FreeBSD 6.2-STABLE #0: Tue Feb 6 21:17:40 EET 2007Ядро собрано с максимум опций, в том числе с Netgraph, vlan, ipfirewall и ipdivert.
re0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.251.1 netmask 0xffffff00 broadcast 192.168.251.255
inet 10.90.90.85 netmask 0xffffff00 broadcast 10.90.90.255
ether 00:15:e9:f0:e9:3a
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet 195.xxx.xxx.100 netmask 0xffffff00 broadcast 195.xxx.xxx.255
ether 00:13:8f:c3:82:23
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
pflog0: flags=0<> mtu 33208
pfsync0: flags=0<> mtu 2020
syncpeer: 224.0.0.240 maxupd: 128
lo0: flags=8149<UP,LOOPBACK,RUNNING,PROMISC,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
vlan0: flags=8002<BROADCAST,MULTICAST> mtu 1500
ether 00:00:00:00:00:00
vlan: 0 parent interface: <none>
vlan1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet 172.16.0.100 netmask 0xffffff00 broadcast 172.16.0.255
inet 172.16.1.100 netmask 0xffffff00 broadcast 172.16.1.255
inet 172.16.4.100 netmask 0xffffff00 broadcast 172.16.4.255
inet 172.16.15.100 netmask 0xffffff00 broadcast 172.16.15.255
inet 172.16.24.100 netmask 0xffffff00 broadcast 172.16.24.255
inet 172.16.26.100 netmask 0xffffff00 broadcast 172.16.26.255
inet 172.16.27.100 netmask 0xffffff00 broadcast 172.16.27.255
inet 172.16.56.100 netmask 0xffffff00 broadcast 172.16.56.255
inet 172.16.75.100 netmask 0xffffff00 broadcast 172.16.75.255
inet 172.16.92.100 netmask 0xffffff00 broadcast 172.16.92.255
inet 172.16.96.100 netmask 0xffffff00 broadcast 172.16.96.255
ether 00:15:e9:f0:e9:3a
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 355 parent interface: re0
vlan2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet 172.17.0.100 netmask 0xffffff00 broadcast 172.17.0.255
inet 172.17.1.100 netmask 0xffffff00 broadcast 172.17.1.255
ether 00:15:e9:f0:e9:3a
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 354 parent interface: re0
vlan3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
inet 10.10.10.100 netmask 0xffffff00 broadcast 10.10.10.255
ether 00:15:e9:f0:e9:3a
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 1000 parent interface: re0
vlan4: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:15:e9:f0:e9:3a
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 1001 parent interface: re0/sbin/natd -f /etc/natd.conf -p 8668 -n rl0
>>cat /etc/natd.conf
log yes
same_ports yes
use_sockets yes
unregistered_only yes
dynamic yes>>ipfw show
01000 8259 507538 allow icmp from any to any
01000 0 0 allow icmp from any to any via re0
01000 0 0 allow icmp from any to any via rl0
01500 0 0 allow ip from any to any via gif0
01510 0 0 allow ip from any to any via gif1
05000 72237 8330919 divert 8668 ip from 192.168.0.0/24 to not table(2) out via rl0
05000 300 23170 divert 8668 ip from 172.16.1.0/24 to not table(2) out via rl0
05000 0 0 divert 8668 ip from 172.16.15.0/24 to not table(2) out via rl0
05000 0 0 divert 8668 ip from 10.10.10.0/24 to not table(2) out via rl0
05020 93664 86978717 divert 8668 ip from not table(2) to 195.ххх.ххх.100 in via rl0
05100 0 0 allow icmp from any to any>>ipfw table 2 list
10.10.10.0/24 0
172.16.1.0/24 0
172.16.15.0/24 0
172.17.1.0/24 0
192.168.0.0/24 0
Надо чтоб натились все сети из таблицы 2, а не только 192.16.0.0/24.
Что-то, мне кажется, что проблема в NAT'e.
>FreeBSD 6.2-STABLE #0: Tue Feb 6 21:17:40 EET 2007
>
>Ядро собрано с максимум опций, в том числе с Netgraph, vlan, ipfirewall
>и ipdivert.
