Проблемы с установкой, настройкой и работой системных и сетевых программ.
Модераторы: GRooVE, alexco
Правила форума
Убедительная просьба юзать теги [code] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
-
vaskocuturilo
- мл. сержант
- Сообщения: 147
- Зарегистрирован: 2009-09-21 9:06:43
- Откуда: Архангельск
-
Контактная информация:
Непрочитанное сообщение
vaskocuturilo » 2010-08-25 12:00:33
Всем привет ...
Возникла следующая проблема обновился с 6.2 до 7.0. На данный момент проблема, все сервисы поднялись все пашети но в нет не пускает ...сетевушки все актив пинг в локальную сеть идет а вот на модем нет.
вот мой конф
Код: Выделить всё
cpu I686_CPU
ident PROXY7
options SCHED_4BSD # 4BSD scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
#options INET6 # IPv6 communications protocols
#options SCTP # Stream Control Transmission Protocol
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
options MD_ROOT # MD is a potential root device
#options NFSCLIENT # Network Filesystem Client
#options NFSSERVER # Network Filesystem Server
#options NFS_ROOT # NFS usable as /, requires NFSCLIENT
options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
#options GEOM_PART_GPT # GUID Partition Tables.
#options GEOM_LABEL # Provides labelization
options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options COMPAT_FREEBSD6 # Compatible with FreeBSD6
#options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
#options KTRACE # ktrace(1) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options ADAPTIVE_GIANT # Giant mutex is adaptive.
options STOP_NMI # Stop CPUS using NMI instead of IPI
options AUDIT # Security event auditing
# Custom settings block
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPFIREWALL_FORWARD
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options DUMMYNET
#device apic # I/O APIC
# Bus support. Do not remove isa, even if you have no isa slots
device isa
device pci
# Floppy drives
device fdc
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
#device ataraid # ATA RAID drives
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
#device atapist # ATAPI tape drives
options ATA_STATIC_ID # Static device numbering
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device vga # VGA video card driver
device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
device agp # support several AGP chipsets
# Floating point support - do not disable.
device npx
# Power management support (see NOTES for more options)
#device apm
# Add suspend/resume support for the i8254.
device pmtimer
# PCCARD (PCMCIA) support
# PCMCIA and cardbus bridge support
#device cbb # cardbus (yenta) bridge
#device pccard # PC Card (16-bit) bus
#device cardbus # CardBus (32-bit) bus
# Serial (COM) ports
device sio # 8250, 16[45]50 based serial ports
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
#device bfe # Broadcom BCM440x 10/100 Ethernet
#device bge # Broadcom BCM570xx Gigabit Ethernet
#device dc # DEC/Intel 21143 and various workalikes
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
#device lge # Level 1 LXT1001 gigabit ethernet
#device nge # NatSemi DP83820 gigabit ethernet
#device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc')
device re # RealTek 8139C+/8169/8169S/8110S
device rl # RealTek 8129/8139
#device sf # Adaptec AIC-6915 (``Starfire'')
#device sis # Silicon Integrated Systems SiS 900/SiS 7016
#device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet
#device ste # Sundance ST201 (D-Link DFE-550TX)
#device ti # Alteon Networks Tigon I/II gigabit Ethernet
#device tl # Texas Instruments ThunderLAN
#device tx # SMC EtherPower II (83c170 ``EPIC'')
#device vge # VIA VT612x gigabit ethernet
#device vr # VIA Rhine, Rhine II
#device wb # Winbond W89C840F
#device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
# Pseudo devices.
device loop # Network loopback
device mem # Memory and kernel memory devices
device io # I/O device
device random # Entropy device
device ether # Ethernet support
#device sl # Kernel SLIP
device ppp # Kernel PPP
device tun # Packet tunnel.
