упс.....с работы копирну.paradox писал(а):гдеmore /usr/local/etc/mpd4/io-up.sh
more /usr/local/etc/mpd4/io-down.sh
в том то и дело я от него и запускаюdenisikoid писал(а):rinetd
Запусти от рута.
упс.....с работы копирну.paradox писал(а):гдеmore /usr/local/etc/mpd4/io-up.sh
more /usr/local/etc/mpd4/io-down.sh
в том то и дело я от него и запускаюdenisikoid писал(а):rinetd
Запусти от рута.
schizoid писал(а):шо? еще не победили? мдя...
Эээ.. А при чём тут 192.168.2.2? Он же 192.168.2.1...SteelS писал(а):ну я то настроил.......lissyara писал(а):ну так настрой ))Код: Выделить всё
[16:53] |stealth| >more /usr/local/etc/rinetd.conf 192.168.2.2 8080 192.168.2.1 8080 [16:53] |stealth| >rinetd [16:53] |stealth| >rinetd: couldn't bind to address 192.168.2.2 port 8080
Код: Выделить всё
more /usr/local/etc/rinetd.conf
192.168.2.1 8080 192.168.2.2 8080
Код: Выделить всё
ipfw add 1 allow ip from any to any
Можно пример? СпасибоMorty, 2008-09-03 в 22:30:33
FreeBSD7 и kernel_nat,все решаемо одним конфигом ipfw ,
без запуска доп демонов , в том числе natd.
Код: Выделить всё
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options IPFIREWALL_FORWARD
options DUMMYNET
options IPFIREWALL_NAT
options LIBALIAS
Код: Выделить всё
rinetd: couldn't bind to address 87.233.xxx.x4 port 7000
rinetd: couldn't bind to address 87.233.xxx.x4 port 222
Код: Выделить всё
87.251.xxx.xx5 7000 192.168.13.7 7000
87.251.xxx.xx5 222 192.168.13.7 22
87.233.xxx.x4 7000 192.168.13.7 7000
87.233.xxx.x4 222 192.168.13.7 22
Код: Выделить всё
-redirect_port proto targetIP:targetPORT[-targetPORT]
[aliasIP:]aliasPORT[-aliasPORT]
[remoteIP[:remotePORT[-remotePORT]]]
Код: Выделить всё
-redirect_port tcp 192.168.0.2:6667 6667
-redirect_port tcp 192.168.0.3:80 80
Код: Выделить всё
#!/bin/sh
fwcmd="/sbin/ipfw"
${fwcmd} -f flush
${fwcmd} -f pipe flush
${fwcmd} -f queue flush
${fwcmd} add 1031 allow udp from any 27015-27025 to 192.168.1.0/24 in via ste0
${fwcmd} add 1032 allow udp from any 27015-27025 to 192.168.1.0/24 out via alc0
${fwcmd} add 1033 allow udp from 192.168.1.0 to any 27015-27025 in via alc0
${fwcmd} add 1034 allow udp from *.*.*.* to any 27015-27025 out via ste0
${fwcmd} add 1040 allow ip from any to any via ste0
${fwcmd} add 1020 allow tcp from any to any ssh
${fwcmd} add 1030 allow tcp from any ssh to any
${fwcmd} add 1050 deny ip from any to 192.168.0.0/16 in recv alc0
${fwcmd} add 1060 deny ip from 192.168.0.0/16 to any in recv alc0
${fwcmd} add 1070 deny ip from any to 172.16.0.0/12 in recv alc0
${fwcmd} add 1080 deny ip from 172.16.0.0/12 to any in recv alc0
${fwcmd} add 1090 deny ip from any to 10.0.0.0/8 in recv alc0
${fwcmd} add 10100 deny ip from 10.0.0.0/8 to any in recv alc0
${fwcmd} add 10110 deny ip from any to 169.254.0.0/16 in recv alc0
${fwcmd} add 10120 deny ip from 169.254.0.0/16 to any in recv alc0
${fwcmd} pipe 1 config bw 15Mbit/s queue 60 gred 0.002/10/30/0.1
${fwcmd} queue 1 config pipe 1 mask src-ip 0xffffffff queue 60 gred 0.002/10/30/0.1
${fwcmd} pipe 2 config bw 100Mbit/s queue 60 gred 0.002/10/30/0.1
${fwcmd} queue 2 config pipe 2 mask dst-ip 0xffffffff queue 60 gred 0.002/10/30/0.1
${fwcmd} nat 1 config log if alc0 reset same_ports redirect_port udp *.*.*.*:27015 27015 redirect_port udp *.*.*.*:27005 27005
${fwcmd} add 10130 skipto 10160 ip from 192.168.1.221 to any
${fwcmd} add 10140 skipto 10160 ip from any to 192.168.1.221
${fwcmd} add 10131 skipto 10160 ip from 192.168.1.222 to any
${fwcmd} add 10141 skipto 10160 ip from any to 192.168.1.222
${fwcmd} add 10150 queue 1 ip from any to any out xmit alc0
${fwcmd} add 10160 nat 1 ip from any to any via alc0
${fwcmd} add 10161 allow ip from 192.168.1.221 to any
${fwcmd} add 10162 allow ip from any to 192.168.1.221
${fwcmd} add 10163 allow ip from 192.168.1.222 to any
${fwcmd} add 10164 allow ip from any to 192.168.1.222
${fwcmd} add 10170 queue 2 ip from any to any in recv alc0
${fwcmd} add 10180 allow all from any to any
${fwcmd} add 10230 allow all from any to any
# ${fwcmd} add 65534 deny all from any to any