forum.opennet.ru

Составление сообщения

Исходное сообщение

"Помогите, пожалуйста, с VPN mpd под FreeBSD"
Отправлено cheshire_cat, 25-Окт-06 00:59

Есть мнение, что не стоило подключаться с IP, который попадает в сеть, в которую я подключаюсь. Как Вы думаете, имеет это значение?
Я имею в виду, что подключаюсь я в 192.168.0.0/24 из такой же сети, скрытой за шлюзом, просто IP с которого я подключаюсь - 192.168.0.101?
Так, по пунктам все вывожу.
1) netstat -rn после подключения клиента:
Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            80.70.230.65       UGS         0  8922622    rl1
80.70.230.64/26    link#2             UC          0        0    rl1
80.70.230.65       00:13:60:97:a8:41  UHLW        2        0    rl1   1196
127.0.0.1          127.0.0.1          UH          0      742    lo0
192.168.0          link#1             UC          0        0    rl0
192.168.0.1        lo0                UHS         0        0    lo0
192.168.0.4        00:02:b3:a8:82:d2  UHLW        1        2    rl0    930
192.168.0.6        00:0c:76:eb:86:4d  UHLW        1  4014088    rl0   1082
192.168.0.41       192.168.0.1        UH          0        0    ng0
192.168.0.41       00:11:95:5c:5c:75  UHLS2       1        0    rl0
192.168.0.255      ff:ff:ff:ff:ff:ff  UHLWb       1        4    rl0
2) tcpdump -i ng0 во время пинга НИЧЕГО не выводит.
3) mpd.log во время подключения клиента:
Oct 25 00:44:04 gateway mpd: [pptp0] LCP: state change Stopped --> Closed
Oct 25 00:44:04 gateway mpd: [pptp0] device: DOWN event in state DOWN
Oct 25 00:44:04 gateway mpd: [pptp0] device is now in state DOWN
Oct 25 00:44:04 gateway mpd: [pptp0] link: DOWN event
Oct 25 00:44:04 gateway mpd: [pptp0] LCP: Down event
Oct 25 00:44:04 gateway mpd: [pptp0] LCP: state change Closed --> Initial
Oct 25 00:44:04 gateway mpd: [pptp0] LCP: phase shift ESTABLISH --> DEAD
Oct 25 00:44:04 gateway mpd: [pptp0] link: DOWN event
Oct 25 00:44:04 gateway mpd: [pptp0] LCP: Down event
Oct 25 00:44:04 gateway mpd: pptp0: killing connection with 84.242.8.165:1844
Oct 25 00:45:09 gateway mpd: mpd: PPTP connection from 84.242.8.165:1857
Oct 25 00:45:09 gateway mpd: pptp0: attached to connection with 84.242.8.165:1857
Oct 25 00:45:09 gateway mpd: [pptp0] IFACE: Open event
Oct 25 00:45:09 gateway mpd: [pptp0] IPCP: Open event
Oct 25 00:45:09 gateway mpd: [pptp0] IPCP: state change Initial --> Starting
Oct 25 00:45:09 gateway mpd: [pptp0] IPCP: LayerStart
Oct 25 00:45:09 gateway mpd: [pptp0] IPCP: Open event
Oct 25 00:45:09 gateway mpd: [pptp0] bundle: OPEN event in state CLOSED
Oct 25 00:45:09 gateway mpd: [pptp0] opening link "pptp0"...
Oct 25 00:45:09 gateway mpd: [pptp0] link: OPEN event
Oct 25 00:45:09 gateway mpd: [pptp0] LCP: Open event
Oct 25 00:45:09 gateway mpd: [pptp0] LCP: state change Initial --> Starting
Oct 25 00:45:09 gateway mpd: [pptp0] LCP: LayerStart
Oct 25 00:45:09 gateway mpd: [pptp0] device: OPEN event in state DOWN
Oct 25 00:45:09 gateway mpd: [pptp0] attaching to peer's outgoing call
Oct 25 00:45:09 gateway mpd: [pptp0] device is now in state OPENING
Oct 25 00:45:09 gateway mpd: [pptp0] device: UP event in state OPENING
Oct 25 00:45:09 gateway mpd: [pptp0] device is now in state UP
Oct 25 00:45:09 gateway mpd: [pptp0] link: UP event
Oct 25 00:45:09 gateway mpd: [pptp0] link: origination is remote
Oct 25 00:45:09 gateway mpd: [pptp0] LCP: Up event
Oct 25 00:45:09 gateway mpd: [pptp0] LCP: state change Starting --> Req-Sent
Oct 25 00:45:09 gateway mpd: [pptp0] LCP: phase shift DEAD --> ESTABLISH
Oct 25 00:45:09 gateway mpd: [pptp0] LCP: SendConfigReq #23
Oct 25 00:45:09 gateway mpd:  ACFCOMP
Oct 25 00:45:09 gateway mpd:  PROTOCOMP
Oct 25 00:45:09 gateway mpd:  MRU 1500
Oct 25 00:45:09 gateway mpd:  MAGICNUM fd1cba59
Oct 25 00:45:09 gateway mpd:  AUTHPROTO CHAP MSOFTv2
Oct 25 00:45:10 gateway mpd: pptp0-0: ignoring SetLinkInfo
Oct 25 00:45:10 gateway mpd: [pptp0] LCP: rec'd Configure Request #0 link 0 (Req-Sent)
