ipfw+natd+pppoe
Добавлено: 2010-06-11 14:20:48
Доброго времени суток. Настраиваю прокси с такой связкой + squid, возникли проблемы с поднятием pppoe подключения,а именно: автоматически подключение не поднимаеться, только вручную, и соответственно приходиться вручную рестартовать natd, но этож не дело...
конфиги :
rc.conf
ppp.conf
rc.9
в логах по поводу pppoe ничего нет..((
конфиги :
rc.conf
Код: Выделить всё
defaultrouter="192.168.20.1"
hostname="proxy.lesk.local"
ifconfig_bge0="inet 192.168.20.14 netmask 255.255.255.0"
ifconfig_bge1="inet 195.34.xxx.xxx netmask 255.25.255.252"
ifconfig_bge1="Up"
keymap="ru.koi8-r"
sshd_enable="YES"
gateway_enable="YES"
winbindd_enable="YES"
winbindd_flags="-d 9"
#samba_enable="YES"
#firewall_enable="YES"
#firewall_script="/etc/rc.9"
#firewall_type="open"
ppp_enable="YES"
ppp_profile="ISP"
ppp_mode="ddial"
#ppp_program="/usr/sbin/ppp"
ppp_profile="ISP"
#ppp_user="root"
natd_enable="YES"
natd_interface="tun0"
natd_flags="-dynamic -f /etc/natd.conf"
squid_enable="YES"
firewall_eneble="YES"
firewall_script="/etc/rc.9"
ppp.conf
Код: Выделить всё
default:
set log Phase tun command
# ident user-ppp VERSION (built COMPILATIONDATE)
# Ensure that "device" references the correct serial port
# for your modem. (cuad0 = COM1, cuad1 = COM2)
#
# set device /dev/cuad1
# set speed 115200
# set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
# \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
# set timeout 180 # 3 minute idle timer (the default)
# enable dns # request DNS info (for resolv.conf)
#papchap:
#
# edit the next three lines and replace the items in caps with
# the values which have been assigned by your ISP.
#
# set phone PHONE_NUM
# set authname USERNAME
# set authkey PASSWORD
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
add default HISADDR # Add a (sticky) default route
ISP:
set device PPPoE:bge1
set authname ххххх
set authkey ххххх
set dial
set login
# enable dns
add default HISADDR
#NAT:
# nat enable yes
# nat port tcp 192.168.32.5:25 25
# nat log yes
# nat same_ports yes
# nat unregisted_only yes
# enable dns
Код: Выделить всё
FwCMD="/sbin/ipfw"
LanOut="tun0"
LanIn="bge0"
IpOut="ххх.ххх.ххх.ххх"
IpIn="192.168.20.14"
NetMask="24"
NetIn="192.168.20.0"
${FwCMD} -f flush
${FwCMD} add check-state
${FwCMD} add allow ip from any to any via lo0
${FwCMD} add deny ip from any to 127.0.0.0/8
${FwCMD} add deny ip from 127.0.0.0/8 to any
${FwCMD} add deny ip from any to 10.0.0.0/8 in via ${LanOut}
${FwCMD} add deny ip from any to 172.16.0.0/12 in via ${LanOut}
${FwCMD} add deny ip from any to 192.168.0.0/16 in via ${LanOut}
${FwCMD} add deny ip from any to 0.0.0.0/8 in via ${LanOut}
${FwCMD} add deny ip from any to 169.254.0.0/16 in via ${LanOut}
${FwCMD} add deny ip from any to 240.0.0.0/4 in via ${LanOut}
${FwCMD} add deny icmp from any to any frag
#${FwCMD} add fwd 127.0.0.1,3128 tcp from ${NetIn}/${NetMask} to any 80 via ${LanOut}
${FwCMD} add divert natd ip from ${NetIn}/${NetMask} to any out via ${LanOut}
${FwCMD} add divert natd ip from any to ${IpOut} in via ${LanOut}
${FwCMD} add deny ip from 10.0.0.0/8 to any out via ${LanOut}
${FwCMD} add deny ip from 172.16.0.0/12 to any out via ${LanOut}
${FwCMD} add deny ip from 192.168.0.0/16 to any out via ${LanOut}
${FwCMD} add deny ip from 0.0.0.0/8 to any out via ${LanOut}
${FwCMD} add deny ip from 169.254.0.0/16 to any out via ${LanOut}
${FwCMD} add deny ip from 224.0.0.0/4 to any out via ${LanOut}
${FwCMD} add deny ip from 240.0.0.0/4 to any out via ${LanOut}
${FwCMD} add allow tcp from any to any established
${FwCMD} add allow ip from ${IpOut} to any out xmit ${LanOut}
${FwCMD} add allow udp from any 53 to any via ${LanOut}
${FwCMD} add allow icmp from any to any icmptypes 0,8,11
${FwCMD} add allow tcp from any to any via ${LanIn}
${FwCMD} add allow udp from any to any via ${LanIn}
${FwCMD} add allow icmp from any to any via ${LanIn}
${FwCMD} add deny ip from any to any