lug-bg: homelan.bg & freebsd router
- Subject: lug-bg: homelan.bg & freebsd router
- From: Peter <bivol@xxxxxxxxx>
- Date: Sun, 26 Jun 2005 13:47:10 +0300
- Delivered-to: lug-bg-list@xxxxxxxxxxxxxxxxxx
- Delivered-to: lug-bg@xxxxxxxxxxxxxxxxxx
Здравейте,
Опитвам се да подкарам FreeBSD router, който да изпозлва връзка на
Хоумлан, но за сега без успех.
Конфигурации:
Router:
FreeBSD 5.4
Pub interface: fxp0
private ineterface: rl0
PPPoE interface: tun0
Client:
Laptop - Windows XP Pro
Без проблеми подкарах, PPPoE връзка под FreeBSD, също без проблеми се
свързвам от Уиндоуса към рутера по SSH.
Опитах със PPP_NAT и със NATD - но без успех да накарам NAT-a да заработи.
Като слушам с tcpdump na tun0 вижда странни неша от типа:
12:51:33.240233 IP rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain]
12:51:33.241378 IP mail.data.bg.domain > unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain]
12:51:33.242773 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg: icmp 36: time exceeded in-transit
12:51:33.243076 IP unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time exceeded in-transit
Ето и ipfw правилата:
f# ipfw list
00002 allow ip from any to any via rl0
00003 allow ip from any to any via lo0
00100 divert 8668 ip from any to any in via tun0
00101 check-state
00120 skipto 500 udp from any to 195.149.255.139 dst-port 53 out via
tun0 keep-s tate
00121 skipto 500 udp from any to 195.149.248.177 dst-port 53 out via
tun0 keep-s tate
00125 skipto 500 tcp from any to any via tun0 setup keep-state
00130 skipto 500 icmp from any to any out via tun0 keep-state
00400 allow udp from 195.149.248.177 to any in keep-state
00420 allow tcp from any to me dst-port 80 in via tun0 setup limit
src-addr 1
00500 divert 8668 ip from any to any out via tun0
00510 allow ip from any to any
65535 deny ip from any to any
От това по отворено не мога да си го представя.
Етои мрежовата конфигурация:
f# ifconfig
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet6 fe80::20a:e4ff:fe41:adea%fxp0 prefixlen 64 scopeid 0x1
ether xx:xx:xx:xx:xx
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet 10.30.12.1 netmask 0xffffff00 broadcast 10.30.12.255
inet6 fe80::2c0:26ff:fe79:7d98%rl0 prefixlen 64 scopeid 0x2
ether 00:c0:26:79:7d:98
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
inet 83.97.XX.XXX --> 195.149.255.142 netmask 0xffffff00
Opened by PID 195
Routing table:
f# netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default rtr3-lulin.data.bg UGS 0 168 tun0
10.30.12/24 link#2 UC 0 0 rl0
10.30.12.3 00:0a:e4:41:ae:0b UHLW 0 108 rl0 1091
localhost localhost UH 0 0 lo0
rtr3-lulin.data.bg unknown UH 1 36 tun0
f# cat /etc/rc.conf
# -- sysinstall generated deltas -- # Wed Jun 15 23:11:25 2005
# Created: Wed Jun 15 23:11:25 2005
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
#REMOVED: ifconfig_fxp0="inet 192.168.0.35 netmask 255.255.255.0"
#REMOVED: usbd_enable="YES"
#defaultrouter="192.168.0.1"
gateway_enable="YES"
hostname="bivol.ddns.homelan.bg"
ifconfig_fxp0="inet 192.168.x.xx netmask 255.255.255.0"
ifconfig_rl0="inet 10.30.12.1 netmask 255.255.255.0"
linux_enable="YES"
sshd_enable="YES"
usbd_enable="NO"
ppp_enable="YES"
ppp_mode="ddial"
#ppp_nat="YES"
ppp_profile="hl1"
firewall_enable="YES"
firewall_type="open"
natd_enable="YES"
natd_interface="tun0"
natd_flags="-dynamic -m"
TCPDUMP:
12:51:26.240092 IP unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time
exceeded in-transit
12:51:27.116457 IP rtr-lulin.data.bg.domain >
unknown.ddns.HomeLan.BG.1066: 22679 NXDomain 0/1/0 (122)
12:51:27.117588 IP mail.data.bg.domain > unknown.ddns.HomeLan.BG.1066:
22679 NXDomain 0/1/0 (122)
12:51:27.118985 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg: icmp 36:
time exceeded in-transit
12:51:27.119299 IP unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time
exceeded in-transit
12:51:27.233741 IP unknown.ddns.HomeLan.BG.1065 >
rtr-lulin.data.bg.domain: 42640+ A? newsrss.bbc.co.uk. (35)
12:51:27.238243 IP rtr-lulin.data.bg.domain >
unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain]
