpnGW=`cat /tmp/vpn_GW`
route delete $vpnGW
route delete default
route add default $LocalGW

Today=`date "+%Y-%m-%d"`
TimeNow=`date "+%H:%M:%S"`
echo $Today $TimeNow -PPTP-Down-  >> /var/log/vpn.log