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
# USB support
#device uhci # UHCI PCI->USB interface
#device ohci # OHCI PCI->USB interface
#device ehci # EHCI PCI->USB interface (USB 2.0)
#device usb # USB Bus (required)
#device udbp # USB Double Bulk Pipe devices
#device ugen # Generic
#device uhid # "Human Interface Devices"
#device ukbd # Keyboard
#device ulpt # Printer
#device umass # Disks/Mass storage - Requires scbus and da
#device ums # Mouse
#device urio # Diamond Rio 500 MP3 player
#device uscanner # Scanners
В логах вообще никаких ошибок нет .... просто не помуй в чем дело ....
vaskocuturilo
-
Хостинг HostFood.ru
-
Хостинг HostFood.ru
Тарифы на хостинг в России, от 12 рублей:
https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.:
https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах:
https://www.host-food.ru/domains/
-
hizel
- дядя поня
- Сообщения: 9032
- Зарегистрирован: 2007-06-29 10:05:02
- Откуда: Выборг
Непрочитанное сообщение
hizel » 2010-08-25 12:03:28
о сетевых настройках и фаерволе нам самостоятельно догадаться?
после обновления мира, приложения обновлялись?
почему 7.0? текущий релиз 7.3
В дурацкие игры он не играет. Он просто жуткий, чу-чу, паровозик, и зовут его Блейн. Блейн --- это Боль.
hizel
-
vaskocuturilo
- мл. сержант
- Сообщения: 147
- Зарегистрирован: 2009-09-21 9:06:43
- Откуда: Архангельск
-
Контактная информация:
Непрочитанное сообщение
vaskocuturilo » 2010-08-25 12:13:35
это ifconfig
Код: Выделить всё
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:17:31:7d:e4:ad
inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
inet 192.168.100.254 netmask 0xffffff00 broadcast 192.168.100.255
inet 10.38.10.254 netmask 0xffffff00 broadcast 10.38.10.255
inet 192.168.200.254 netmask 0xffffff00 broadcast 192.168.200.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:50:22:8b:8e:51
inet XXXXXXXXXXXXXXXXX netmask 0xfffffff8 broadcast XXXXXXXXXXXXXXXXXXXXX
inet XXXXXXXXXXXXXXXXX netmask 0xfffffff8 broadcast XXXXXXXXXXXXXXXXXXXXXXXX
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1300
options=8<VLAN_MTU>
ether 00:80:48:2d:e9:95
inet XXXXXXXXXXXXXXXXXXXXX netmask 0xffffff00 broadcast XXXXXXXXXXXXXXXXX
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet 127.0.0.1 netmask 0xff000000
ПРавила Фаервола
Код: Выделить всё
##### LOOPBACK #####
${cmd} 100 pass all from any to any via lo0
${cmd} 200 deny all from any to 127.0.0.0/8
${cmd} 300 deny ip from 127.0.0.0/8 to any
##### BRUTEBLOCK #####
${cmd} 350 deny ip from me to table\(1\)
${cmd} 355 deny ip from table\(1\) to me
##### STOP PRIVATE NETWORKS #####
#${cmd} 400 deny ip from 192.168.0.0/16 to any in via rl1
${cmd} 410 deny ip from 172.16.0.0/12 to any in via rl1
${cmd} 420 deny ip from 10.0.0.0/8 to any in via rl1
##### DIVERT CPN TRAFFIC ON NATD #####
${cmd} 500 divert 8669 all from 192.168.0.0/24 to 10.0.0.0/8 out via rl2
${cmd} 505 divert 8669 all from 10.0.0.0/8 to 10.18.163.254 in via rl2
