помогите разобраться с natd
Добавлено: 2010-05-03 14:37:06
Здраствуйте уважаемые специалисты! Подскажите пожалуйста решение по такой трабле, стоит сервак на FreeBSD 7.1 в качестве шлюза, на нем ipfw+squid, есть локальная сеть из которой через squid люди спокойно выходят в инет, но из той же локалки не могу получить почту с внешнего сервера nic.mail.ru, поднял natd для редиректа портов и в ipfw прописал адрес внешнего почтового сервера, но почта так и не идет. Вот выводы ipfw show:
rc.conf
на внешней сетевухе прописал статику и поднимаю интернет посредством mpd, провайдер присваивает динамические адреса, не пойму куда копать уже вторую неделю, и пересобирал уже ядро с полностью открытым IPFIREWALL и разрешающие правила ставил на него, и все равно не могу допинаться до внешнего почтового сервера, подскажите пожалуйста куда можно копать, и где можно посмотреть почему спотыкается именно на сервере, с него в обе стороны пинги идут нормально, заранее спасибо!)))
Код: Выделить всё
00001 0 0 pipe 1 ip from me 3128 to 192.168.1.50
00002 0 0 pipe 2 ip from me 3128 to 192.168.1.24
00003 0 0 pipe 3 ip from me 3128 to 192.168.1.14
00004 0 0 pipe 2 ip from me 3128 to 192.168.1.8
00005 0 0 divert 8668 ip from any to any out via rl1
00010 0 0 check-state
00011 0 0 allow ip from any to any via lo0
00012 0 0 allow ip from 192.168.10.0/30 to 192.168.10.0/30 via rl1
00013 1 60 allow icmp from any to any via rl0
00020 0 0 deny icmp from any to any in icmptypes 5,9,13,14,15,16,17
00030 0 0 reject ip from 192.168.1.0/24 to any in via rl1
00031 0 0 allow tcp from any to any dst-port 25 via rl1
00032 0 0 allow tcp from any to any dst-port 110 via rl1
00033 0 0 allow ip from 192.168.1.100 to 87.251.172.195
00034 0 0 allow ip from 87.251.172.195 to 192.168.1.100
00035 0 0 allow ip from me to 87.251.172.195
00036 0 0 allow ip from 87.251.172.195 to me
00037 0 0 allow ip from 192.168.1.7 to 195.234.170.216
00038 0 0 allow ip from 195.234.170.216 to 192.168.1.7
00039 0 0 allow ip from me to 195.234.170.216
00040 0 0 allow ip from 195.234.170.216 to me
00041 0 0 allow ip from 192.168.1.7 to 213.242.225.194
00042 0 0 allow ip from 213.242.225.194 to 192.168.1.7
00043 0 0 allow ip from me to 213.242.225.194
00044 0 0 allow ip from 213.242.225.194 to me
00045 0 0 allow ip from 192.168.1.7 to 79.172.8.190
00046 0 0 allow ip from 79.172.8.190 to 192.168.1.7
00047 0 0 allow ip from me to 79.172.8.190
00048 0 0 allow ip from 79.172.8.190 to me
00049 0 0 allow ip from 192.168.1.7 to 213.242.254.161
00050 0 0 allow ip from 213.242.254.161 to 192.168.1.7
00051 0 0 allow ip from me to 213.242.254.161
00052 0 0 allow ip from 213.242.254.161 to me
00053 0 0 allow ip from 192.168.1.7 to 194.186.175.148
00054 0 0 allow ip from 194.186.175.148 to 192.168.1.7
00055 0 0 allow ip from me to 194.186.175.148
00056 0 0 allow ip from 194.186.175.148 to me
00057 0 0 allow tcp from 192.168.1.0/24 to me dst-port 25,110 via rl0
00058 0 0 allow tcp from me 25,110 to 192.168.1.0/24 via rl0
00059 0 0 allow ip from me to 194.85.88.226
00060 0 0 allow ip from 194.85.88.226 to me
00061 0 0 allow ip from 192.168.1.2 to 194.85.88.226
00062 0 0 allow ip from 194.85.88.226 to 192.168.1.2
00063 0 0 allow ip from 192.168.1.3 to 194.85.88.226
00064 0 0 allow ip from 194.85.88.226 to 192.168.1.3
00065 0 0 allow ip from 192.168.1.5 to 194.85.88.226
00066 0 0 allow ip from 194.85.88.226 to 192.168.1.5
00067 0 0 allow ip from 192.168.1.13 to 194.85.88.226
00068 0 0 allow ip from 194.85.88.226 to 192.168.1.13
00069 0 0 allow ip from 192.168.1.14 to 194.85.88.226
