2 интерфейса, внутрений (за которым 2 виндозаные машины) и внешний (beeline), подключение к инету по РРТР.
ifconfig
Код: Выделить всё
stge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
ether 00:1d:60:5c:c1:3f
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
media: Ethernet autoselect (100baseTX <full-duplex,flag0,flag1>)
status: active
nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
ether 00:14:85:32:e0:e1
inet xx.xx.xx.xx netmask 0xffffff00 broadcast 10.71.54.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
pfsync0: flags=0<> metric 0 mtu 1460
syncpeer: 224.0.0.240 maxupd: 128
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1460
inet xx.xx.xx.xx --> xx.xx.xx.xx netmask 0xffffffff
Код: Выделить всё
ext_if="nfe0"
int_if="stge0"
vpn_if="ng0"
set optimization aggressive
scrub in all no-df fragment reassemble
scrub out all random-id max-mss 1400
nat on $vpn_if from $int_if:network to any -> ($vpn_if)
rdr-anchor miniupnpd
anchor miniupnpd
pass in all keep state
pass out all keep state
Код: Выделить всё
# WAN network interface
ext_ifname=ng0
# if the WAN interface has several IP addresses, you
# can specify the one to use below
#ext_ip=
# there can be multiple listening ips for receiving SSDP traffic.
# the 1st IP is also used for UPnP Soap traffic.
#listening_ip= 192.168.0.61
listening_ip=192.168.0.0/24
# port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
port=0
# path to the unix socket used to communicate with MiniSSDPd
# If running, MiniSSDPd will manage M-SEARCH answering.
# default is /var/run/minissdpd.sock
#minissdpdsocket=/var/run/minissdpd.sock
# enable NAT-PMP support (default is no)
enable_natpmp=yes
# enable UPNP support (default is yes)
enable_upnp=yes
# lease file location
#lease_file=/var/log/upnp.leases
# bitrates reported by daemon in bits per second
bitrate_up=131072
bitrate_down=524288
# "secure" mode : when enabled, UPnP client are allowed to add mappings only
# to their IP. (default is yes)
secure_mode=yes
# default presentation url is http address on port 80
#presentation_url=
# report system uptime instead of daemon uptime
system_uptime=yes
# unused rules cleaning.
# never remove any rule before this threshold for the number
# of redirections is exceeded. default to 20
#clean_ruleset_threshold=10
# clean process work interval in seconds. default to 0 (disabled).
# a 600 seconds (10 minutes) interval makes sense
clean_ruleset_interval=600
# notify interval in seconds default is 30 seconds.
#notify_interval=240
# log packets in pf
#packet_log=no
# ALTQ queue in pf
# filter rules must be used for this to be used.
# compile with PF_ENABLE_FILTER_RULES (see config.h file)
#queue=queue_name1
# uuid : generated by the install a new one can be created with
# uuidgen
uuid=a5894442-b82d-11de-97af-001d605cc13f
# UPnP permission rules
# (allow|deny) (external port range) ip/mask (internal port range)
# A port range is <min port>-<max port> or <port> if there is only
# one port in the range.
# ip/mask format must be nn.nn.nn.nn/nn
allow 1024-65535 192.168.0.0/24 1024-65535
#allow 1024-65535 10.0.2.0/24 1024-65535
deny 0-65535 0.0.0.0/0 0-65535
Код: Выделить всё
miniupnpd[1181]: Unable to open pidfile for writing /var/run/miniupnpd.pid: File exists
miniupnpd[1181]: HTTP listening on port 49516
miniupnpd[1181]: setsockopt(udp, IP_ADD_MEMBERSHIP): Can't assign requested address
miniupnpd[1181]: Failed to add multicast membership for address 192.168.0.0
miniupnpd[1181]: setsockopt(udp_notify, IP_MULTICAST_IF): Can't assign requested address
miniupnpd[1181]: Failed to open sockets for sending SSDP notify messages. EXITING