Mы поставили циску 7201, которая стала натом. Но у нас встала новая проблема
Мы сделали наши роутеры бриджами и режем на них трафик к и раньше, чтобы не менять билинговую систему
если у пользователя по каким-то причинам отрубается инет, то пользователь раньше проходил по правилу FWD на REDIR, который редирил на страницу с описанием того, почему его отрубили
Но на бриджах не проходит fwd:
Код: Выделить всё
galaxer# dmesg
Copyright (c) 1992-2008 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.0-RELEASE #0: Tue Oct 7 14:55:05 MSD 2008
galaxer# ipfw show
00100 35452 5113152 fwd 127.0.0.1,3128 log logamount 100 tcp from any to any dst-port 80
00200 254927 93289554 allow ip from any to any
65535 19 815 deny ip from any to any
galaxer# tail -n 20 -f /var/log/security
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:56789 217.16.16.153:80 in via rl2
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:56789 217.16.16.153:80 out via bridge0
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:56789 217.16.16.153:80 out via rl0
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:56789 217.16.16.153:80 in via rl2
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:56789 217.16.16.153:80 in via rl2
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:56789 217.16.16.153:80 out via bridge0
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:56789 217.16.16.153:80 out via rl0
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:56789 217.16.16.153:80 in via rl2
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:56789 217.16.16.153:80 in via rl2
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:56789 217.16.16.153:80 out via bridge0
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:56789 217.16.16.153:80 out via rl0
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:37630 194.67.27.125:80 in via rl2
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:37630 194.67.27.125:80 in via rl2
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:37630 194.67.27.125:80 out via bridge0
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:37630 194.67.27.125:80 out via rl0
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:37630 194.67.27.125:80 in via rl2
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:37630 194.67.27.125:80 in via rl2
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:37630 194.67.27.125:80 out via bridge0
Oct 8 00:46:39 galaxer kernel: ipfw: 100 Forward to 127.0.0.1:3128 TCP 192.168.5.55:37630 194.67.27.125:80 out via rl0
Oct 8 00:46:39 galaxer kernel: ipfw: limit 100 reached on entry 100
galaxer# tail -n 20 -f /var/log/messages
Oct 8 00:39:26 galaxer kernel: atkbd0: [ITHREAD]
Oct 8 00:39:26 galaxer kernel: ppc0: parallel port not found.
Oct 8 00:39:26 galaxer kernel: sc0: <System console> at flags 0x100 on isa0
Oct 8 00:39:26 galaxer kernel: sc0: VGA <16 virtual consoles, flags=0x300>
Oct 8 00:39:26 galaxer kernel: vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Oct 8 00:39:26 galaxer kernel: Timecounter "TSC" frequency 532641182 Hz quality 800
Oct 8 00:39:26 galaxer kernel: Timecounters tick every 1.000 msec
Oct 8 00:39:26 galaxer kernel: ipfw2 (+ipv6) initialized, divert enabled, rule-based forwarding enabled, default to deny, logging limited to 100 packets/entry by default
Oct 8 00:39:26 galaxer kernel: hptrr: no controller detected.
Oct 8 00:39:26 galaxer kernel: ad2: 976MB <TOSHIBA THNCF1G02QG 3.00> at ata1-master PIO4
Oct 8 00:39:26 galaxer kernel: Trying to mount root from ufs:/dev/ad2s1a
Oct 8 00:39:26 galaxer kernel: WARNING: / was not properly dismounted
Oct 8 00:39:26 galaxer kernel: bridge0: Ethernet address: d2:28:6f:7e:ca:0e
Oct 8 00:39:27 galaxer root: /etc/rc: WARNING: Dump device does not exist. Savecore not run.
Oct 8 00:43:45 galaxer su: galaxer to root on /dev/ttyp0
Oct 8 00:44:14 galaxer sshd[839]: fatal: Write failed: Permission denied
Oct 8 00:44:23 galaxer su: BAD SU galaxer to root on /dev/ttyp0
Oct 8 00:44:27 galaxer su: galaxer to root on /dev/ttyp0
Oct 8 00:46:30 galaxer kernel: rl2: link state changed to UP
Oct 8 00:46:39 galaxer kernel: ipfw: limit 100 reached on entry 100
galaxer# ps -aux |grep redir
root 665 0.0 1.0 3132 1080 con- I 12:39AM 0:00.04 /usr/local/bin/redir --lport=3128 --cport=80 --laddr=127.0.0.1 --caddr=192.168.2.2 --syslog
galaxer# /usr/local/bin/redir --lport=3128 --cport=80 --laddr=127.0.0.1 --caddr=192.168.2.2 --syslog --debug
target is 192.168.2.2
target IP address is 192.168.2.2
target port is 80
listening on 127.0.0.1
top of accept loop
galaxer# tcpdump -i lo0 -vvvln
tcpdump: listening on lo0, link-type NULL (BSD loopback), capture size 96 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
galaxer# sockstat |grep redir
root redir 1000 3 tcp4 127.0.0.1:3128 *:*
galaxer# sysctl -a | grep bridge
net.link.bridge.ipfw: 0
net.link.bridge.log_stp: 0
net.link.bridge.pfil_local_phys: 0
net.link.bridge.pfil_member: 1
net.link.bridge.pfil_bridge: 1
net.link.bridge.ipfw_arp: 0
net.link.bridge.pfil_onlyip: 1
dev.pcib.0.%desc: ACPI Host-PCI bridge
dev.pcib.1.%desc: PCI-PCI bridge
dev.hostb.0.%desc: Host to PCI bridge
dev.agp.0.%desc: VIA 8601 (Apollo ProMedia/PLE133Ta) host to PCI bridge
dev.isab.0.%desc: PCI-ISA bridge
galaxer# cat /etc/rc.conf |grep ifconfig
ifconfig_bridge0="addm rl0 addm rl1 addm rl2 up"
ifconfig_rl0="up"
ifconfig_rl1="up"
ifconfig_rl2="up"
ifconfig_rl0="inet 192.168.5.25 netmask 255.255.255.0"
galaxer# sysctl -a | grep forward
kern.smp.forward_roundrobin_enabled: 1
kern.smp.forward_signal_enabled: 1
net.inet.ip.forwarding: 1
net.inet.ip.fastforwarding: 0
net.inet6.ip6.forwarding: 0