00070 0 0 allow ip from 194.85.88.226 to 192.168.1.14
00071 0 0 allow ip from 192.168.1.21 to 194.85.88.226
00072 0 0 allow ip from 194.85.88.226 to 192.168.1.21
00073 0 0 allow ip from 192.168.1.22 to 194.85.88.226
00074 0 0 allow ip from 194.85.88.226 to 192.168.1.22
00075 0 0 allow ip from 192.168.1.23 to 194.85.88.226
00076 0 0 allow ip from 194.85.88.226 to 192.168.1.23
00077 0 0 allow ip from 192.168.1.26 to 194.85.88.226
00078 0 0 allow ip from 194.85.88.226 to 192.168.1.26
00079 0 0 allow ip from 192.168.1.28 to 194.85.88.226
00080 0 0 allow ip from 194.85.88.226 to 192.168.1.28
00081 0 0 allow ip from 192.168.1.31 to 194.85.88.226
00082 0 0 allow ip from 194.85.88.226 to 192.168.1.31
00083 3 156 allow ip from 192.168.1.100 to 194.85.88.226
00084 0 0 allow ip from 194.85.88.226 to 192.168.1.100
00184 0 0 allow udp from me to 195.161.15.19 keep-state
00284 0 0 allow udp from me to 212.120.160.130 keep-state
00384 375 118845 allow tcp from 192.168.1.0/24 to me dst-port 3128 via rl0
00484 537 410462 allow tcp from me 3128 to 192.168.1.0/24 via rl0
00584 0 0 allow ip from me to 194.85.88.226 dst-port 25,110 keep-state
00684 0 0 allow ip from me to 194.85.88.226 dst-port 110 keep-state
00784 0 0 allow ip from me to 194.85.88.226 dst-port 25 keep-state
00884 0 0 allow tcp from me 25,110 to 192.168.1.2
00984 0 0 allow tcp from 192.168.1.2 to me dst-port 25,110
01084 0 0 allow tcp from me 25,110 to 192.168.1.3
01184 0 0 allow tcp from 192.168.1.3 to me dst-port 25,110
01284 0 0 allow tcp from me 25,110 to 192.168.1.5
01384 0 0 allow tcp from 192.168.1.5 to me dst-port 25,110
01484 0 0 allow tcp from me 25,110 to 192.168.1.13
01584 0 0 allow tcp from 192.168.1.13 to me dst-port 25,110
01684 0 0 allow tcp from me 25,110 to 192.168.1.14
01784 0 0 allow tcp from 192.168.1.14 to me dst-port 25,110
01884 0 0 allow tcp from me 25,110 to 192.168.1.21
01984 0 0 allow tcp from 192.168.1.21 to me dst-port 25,110
02084 0 0 allow tcp from me 25,110 to 192.168.1.22
02184 0 0 allow tcp from 192.168.1.22 to me dst-port 25,110
02284 0 0 allow tcp from me 25,110 to 192.168.1.23
02384 0 0 allow tcp from 192.168.1.23 to me dst-port 25,110
02484 0 0 allow tcp from me 25,110 to 192.168.1.26
02584 0 0 allow tcp from 192.168.1.26 to me dst-port 25,110
02684 0 0 allow tcp from me 25,110 to 192.168.1.28
02784 0 0 allow tcp from 192.168.1.28 to me dst-port 25,110
02884 0 0 allow tcp from me 25,110 to 192.168.1.31
02984 0 0 allow tcp from 192.168.1.31 to me dst-port 25,110
03084 0 0 allow tcp from me 25,110 to 192.168.1.100
03184 0 0 allow tcp from 192.168.1.100 to me dst-port 25,110
03284 50 4847 allow ip from 192.168.1.100 to me
03384 44 7292 allow ip from me to 192.168.1.100
03484 896 534654 allow ip from me to any keep-state
65535 3409 192085 deny ip from any to anyКод: Выделить всё
font8x14="cp866-8x14"
font8x16="cp866b-8x16"
font8x8="cp866-8x8"
defaultrouter="rl1"
gateway_enable="YES"
natd_enable="YES"
natd_flags=" -f /etc/natd.conf"
natd_program="/sbin/natd"
inetd_enable="YES"
keymap="ru.koi8-r"
keyrate="fast"
mousechar_start="3"
scrnmap="koi8-r2cp866"
sshd_enable="YES"
ifconfig_rl0="inet 192.168.1.150 netmask 255.255.255.0" #внутрь
ifconfig_rl1="inet ХХХ.ХХХ.ХХХ.ХХХ netmask 255.255.255.0" #наружу
allscreens_flags="100x80"
firewall_enable="YES"
##firewall_type="OPEN"
firewall_script="/etc/ipfw.conf"
named_enable="YES"
#ppp_enable="YES"
#ppp_mode="ddial"
#ppp_profile="webstream"
#mysql_enable="YES"
mpd_enable="YES"
squid_enable="YES"
icmp_drop_redirect="YES"
icmp_log_redirect="YES"