##### DIVERT ALL TRAFFIC ON NATD #####
${cmd} 510 divert 8668 all from ${allow_ip0} to any out via rl1
${cmd} 511 divert 8668 all from ${allow_ip1} to any out via rl1
${cmd} 512 divert 8668 all from ${allow_ip11} to any out via rl1
${cmd} 513 divert 8668 all from ${allow_ip2} to any out via rl1
${cmd} 514 divert 8668 all from ${allow_ip3} to any out via rl1
${cmd} 515 divert 8668 all from ${allow_ip4} to any out via rl1
${cmd} 516 divert 8668 all from ${allow_ip5} to any out via rl1
${cmd} 517 divert 8668 all from ${allow_ip6} to any out via rl1
${cmd} 518 divert 8668 all from ${allow_ip7} to ${aisa} out via rl1
${cmd} 519 divert 8668 all from ${allow_ip8} to any out via rl1
${cmd} 520 divert 8668 all from ${allow_ip9} to any out via rl1
${cmd} 524 divert 8668 all from ${allow_ip10} to ${aisa} out via rl1
${cmd} 521 divert 8668 all from ${allow_adm1} to any out via rl1
${cmd} 522 divert 8668 all from ${allow_adm2} to any out via rl1
${cmd} 523 divert 8668 all from ${allow_adm3} to any out via rl1
${cmd} 524 divert 8668 all from ${allow_adm4} to any out via rl1
${cmd} 525 divert 8668 all from ${allow_adm5} to any out via rl1
${cmd} 526 divert 8668 all from ${sokia} to any out via rl1
${cmd} 527 divert 8668 all from ${terminal} to any out via rl1
${cmd} 528 divert 8668 all from ${terminal_mdm} to any out via rl1
${cmd} 529 divert 8668 all from ${net_vsk} to ${server_vsk} out via rl1
#${cmd} 529 divert 8668 all from mac-type 00030F04797F to ${server_vsk} out via rl1
${cmd} 530 divert 8668 all from any to ${ext_ip} in via rl1
${cmd} 531 divert 8668 all from ${terminal_1} to any out via rl1
${cmd} 532 divert 8668 all from ${terminal_2} to any out via rl1
##### ALLOW ICMP #####
#${cmd} 620 pass ICMP from any to ${ext_ip} icmptypes 0,3,4,11,12
#${cmd} 621 pass ICMP from ${ext_ip} to any icmptypes 3,8,12
${cmd} 620 pass ICMP from any to ${ext_ip}
${cmd} 621 pass ICMP from ${ext_ip} to any
##### Admin #####
${cmd} 622 allow all from any to ${allow_adm1}
${cmd} 623 allow all from ${allow_adm1} to any
${cmd} 624 allow all from any to ${allow_adm2}
${cmd} 625 allow all from ${allow_adm2} to any
${cmd} 626 allow all from any to ${allow_adm3}
${cmd} 627 allow all from ${allow_adm3} to any
${cmd} 651 allow all from any to ${allow_adm4}
${cmd} 652 allow all from ${allow_adm4} to any
${cmd} 628 allow all from any to ${allow_ip2}
${cmd} 629 allow all from ${allow_ip2} to any
${cmd} 630 allow all from any to ${allow_ip3}
${cmd} 631 allow all from ${allow_ip3} to any
${cmd} 632 allow all from any to ${allow_ip4}
${cmd} 633 allow all from ${allow_ip4} to any
##### ALLOW ALL FOR LOCAL INTERFACE #####
${cmd} 634 allow all from any to any via rl0
${cmd} 635 allow all from any to any via rl2
##### ALLOW GRE PACKETS #####
${cmd} 636 allow gre from any to any
# SSH
#${cmd} 636 pass tcp from any to any 22
#${cmd} 637 pass tcp from any 22 to any
${cmd} 637 pass tcp from any to ${ssh_ip} 22 via rl0
${cmd} 638 pass tcp from ${ssh_ip} 22 to any via rl0