Oct 25 00:45:10 gateway mpd:  MRU 1400
Oct 25 00:45:10 gateway mpd:  MAGICNUM 1f710477
Oct 25 00:45:10 gateway mpd:  PROTOCOMP
Oct 25 00:45:10 gateway mpd:  ACFCOMP
Oct 25 00:45:10 gateway mpd:  CALLBACK
Oct 25 00:45:10 gateway mpd:    Not supported
Oct 25 00:45:10 gateway mpd: [pptp0] LCP: SendConfigRej #0
Oct 25 00:45:10 gateway mpd:  CALLBACK
Oct 25 00:45:10 gateway mpd: [pptp0] LCP: rec'd Configure Request #1 link 0 (Req-Sent)
Oct 25 00:45:10 gateway mpd:  MRU 1400
Oct 25 00:45:10 gateway mpd:  MAGICNUM 1f710477
Oct 25 00:45:10 gateway mpd:  PROTOCOMP
Oct 25 00:45:10 gateway mpd:  ACFCOMP
Oct 25 00:45:10 gateway mpd: [pptp0] LCP: SendConfigAck #1
Oct 25 00:45:10 gateway mpd:  MRU 1400
Oct 25 00:45:10 gateway mpd:  MAGICNUM 1f710477
Oct 25 00:45:10 gateway mpd:  PROTOCOMP
Oct 25 00:45:10 gateway mpd:  ACFCOMP
Oct 25 00:45:10 gateway mpd: [pptp0] LCP: state change Req-Sent --> Ack-Sent
Oct 25 00:45:11 gateway mpd: [pptp0] LCP: SendConfigReq #24
Oct 25 00:45:11 gateway mpd:  ACFCOMP
Oct 25 00:45:11 gateway mpd:  PROTOCOMP
Oct 25 00:45:11 gateway mpd:  MRU 1500
Oct 25 00:45:11 gateway mpd:  MAGICNUM fd1cba59
Oct 25 00:45:11 gateway mpd:  AUTHPROTO CHAP MSOFTv2
Oct 25 00:45:12 gateway mpd: [pptp0] LCP: rec'd Configure Ack #24 link 0 (Ack-Sent)
Oct 25 00:45:12 gateway mpd:  ACFCOMP
Oct 25 00:45:12 gateway mpd:  PROTOCOMP
Oct 25 00:45:12 gateway mpd:  MRU 1500
Oct 25 00:45:12 gateway mpd:  MAGICNUM fd1cba59
Oct 25 00:45:12 gateway mpd:  AUTHPROTO CHAP MSOFTv2
Oct 25 00:45:12 gateway mpd: [pptp0] LCP: state change Ack-Sent --> Opened
Oct 25 00:45:12 gateway mpd: [pptp0] LCP: phase shift ESTABLISH --> AUTHENTICATE
Oct 25 00:45:12 gateway mpd: [pptp0] LCP: auth: peer wants nothing, I want CHAP
Oct 25 00:45:12 gateway mpd: [pptp0] CHAP: sending CHALLENGE
Oct 25 00:45:12 gateway mpd: [pptp0] LCP: LayerUp
Oct 25 00:45:12 gateway mpd: pptp0-0: ignoring SetLinkInfo
Oct 25 00:45:12 gateway mpd: [pptp0] LCP: rec'd Ident #2 link 0 (Opened)
Oct 25 00:45:12 gateway mpd:  MESG: MSRASV5.10
Oct 25 00:45:12 gateway mpd: [pptp0] LCP: rec'd Ident #3 link 0 (Opened)
Oct 25 00:45:12 gateway mpd:  MESG: MSRAS-0-OSIRIS
Oct 25 00:45:12 gateway mpd: [pptp0] CHAP: rec'd RESPONSE #1
Oct 25 00:45:12 gateway mpd:  Name: "****"
Oct 25 00:45:12 gateway mpd:  Peer name: "****"
Oct 25 00:45:12 gateway mpd:  Response is valid
Oct 25 00:45:12 gateway mpd: [pptp0] CHAP: sending SUCCESS
Oct 25 00:45:12 gateway mpd: [pptp0] LCP: authorization successful
Oct 25 00:45:12 gateway mpd: [pptp0] LCP: phase shift AUTHENTICATE --> NETWORK
Oct 25 00:45:12 gateway mpd: [pptp0] setting interface ng0 MTU to 1300 bytes
Oct 25 00:45:12 gateway mpd: [pptp0] up: 1 link, total bandwidth 64000 bps
Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: Up event
Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: state change Starting --> Req-Sent
Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: SendConfigReq #8
Oct 25 00:45:12 gateway mpd:  IPADDR 192.168.0.1
Oct 25 00:45:12 gateway mpd:  COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Open event
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: state change Initial --> Starting
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: LayerStart
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Up event
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: state change Starting --> Req-Sent
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: SendConfigReq #8
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 40 bits are enabled -> yes
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 56 bits are enabled -> no
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 128 bits are enabled -> yes
Oct 25 00:45:12 gateway mpd:  MPPC
Oct 25 00:45:12 gateway mpd:    0x01000060: MPPE, 40 bit, 128 bit, stateless
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: rec'd Configure Request #4 link 0 (Req-Sent)
Oct 25 00:45:12 gateway mpd:  MPPC
Oct 25 00:45:12 gateway mpd:    0x010000e1: MPPC MPPE, 40 bit, 56 bit, 128 bit, stateless