12:51:27.239554 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg: icmp 36:
time exceeded in-transit
12:51:29.234803 IP unknown.ddns.HomeLan.BG.1065 >
rtr-lulin.data.bg.domain: 42640+ A? newsrss.bbc.co.uk. (35)
12:51:29.235163 IP unknown.ddns.HomeLan.BG.1065 > mail.data.bg.domain:
42640+ A? newsrss.bbc.co.uk. (35)
12:51:29.243392 IP rtr-lulin.data.bg.domain >
unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain]
12:51:29.244190 IP mail.data.bg.domain > unknown.ddns.HomeLan.BG.1065:
42640 2/2/2 CNAME[|domain]
12:51:29.245603 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg: icmp 36:
time exceeded in-transit
12:51:29.245905 IP unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time
exceeded in-transit
12:51:33.235947 IP unknown.ddns.HomeLan.BG.1065 >
rtr-lulin.data.bg.domain: 42640+ A? newsrss.bbc.co.uk. (35)
12:51:33.237839 IP unknown.ddns.HomeLan.BG.1065 > mail.data.bg.domain:
42640+ A? newsrss.bbc.co.uk. (35)
12:51:33.240233 IP rtr-lulin.data.bg.domain >
unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain]
12:51:33.241378 IP mail.data.bg.domain > unknown.ddns.HomeLan.BG.1065:
42640 2/2/2 CNAME[|domain]
12:51:33.242773 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg: icmp 36:
time exceeded in-transit
12:51:33.243076 IP unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time
exceeded in-transit
^C
79 packets captured
79 packets received by filter
0 packets dropped by kernel
f# tcpdump -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type NULL (BSD loopback), capture size 96 bytes
12:53:45.129486 IP unknown.ddns.HomeLan.BG.1066 >
rtr-lulin.data.bg.domain: 39058+ A? it.slashdot.org. (33)
12:53:45.129854 IP unknown.ddns.HomeLan.BG.1066 > mail.data.bg.domain:
39058+ A? it.slashdot.org. (33)
12:53:45.135620 IP rtr-lulin.data.bg.domain >
unknown.ddns.HomeLan.BG.1066: 39058 1/5/5 A star.slashdot.org (238)
12:53:45.136805 IP mail.data.bg.domain > unknown.ddns.HomeLan.BG.1066:
39058 1/5/5 A star.slashdot.org (238)
12:53:45.139168 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg: icmp 36:
time exceeded in-transit
12:53:45.139502 IP unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time
exceeded in-transit
12:53:45.321043 IP unknown.ddns.HomeLan.BG.51985 >
rtr-lulin.data.bg.domain: 44355+ PTR? 139.255.149.195.in-addr.arpa. (46)
12:53:45.325618 IP rtr-lulin.data.bg.domain >
unknown.ddns.HomeLan.BG.51985: 44355 1/7/11 PTR[|domain]
12:53:45.330726 IP unknown.ddns.HomeLan.BG.50079 >
rtr-lulin.data.bg.domain: 44356+ PTR? 141.31.97.83.in-addr.arpa. (43)
12:53:45.337158 IP rtr-lulin.data.bg.domain >
unknown.ddns.HomeLan.BG.50079: 44356 1/2/2 (177)
12:53:45.341953 IP unknown.ddns.HomeLan.BG.54720 >
rtr-lulin.data.bg.domain: 44357+ PTR? 177.248.149.195.in-addr.arpa. (46)
12:53:45.346612 IP rtr-lulin.data.bg.domain >
unknown.ddns.HomeLan.BG.54720: 44357 1/3/3 PTR[|domain]
12:53:45.351294 IP unknown.ddns.HomeLan.BG.65222 >
rtr-lulin.data.bg.domain: 44358+ PTR? 151.250.35.66.in-addr.arpa. (44)
12:53:45.710193 IP rtr-lulin.data.bg.domain >
unknown.ddns.HomeLan.BG.65222: 44358 2/2/2[|domain]
12:54:01.087425 IP unknown.ddns.HomeLan.BG.1066 >
rtr-lulin.data.bg.domain: 12946+ A? it.slashdot.org. (33)
12:54:01.092699 IP rtr-lulin.data.bg.domain >
unknown.ddns.HomeLan.BG.1066: 12946 1/5/5 A star.slashdot.org (238)
12:54:01.094003 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg: icmp 36:
time exceeded in-transit
12:54:02.087348 IP unknown.ddns.HomeLan.BG.1066 > mail.data.bg.domain:
12946+ A? it.slashdot.org. (33)
12:54:02.092405 IP mail.data.bg.domain > unknown.ddns.HomeLan.BG.1066:
12946 1/5/5 A star.slashdot.org (238)
12:54:02.093743 IP unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time
exceeded in-transit
12:54:03.087550 IP unknown.ddns.HomeLan.BG.1066 >
rtr-lulin.data.bg.domain: 12946+ A? it.slashdot.org. (33)
12:54:03.092805 IP rtr-lulin.data.bg.domain >
unknown.ddns.HomeLan.BG.1066: 12946 1/5/5 A star.slashdot.org (238)
12:54:03.094087 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg: icmp 36:
time exceeded in-transit
Надявам се някой да помогне.
Мерси предварително.
Поздрави,
Петър
|