netdiablo
Newbie | Редактировать | Профиль | Сообщение | ICQ | Цитировать | Сообщить модератору Доброго времени суток! Есть проблема, решил поменять на роутерах фрю на 8.2. Вроде и NAT побыстрее и прочее. NAT запустил, но не могу разобраться с пробросом портов с изменением номера порта Код: /etc/rc.conf hostname="router" font8x14="cp866-8x14" font8x16="cp866b-8x16" font8x8="cp866-8x8" mousechar_start="3" #___configure_interfaces____ ifconfig_em0="inet 192.168.253.1 netmask 255.255.255.0" ifconfig_em1="inet 192.168.254.99 netmask 255.255.255.0" defaultrouter="192.168.254.1" #___conigure_services_______ gateway_enable="YES" sshd_enable="YES" squid_enable="YES" named_enable="YES" dhcpd_enable="YES" dhcpd_ifaces="em0" dhcpd_conf="/usr/local/etc/dhcpd.conf" firewall_enable="YES" firewall_script="/etc/firewall" firewall_nat_enable="YES" firewall_nat_interface="em1" dummynet_enable="YES" | опции в ядре Код: options IPFIREWALL options IPFIREWALL_NAT options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100 options IPFIREWALL_FORWARD options IPFIREWALL_DEFAULT_TO_ACCEPT options DUMMYNET options IPSEC options IPSEC_FILTERTUNNEL options LIBALIAS device crypto | /etc/sysctl.conf Код: net.inet.ip.fw.one_pass=1 | /etc/firewall Код: #!/bin/sh ipfw -f flush LanOut="em1" LanIn="em0" IpOut="192.168.254.99" IpIn="192.168.253.1" dns1="192.168.253.1" NetMask="24" NetIn="192.168.253.0" #Хождение через loopbask ipfw add 10 allow all from any to any via lo0 ipfw add 20 fwd 127.0.0.1,3128 tcp from 192.168.253.0/24 to any dst-port 80 via $LanIn #------------------------------------------ ipfw nat 1 config if $LanOut log reset same_ports redirect_port tcp 192.168.253.40:4899 4899 ipfw add 100 nat 1 tcp from any to $IpOut 4899 via $LanOut ipfw add 100 allow tcp from any to 192.168.253.40 4899 via $LanIn ipfw nat 2 config if $LanOut log reset same_ports redirect_port tcp 192.168.253.115:3389 3390 ipfw add 200 nat 3 tcp from any to $IpOut 3390 via $LanOut ipfw add 200 allow tcp from any to 192.168.253.115 3389 via $LanIn #---------------NAT-------------------------------------- ipfw nat 10 config if $LanOut ipfw add 500 nat 10 ip from any to any via $LanOut #Разрешения для локалки ipfw add 700 allow tcp from 192.168.0.0/24 to any via $LanIn #Разрешаю ssh ipfw add 800 allow tcp from any to any 22 via $LanIn #Разрошение на соединение, не прерывать соединение и получение фрагментир покетов ipfw add 900 allow all from $IpOut to any out via $LanOut setup ipfw add 910 allow tcp from any to any established ipfw add 920 allow tcp from any to any frag #Разрешение DNS ipfw add 1000 allow udp from $dns1 53 to $IpOut in via $LanOut ipfw add 1000 allow udp from $IpOut to $dns1 53 keep-state #Запрет NETBIOS ipfw add 1100 deny udp from any to any 137,138 via $LanOut ipfw add 1100 deny tcp from any to any 135,139 via $LanOut #DHCP ipfw add 1200 allow udp from any to 192.168.0.1 67 via $LanIn keep-state #ssh,smtp,pop,http ipfw add 1300 allow tcp from any to $IpOut 22,25,110,80 via $LanOut setup #Сброс опознавания ipfw add 1400 reset tcp from any to $IpOut 113 via $LanOut | TCPDUMP даёт следующее Код: 16:10:22.583336 IP 192.168.254.21.54175 > 192.168.253.115.3389: Flags [S], seq 3615645881, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 16:10:22.583745 ARP, Request who-has 192.168.253.1 tell 192.168.253.115, length 46 16:10:22.583753 ARP, Reply 192.168.253.1 is-at 00:1b:21:c6:08:6b, length 28 16:10:22.583994 IP 192.168.253.115.3389 > 192.168.254.21.54175: Flags [S.], seq 166832142, ack 3615645882, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 16:10:22.584188 IP 192.168.254.21.54175 > 192.168.253.115.3389: Flags [R], seq 3615645882, win 0, length 0 | Подскажите,что же я делаю не так.....??? Если поставить стандартный порт 3389....то Код: 16:28:58.059018 IP 192.168.254.21.54592 > 192.168.253.115.3389: Flags [S], seq 340847803, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 16:28:58.059412 ARP, Request who-has 192.168.253.1 tell 192.168.253.115, length 46 16:28:58.059420 ARP, Reply 192.168.253.1 is-at 00:1b:21:c6:08:6b, length 28 16:28:58.059660 IP 192.168.253.115.3389 > 192.168.254.21.54592: Flags [S.], seq 402049147, ack 340847804, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 16:28:58.059864 IP 192.168.254.21.54592 > 192.168.253.115.3389: Flags [.], ack 1, win 256, length 0 16:28:58.060113 IP 192.168.254.21.54592 > 192.168.253.115.3389: Flags [P.], ack 1, win 256, length 19 16:28:58.063159 IP 192.168.253.115.3389 > 192.168.254.21.54592: Flags [.], ack 20, win 256, length 0 16:28:58.063284 IP 192.168.253.115.3389 > 192.168.254.21.54592: Flags [P.], ack 20, win 256, length 19 16:28:58.258628 IP 192.168.254.21.54592 > 192.168.253.115.3389: Flags [.], ack 20, win 256, length 0 16:28:59.211906 STP 802.1w, Rapid STP, Flags [Forward], bridge-id 8000.20:fd:f1:9b:52:80.800c, length 47 16:28:59.984169 IP 192.168.254.21.54592 > 192.168.253.115.3389: Flags [F.], seq 20, ack 20, win 256, length 0 16:28:59.984357 IP 192.168.253.115.3389 > 192.168.254.21.54592: Flags [.], ack 21, win 256, length 0 16:28:59.984479 IP 192.168.253.115.3389 > 192.168.254.21.54592: Flags [R.], seq 20, ack 21, win 0, length 0 | Спасайте, люди добрые |