${cmd} 639 pass tcp from ${ext_admin} to ${ext_ip} 22 via rl1
${cmd} 640 pass tcp from ${ext_ip} 22 to ${ext_admin} via rl1
${cmd} 641 deny log tcp from any to any 22
${cmd} 642 deny log tcp from any 22 to any
##### MAIL SERVICES (SMTP,POP) #####
${cmd} 643 pass tcp from any to ${ext_ip} 25 via rl0
${cmd} 644 pass tcp from ${ext_ip} 25 to any via rl0
${cmd} 645 pass tcp from any to ${ext_ip} 110 via rl0
${cmd} 646 pass tcp from ${ext_ip} 110 to any via rl0
${cmd} 647 pass tcp from any to ${ext_ip} 25 via rl1
${cmd} 648 pass tcp from ${ext_ip} 25 to any via rl1
#${cmd} 649 pass tcp from any to ${ext_ip} 110 via rl1
#${cmd} 650 pass tcp from ${ext_ip} 110 to any via rl1
##### INTERNET SERVICES (HTTP,HTTPS) #####
${cmd} 660 pass tcp from any to me 3128 via rl0
${cmd} 661 pass tcp from me 3128 to any via rl0
${cmd} 664 pass tcp from ${ext_ip} to any 80 via rl1
${cmd} 665 pass tcp from any 80 to ${ext_ip} via rl1
${cmd} 666 pass tcp from ${ext_ip} to any 443 via rl1
${cmd} 667 pass tcp from any 443 to ${ext_ip} via rl1
##### ICQ SERVICES #####
${cmd} 670 pass tcp from any to any 5190 via rl0
${cmd} 671 pass tcp from any 5190 to any via rl0
${cmd} 672 pass tcp from ${ext_ip} to any 5190 via rl1
${cmd} 673 pass tcp from any 5190 to ${ext_ip} via rl1
##### UDP SERVICES (DNS,NNTP) #####
${cmd} 680 pass udp from any to ${ext_ip} 53 via rl0
${cmd} 681 pass udp from ${ext_ip} 53 to any via rl0
${cmd} 682 pass udp from any to ${ext_ip} 119 via rl0
${cmd} 683 pass udp from ${ext_ip} 119 to any via rl0
${cmd} 684 pass udp from ${ext_ip} to any 53 via rl1
${cmd} 685 pass udp from any 53 to ${ext_ip} via rl1
${cmd} 686 pass udp from ${ext_ip} to any 119 via rl1
${cmd} 687 pass udp from any 119 to ${ext_ip} via rl1
${cmd} 697 pass tcp from ${ext_ip} to any 8080 via rl1
${cmd} 698 pass tcp from any 8080 to ${ext_ip} via rl1
##### FTP SERVICES #####
${cmd} 700 pass tcp from ${ext_ip} 21 to any via rl0
${cmd} 705 pass tcp from any to ${ext_ip} 21 via rl0
${cmd} 710 pass tcp from ${ext_ip} 20 to any via rl0
${cmd} 715 pass tcp from any to ${ext_ip} 20 via rl0
##### CARD TERMINAL #####
${cmd} 730 pass all from any to any 670
${cmd} 735 pass all from any 670 to any
${cmd} 740 pass all from any to any 668
${cmd} 745 pass all from any 668 to any
##### www.sokia.ru #####
${cmd} 750 pass tcp from me to any 9080
${cmd} 755 pass tcp from any 9080 to me
${cmd} 760 pass tcp from me to any 9876
${cmd} 765 pass tcp from any 9876 to me
${cmd} 770 pass tcp from me to any 9877
${cmd} 775 pass tcp from any 9877 to me
##### webmoney #####
${cmd} 777 pass tcp from any to any 2802
${cmd} 778 pass tcp from any 2802 to any
##### VPN #####
${cmd} 780 pass all from any to any 1723
${cmd} 785 pass all from any 1723 to any
${cmd} 790 pass all from 192.168.20.0/24 to 192.168.0.0/24
${cmd} 795 pass all from 192.168.0.0/24 to 192.168.20.0/24
##### CVSUP #####
${cmd} 810 pass all from any 5999 to ${ext_ip} in via rl1
