Страница 1 из 1

network,rc,pf,nat...

Добавлено: 2008-06-24 15:44:54
ufs
privet, rebyatamsorry za latinicy (ne nastraival poka RUSsian)... est` 2 mashini(FreeBSD i melkosoftXP), nyjno dat` internet s FreeBSD na XP. Freebsd pitaetsya inetom po PPP(PPPoE), v XP nastroen shlyuz i vse takoe, t.e. ping mejdy mashinami idet! a vot inet net idet )) ne vdyplil man :-( rl0=tun0=internet(vneshniy interface),vr0=set` mejdy mashinami. 192.168.0.1=freebsd 192.168.0.2=philka (XP)
pf.conf:

Код: Выделить всё

ext_if="tun0" 
extif1="tun0"
extif2="tun1"
extif3="tun2"
int_if="vr0"
int_net="192.168.0.0/3"
TCP="proto tcp"
UDP="proto udp"
UTP="proto { tcp, udp }"
UIP="proto { udp, icmp }"
KSF="keep state"
MSF="modulate state"
SSA="flags S/SA"
ports_games="{ 22, 23, 3724, 5190, 6667 }"
# hosts must be in DNS !!!
philka= "192.168.0.2"
table <gods> persist { \
philka \
}
table <users> persist { \
philka \
}
set block-polic
set state-policy if-boundy return
set state-policy if-bound
scrub in all random-id #no-df
scrub on tun reassemble tcp
altq on $int_if bandwidth 100Mb qlimit 150 cbq queue { \
int_dflt, int_ack, int_games, int_gods, int_clients }
queue int_dflt bandwidth 100Mb priority 4 cbq(default borrow)
queue int_ack bandwidth 512Kb priority 5 cbq(ecn)
queue int_games bandwidth 384Kb priority 6 cbq(ecn)
queue int_gods bandwidth 3800Kb priority 3 cbq(ecn red borrow)nat on $ext_if from <gods> to ! $int_net -> ($ext_if) port 30000:49999
nat on $ext_if from <clients> to ! $int_net -> ($ext_if) port 50000:60000
nat on $ext_if from $int_net to ! $int_net -> ($ext_if)
rdr pass on $ext_if proto tcp from any to any port 60003 -> 192.168.0.3rdr pass on $ext_if proto tcp from any to any port 60003 -> 192.168.0.3
pass on lo all $KSF label Loopback
pass on $int_if to $int_if $KSF label LAN queue (int_clients, int_ack)
pass in on $int_if from <gods> to ! $int_net $KSF \
label Gods-In tag gods queue (int_gods, int_ack)
pass in on $int_if $UTP from <users> to ! $int_net port $ports_games $KSF \
label Games-In tag games queue (int_games)
pass out on tun $KSF \
label Clients-Out tagged clients queue (int_clients, int_ack)
pass out on tun $KSF \
label Gods-Out tagged gods queue (int_gods, int_ack)
pass out on tun $KSF \
label Games tagged games queue (int_games)
pass out on tun all i
block in on $int_if from ! <users> label Outlaw
rc.conf:

Код: Выделить всё

ifconfig_vr0="inet 192.168.0.1 netmask 255.255.255.0"
gateway_enable="YES"
natd_enable="YES"
natd_interface="vr0"
natd_flags=""
default_gateway="192.168.0.1"
routing_enable="YES"

Re: network,rc,pf,nat...

Добавлено: 2008-06-24 20:51:49
hizel
для начала сразу бросается в глаза
зачем natd если в pf nat встороенный

и конфиг у pf зело большой, там достаточно пары строк , чтобы просто пустить в интернет(занатить)
а вас там шейпиг и порт мапинг :\

может начать с простого и действовать по нарастающей?

Re: network,rc,pf,nat...

Добавлено: 2008-06-25 3:23:50
ufs guest
dryjishe,esli mojesh,pomogi pojalyista, yje vse glaza izmozolil i prokyril vse legkie man`ami :sorry:
vsex sprashivayu,vse otpravlyaut,ya prosto novi4ok v etom dele,tak 4to sil`no ne pinai :-D a pf.conf etot s rabo4ego servera+redaktirovanniy i yrezanniy mnoyu... ewe problemka odna povisla. ran`she pisal: ping philka i pingovalas` mashina s XP kotoraya, a sei4as on pingyet philka.sytes.net (a sytes.net eto noip,host 4yjoi v obshem),popravil resolv.conf vot tak:

Код: Выделить всё

philka 192.168.0.2
philka. 192.168.0.2
domain chikovani.sytes.net
search local.chikovani.sytes.net
nameserver 82.199.96.143
nameserver 195.128.64.3