>
>re0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
> inet 192.168.251.1 netmask 0xffffff00
>broadcast 192.168.251.255
> inet 10.90.90.85 netmask 0xffffff00
>broadcast 10.90.90.255
> ether 00:15:e9:f0:e9:3a
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
>rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> options=8<VLAN_MTU>
> inet 195.xxx.xxx.100 netmask 0xffffff00
>broadcast 195.xxx.xxx.255
> ether 00:13:8f:c3:82:23
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
>plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
>pflog0: flags=0<> mtu 33208
>pfsync0: flags=0<> mtu 2020
> syncpeer: 224.0.0.240 maxupd: 128
>
>lo0: flags=8149<UP,LOOPBACK,RUNNING,PROMISC,MULTICAST> mtu 16384
> inet6 fe80::1%lo0 prefixlen 64
>scopeid 0x6
> inet6 ::1 prefixlen 128
>
> inet 127.0.0.1 netmask 0xff000000
>
>vlan0: flags=8002<BROADCAST,MULTICAST> mtu 1500
> ether 00:00:00:00:00:00
> vlan: 0 parent interface: <none>
>vlan1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> inet 172.16.0.100 netmask 0xffffff00
>broadcast 172.16.0.255
> inet 172.16.1.100 netmask 0xffffff00
>broadcast 172.16.1.255
> inet 172.16.4.100 netmask 0xffffff00
>broadcast 172.16.4.255
> inet 172.16.15.100 netmask 0xffffff00
>broadcast 172.16.15.255
> inet 172.16.24.100 netmask 0xffffff00
>broadcast 172.16.24.255
> inet 172.16.26.100 netmask 0xffffff00
>broadcast 172.16.26.255
> inet 172.16.27.100 netmask 0xffffff00
>broadcast 172.16.27.255
> inet 172.16.56.100 netmask 0xffffff00
>broadcast 172.16.56.255
> inet 172.16.75.100 netmask 0xffffff00
>broadcast 172.16.75.255
> inet 172.16.92.100 netmask 0xffffff00
>broadcast 172.16.92.255
> inet 172.16.96.100 netmask 0xffffff00
>broadcast 172.16.96.255
> ether 00:15:e9:f0:e9:3a
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> vlan: 355 parent interface:
>re0
>vlan2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> inet 172.17.0.100 netmask 0xffffff00
>broadcast 172.17.0.255
> inet 172.17.1.100 netmask 0xffffff00
>broadcast 172.17.1.255
> ether 00:15:e9:f0:e9:3a
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> vlan: 354 parent interface:
>re0
>vlan3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> inet 10.10.10.1 netmask 0xffffff00
>broadcast 10.10.10.255
> inet 10.10.10.100 netmask 0xffffff00
>broadcast 10.10.10.255
> ether 00:15:e9:f0:e9:3a
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> vlan: 1000 parent interface:
>re0
>vlan4: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> inet 192.168.0.1 netmask 0xffffff00
>broadcast 192.168.0.255
> inet 192.168.0.100 netmask 0xffffff00
>broadcast 192.168.0.255
> ether 00:15:e9:f0:e9:3a
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> vlan: 1001 parent interface:
>re0
>
>/sbin/natd -f /etc/natd.conf -p 8668 -n rl0
>>>cat /etc/natd.conf
>log yes
>same_ports yes
>use_sockets yes
>unregistered_only yes
>dynamic yes
>
>>>ipfw show
>01000 8259 507538 allow icmp from any
>to any
>01000 0
> 0 allow icmp from any to any via
>re0
>01000 0
> 0 allow icmp from any to any via
>rl0
>01500 0
> 0 allow ip from any to any via
>gif0
>01510 0
> 0 allow ip from any to any via
>gif1
>05000 72237 8330919 divert 8668 ip from 192.168.0.0/24 to
>not table(2) out via rl0
>05000 300 23170 divert 8668
>ip from 172.16.1.0/24 to not table(2) out via rl0
>05000 0
> 0 divert 8668 ip from 172.16.15.0/24 to not
>table(2) out via rl0
>05000 0
> 0 divert 8668 ip from 10.10.10.0/24 to not
>table(2) out via rl0
>05020 93664 86978717 divert 8668 ip from not table(2) to
>195.ххх.ххх.100 in via rl0
>05100 0
> 0 allow icmp from any to any
>
>>>ipfw table 2 list
>10.10.10.0/24 0
>172.16.1.0/24 0
>172.16.15.0/24 0
>172.17.1.0/24 0
>192.168.0.0/24 0
>
>
>Надо чтоб натились все сети из таблицы 2, а не только 192.16.0.0/24.
>
>Что-то, мне кажется, что проблема в NAT'e.ipfw add divert 8668 ip from table2 to any
ipfw add divert 8668 ip from any to 195.ххх.ххх.100
что тут труднава? :)
>>Надо чтоб натились все сети из таблицы 2, а не только 192.16.0.0/24.
>>
>>Что-то, мне кажется, что проблема в NAT'e.
>
>ipfw add divert 8668 ip from table2 to any
>ipfw add divert 8668 ip from any to 195.ххх.ххх.100
>что тут труднава? :)Дык не указан интерфейс и поэтому будут натится даже пакеты из серых в серые сети.
Пока поменяю сетевуху DGE-528T из-за многочисленных жалоб на форуме БЛинка.
>Дык не указан интерфейс и поэтому будут натится даже пакеты из серых
>в серые сети.
>Пока поменяю сетевуху DGE-528T из-за многочисленных жалоб на форуме БЛинка.Вопрос закрыт.
Смена сетевой карты на безродный Реалтек 10/100 помогло.