${cmd} 815 pass all from ${ext_ip} to any 5999 out via rl1
${cmd} 1001 pass all from any to any 4661
${cmd} 1002 pass all from any 4661 to any
${cmd} 1003 pass all from any to any 4662
${cmd} 1004 pass all from any 4662 to any
${cmd} 1005 pass all from any to any 4671
${cmd} 1006 pass all from any 4671 to any
${cmd} 1007 pass all from any to any 1125
${cmd} 1008 pass all from any 1125 to any
${cmd} 2000 allow all from any to ${allow_ip11}
${cmd} 2001 allow all from ${allow_ip11} to any
${cmd} 50001 deny all from ${ext_ip} 110,143,3306 to any via rl1
${cmd} 50002 deny all from any to ${ext_ip} 110,143,3306 via rl1
#${cmd} 65000 deny log all from any to any
После обновления мира софт не обновлялся
vaskocuturilo
-
hizel
- дядя поня
- Сообщения: 9032
- Зарегистрирован: 2007-06-29 10:05:02
- Откуда: Выборг
Непрочитанное сообщение
hizel » 2010-08-25 12:26:38
ну tcpdump в зубы и на танки, а приложения все надо пересобрать
В дурацкие игры он не играет. Он просто жуткий, чу-чу, паровозик, и зовут его Блейн. Блейн --- это Боль.
hizel
-
vaskocuturilo
- мл. сержант
- Сообщения: 147
- Зарегистрирован: 2009-09-21 9:06:43
- Откуда: Архангельск
-
Контактная информация:
Непрочитанное сообщение
vaskocuturilo » 2010-08-25 13:47:08
Думаю, tcpdump не сильно поможет, поскольку интерфейс, смотрящий в локальную сеть работает как часы.
vaskocuturilo
-
Гость
- проходил мимо
Непрочитанное сообщение
Гость » 2010-08-25 13:56:38
1) перегрузите модем
2) переключите сетевку смотрящую в модем на 10 халфдуплекс
3) смените сетевушку goto 1)
Гость
-
vaskocuturilo
- мл. сержант
- Сообщения: 147
- Зарегистрирован: 2009-09-21 9:06:43
- Откуда: Архангельск
-
Контактная информация:
Непрочитанное сообщение
vaskocuturilo » 2010-08-27 6:43:35
Обновился до версии 7.3 по ядру ...Мир выскочил с ошибкой. НО как ни странно почти все заработало, но после некоторых манипуляций, а именно
Код: Выделить всё
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:50:22:8b:8e:51
inet ПЕрвичный IP - 1 netmask 0xfffffff8 broadcast XXXXXXXXXXXXXXXXXXXXX
inet Алиас - 2 netmask 0xfffffff8 broadcast XXXXXXXXXXXXXXXXXXXXXXXX
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
После того как я поменял местами Первичный IP c Алиасом внастройках карточки
и прописал в натсройка фаервола алиас внешним IP заработало всё. Но если сменить все обратно, то ничего не работает ...Что такое ???? Почему так ???
vaskocuturilo
-
hizel
- дядя поня
- Сообщения: 9032
- Зарегистрирован: 2007-06-29 10:05:02
- Откуда: Выборг
Непрочитанное сообщение
hizel » 2010-08-27 8:14:32
ip в одной сети?
В дурацкие игры он не играет. Он просто жуткий, чу-чу, паровозик, и зовут его Блейн. Блейн --- это Боль.
hizel
-
hizel
- дядя поня
- Сообщения: 9032
- Зарегистрирован: 2007-06-29 10:05:02
- Откуда: Выборг
Непрочитанное сообщение
hizel » 2010-08-27 9:11:58
тогда alias-у обычно впендюривают /32 маску
В дурацкие игры он не играет. Он просто жуткий, чу-чу, паровозик, и зовут его Блейн. Блейн --- это Боль.
hizel
