Nachalo Vhod/Registratsiia Pomosht Originala na tazi stranica
Oblasti
 Novini
 Aktualna tema
 Linux portali
 Spravochnik
 FAQ
   •Kakvo e Linuks?
 Vuprosi-otgovori
 Forumi
   •Trudova borsa
   •Konkurs
 Statii
 Distributsii
   •Poruchka na CD
 Made In BG
 Failove
 Vruzki
 Galeriia
 Konferentsii
Nastroiki
 Vunshen vid
 Predlozheniia
 Napravi si sam
I oshte ...
 Za nas
 Linuks za bulgari EOOD
 Link kum nas
 Predlozheniia

Podkrepiano ot:
TelePoint - Miasto za hora sus svobodni idei

SiteGround

initLab

Adsys Group

SAP Bulgaria

Vuprosi otgovori
Vupros: NAT na FreeBSD
[Tursi: ]

VNIMANIE: Izpolzvaite forumite na saita za da zadadete vashite vuprosi.

Kum nachaloto |Dobavi vupros |Otgovori
 
Vupros
Ot: rMhax0r (rMhax0r__at__mail __tochka__ bg) Data: 07/05/2006
OS: FreeBSD 6.1
dva lan'a: rl0 i dc0
rl0 e 192.168.0.1/24
dc0 e 192.168.xxx.yyy/21
tun0 e 172.xxx.yyy.zzz/32 i idva ot pusnato pppoe na dc0
ttl=1 !!!!!
 Taka ... prekompiliram qdroto s IPSTEALTH i vsi4ko tam za
 ipfw, davam ip.stealth=1 v /etc/sysctl.conf, reboot'vam,
 puskam si net'a, sled tova natd -interface dc0, ipfw add
divert natd all from any to any via dc0

 Rezultata: net na bsd'to ima! ot pc, koeto ima adres
 192.168.0.2 i e vyrzano na rl0 i e s gateway 192.168.0.1
 vijda vsi4ki adresi na vsi4ki interfaces na bsd'to, vijda i
vsi4ki ot mrejata 192.168.xxx.yyy/21, no net na nego nqma!!!


Otgovor #1
Ot: TheGoodFather Data: 07/05/2006
 map ext_interface from 192.168.0.1 ! to 192.168.0.0/16 ->
172.x.y.z/32 portmap tcp/udp 10000:60000

map ext_interface 192.168.0.1 -> 172.x.y.z/32

I taka za vs edna mashina ..pravi se v /etc/ipnat.conf


Otgovor #2
Ot: slave Data: 07/05/2006
http://www.unilans.net/docs/fbsd-nat/

 Nqmash net ili imash ping kym daden domain, no ne mojesh da
 go zaredish v browsera? Ako e vtoroto problema nai-veroqtno
 e v MTU na paketite. Moga da ti dam primerna reazlizaciq na
firewall-a s PF. 
Ako si klient na Megalan opredeleno v tova e problema ;)


Otgovor #3
Ot: rMhax0r (rMhax0r (a) mail__dot__bg) Data: 07/05/2006
 Mislq,4e syvsem qsno sym napisal,4e vyob6te ne moga da
 izlqza po-natam ot localnata... I da Megalan mi e
 dostav4ika. A otnosno link'a koito dava6 sym go 4el tova i
 ne dava rezultat! A da ne govorim,4e "ipfw add 1000 divert
 natd ip from home_mreja to not home_mreja" blokira
interface'a i dori v lokalnata ne moga da izlqza!!!


Otgovor #4
Ot: slave Data: 07/05/2006
kernel:
 device pf
 device pflog
 device pfsync

/etc/rc.conf:
 gateway_enable="YES"

/etc/sysctl.conf:
 net.inet.ip.stealth=1

/etc/pf.conf:
 # xl0 is lan interface
 int_if = "xl0"
 #ng0 is pppoe interface
 ext_if = "ng0"
 
 set loginterface $ext_if
 scrub in all
 scrub out all no-df max-mss 1440
 nat on $ext_if from $int_if:network to any -> ($ext_if)
 
 table <lan> persist file "/net/lan"
 table <netusers> persist file "/net/netusers"

 block in quick on $int_if from <lan> to any
 pass in quick on $int_if from <netusers> to any

/net/lan:
 192.168.0.0/24
 !192.168.0.2/32

/net/netusers:
 192.168.0.2/32

#pfctl -f /etc/pf.conf

http://openbsd.org/faq/pf/

 Kato pppoe client ti preporychvam mpd, sam slaga routinga i
avtomatichno reconnectva kato zagubi vryzkata.


Otgovor #5
Ot: rMhax0r (rMhax0r __@__ mail __tochka__ bg) Data: 07/06/2006
 NAT'a trygna!!! Pusnah ipnat i dobavih "map rl0 moita_mreja
 -> ip_ot_pppoe" i vis4ko trygna kakto trqbva! 10x i na
dvamata za pomo6ta :)))


<< Qmail (4 ) | Firewall (5 ) >>

 
© 2011-... Asotsiatsiia "Linuks za bulgari"
© 2007-2010 Linuks za bulgari EOOD
© 1999-2006 Slavej Karadjov
Ako iskate da prepechatate ili tsitirate informatsiia ot tozi sait prochetete purvo tova
Vunshniia vid e napraven ot MOMCHE
Code Version: 1.0.8 H (Revision: 23-09-2011)
 
Изпълнението отне: 0 wallclock secs ( 0.08 usr + 0.00 sys = 0.08 CPU)