Abills FreeBSD 9.0 ng_car mpd5

Вопросы и пожелания
Ответить
Hellion
Сообщения: 11
Зарегистрирован: Пт июл 30, 2010 4:47 am

Abills FreeBSD 9.0 ng_car mpd5

Сообщение Hellion »

Ядро

Код: Выделить всё

options         IPFIREWALL
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         DUMMYNET

options         NETGRAPH
options         NETGRAPH_PPPOE
options            NETGRAPH_PPP
options         NETGRAPH_ETHER
options         NETGRAPH_PPTPGRE
options         IPFILTER
options         IPFILTER_LOG
options         IPDIVERT

ipfw

Код: Выделить всё

xz# ipfw show
00010    40   70906 allow tcp from 127.0.0.1 to 127.0.0.1 dst-port 25
00011     0       0 allow tcp from any to 91.202.144.2 dst-port 25
00012     0       0 allow tcp from 91.202.144.2 to any dst-port 25
00013 13126 4465476 allow tcp from me 22 to any
00013 15193 1364705 allow tcp from any to me dst-port 22
00015     8     384 reset log tcp from any to any dst-port 25
00100   168   26454 allow ip from any to any via lo0
00200     0       0 deny ip from any to 127.0.0.0/8
00300     0       0 deny ip from 127.0.0.0/8 to any
09970     0       0 skipto 10130 ip from table(14) to table(3) in recv ng*
09970     0       0 skipto 10130 ip from table(14) to table(3) in recv ng*
09970     0       0 skipto 10130 ip from table(14) to table(3) in recv ng*
09970     0       0 skipto 10130 ip from table(14) to table(3) in recv ng*
09975     0       0 skipto 10135 ip from table(3) to table(15) out xmit ng*
09975     0       0 skipto 10135 ip from table(3) to table(15) out xmit ng*
09975     0       0 skipto 10135 ip from table(3) to table(15) out xmit ng*
09975     0       0 skipto 10135 ip from table(3) to table(15) out xmit ng*
09980  2614 1749289 skipto 10120 ip from table(12) to table(2) in recv ng*
09980     0       0 skipto 10120 ip from table(12) to table(2) in recv ng*
09980     0       0 skipto 10120 ip from table(12) to table(2) in recv ng*
09980     0       0 skipto 10120 ip from table(12) to table(2) in recv ng*
09985  1263 1756859 skipto 10125 ip from table(2) to table(13) out xmit ng*
09985     0       0 skipto 10125 ip from table(2) to table(13) out xmit ng*
09985     0       0 skipto 10125 ip from table(2) to table(13) out xmit ng*
09985     0       0 skipto 10125 ip from table(2) to table(13) out xmit ng*
10000  4393  392781 netgraph tablearg ip from table(10) to any in recv ng*
10010   597  425355 netgraph tablearg ip from any to table(11) out xmit ng*
10015   131   17478 allow ip from any to any via ng*
10020     0       0 allow ip from table(9) to any in recv ng*
10020     0       0 allow ip from table(9) to any in recv ng*
10020     0       0 allow ip from table(9) to any in recv ng*
10020     0       0 allow ip from table(9) to any in recv ng*
10025     0       0 allow ip from any to table(9) out xmit ng*
10025     0       0 allow ip from any to table(9) out xmit ng*
10025     0       0 allow ip from any to table(9) out xmit ng*
10025     0       0 allow ip from any to table(9) out xmit ng*
10030     0       0 allow ip from any to any via ng*
10120  2605 1748857 netgraph tablearg ip from table(12) to any in recv ng*
10125  1263 1756859 netgraph tablearg ip from any to table(13) out xmit ng*
10130     0       0 netgraph tablearg ip from table(14) to any in recv ng*
10135     0       0 netgraph tablearg ip from any to table(15) out xmit ng*
10220     0       0 allow ip from table(9) to table(2) in recv ng*
10220     0       0 allow ip from table(9) to table(2) in recv ng*
10220     0       0 allow ip from table(9) to table(2) in recv ng*
10220     0       0 allow ip from table(9) to table(2) in recv ng*
10225     0       0 allow ip from table(2) to table(9) out xmit ng*
10225     0       0 allow ip from table(2) to table(9) out xmit ng*
10225     0       0 allow ip from table(2) to table(9) out xmit ng*
10225     0       0 allow ip from table(2) to table(9) out xmit ng*
10230     0       0 allow ip from table(9) to table(3) in recv ng*
10230     0       0 allow ip from table(9) to table(3) in recv ng*
10230     0       0 allow ip from table(9) to table(3) in recv ng*
10230     0       0 allow ip from table(9) to table(3) in recv ng*
10235     0       0 allow ip from table(3) to table(9) out xmit ng*
10235     0       0 allow ip from table(3) to table(9) out xmit ng*
10235     0       0 allow ip from table(3) to table(9) out xmit ng*
10235     0       0 allow ip from table(3) to table(9) out xmit ng*
50000     2      99 skipto 65010 ip from 192.168.0.1 to any
50000     0       0 skipto 65010 ip from any to 192.168.0.1
64010  1047 2810894 allow tcp from me 9443 to any
64011  1504  126959 allow tcp from any to me dst-port 9443
65000   116    8240 allow tcp from me 1723 to any
65001   137    9416 allow tcp from any to me dst-port 1723
65002     0       0 allow udp from me 53 to any
65003     0       0 allow udp from any to me dst-port 53
65012  4740  307172 reset log tcp from any to any
65013 37353 4167655 deny log udp from any to any
65535 19620 8738378 allow ip from any to any
Соединение по впн есть, айпи клиента в таблицы 10,11,12,13 пападает, подсети из класа трафика в таблицу 2 попадаю тоже.

Код: Выделить всё

xz# ngctl list | grep test
  Name: class0_test     Type: car             ID: 0000009e   Num hooks: 2
  Name: class1_test     Type: car             ID: 000000a0   Num hooks: 2

Код: Выделить всё

xz# /usr/abills/libexec/billd checkspeed NAS_IDS=1 SHOW_SPEED=1
test:
  1  IN: 500000 OUT: 500000
  0  IN: 200000 OUT: 200000
пинг на интернет идет, а сайты не открывает. подозреваю что проблема с ipfw, так как когда вверху пишу разрешающее правило инет нормально ходит,но где не могу понять. Сервер натит инет через ipnat.
Кто что может подсказать для решения данной проблемы?

Ответить