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 40 bits are acceptable -> yes
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 56 bits are acceptable -> no
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 128 bits are acceptable -> yes
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: SendConfigNak #4
Oct 25 00:45:12 gateway mpd:  MPPC
Oct 25 00:45:12 gateway mpd:    0x01000040: MPPE, 128 bit, stateless
Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: rec'd Configure Request #5 link 0 (Req-Sent)
Oct 25 00:45:12 gateway mpd:  IPADDR 0.0.0.0
Oct 25 00:45:12 gateway mpd:    NAKing with 192.168.0.41
Oct 25 00:45:12 gateway mpd:  PRIDNS 0.0.0.0
Oct 25 00:45:12 gateway mpd:  PRINBNS 0.0.0.0
Oct 25 00:45:12 gateway mpd:  SECDNS 0.0.0.0
Oct 25 00:45:12 gateway mpd:  SECNBNS 0.0.0.0
Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: SendConfigRej #5
Oct 25 00:45:12 gateway mpd:  PRIDNS 0.0.0.0
Oct 25 00:45:12 gateway mpd:  PRINBNS 0.0.0.0
Oct 25 00:45:12 gateway mpd:  SECDNS 0.0.0.0
Oct 25 00:45:12 gateway mpd:  SECNBNS 0.0.0.0
Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: rec'd Configure Reject #8 link 0 (Req-Sent)
Oct 25 00:45:12 gateway mpd:  COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: SendConfigReq #9
Oct 25 00:45:12 gateway mpd:  IPADDR 192.168.0.1
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: rec'd Configure Nak #8 link 0 (Req-Sent)
Oct 25 00:45:12 gateway mpd:  MPPC
Oct 25 00:45:12 gateway mpd:    0x01000040: MPPE, 128 bit, stateless
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: SendConfigReq #9
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 40 bits are enabled -> no
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 56 bits are enabled -> no
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 128 bits are enabled -> yes
Oct 25 00:45:12 gateway mpd:  MPPC
Oct 25 00:45:12 gateway mpd:    0x01000040: MPPE, 128 bit, stateless
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: rec'd Configure Request #6 link 0 (Req-Sent)
Oct 25 00:45:12 gateway mpd:  MPPC
Oct 25 00:45:12 gateway mpd:    0x01000040: MPPE, 128 bit, stateless
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 128 bits are acceptable -> yes
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: SendConfigAck #6
Oct 25 00:45:12 gateway mpd:  MPPC
Oct 25 00:45:12 gateway mpd:    0x01000040: MPPE, 128 bit, stateless
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: state change Req-Sent --> Ack-Sent
Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: rec'd Configure Request #7 link 0 (Req-Sent)
Oct 25 00:45:12 gateway mpd:  IPADDR 0.0.0.0
Oct 25 00:45:12 gateway mpd:    NAKing with 192.168.0.41
Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: SendConfigNak #7
Oct 25 00:45:12 gateway mpd:  IPADDR 192.168.0.41
Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: rec'd Configure Ack #9 link 0 (Req-Sent)
Oct 25 00:45:12 gateway mpd:  IPADDR 192.168.0.1
Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: state change Req-Sent --> Ack-Rcvd
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: rec'd Configure Ack #9 link 0 (Ack-Sent)
Oct 25 00:45:12 gateway mpd:  MPPC
Oct 25 00:45:12 gateway mpd:    0x01000040: MPPE, 128 bit, stateless
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: state change Ack-Sent --> Opened
Oct 25 00:45:12 gateway mpd: [pptp0] CCP: LayerUp
Oct 25 00:45:12 gateway mpd:   Compress using: MPPE, 128 bit, stateless
Oct 25 00:45:12 gateway mpd: Decompress using: MPPE, 128 bit, stateless
Oct 25 00:45:12 gateway mpd: [pptp0] setting interface ng0 MTU to 1296 bytes
Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: rec'd Configure Request #8 link 0 (Ack-Rcvd)
Oct 25 00:45:12 gateway mpd:  IPADDR 192.168.0.41
Oct 25 00:45:12 gateway mpd:    192.168.0.41 is OK
Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: SendConfigAck #8
Oct 25 00:45:12 gateway mpd:  IPADDR 192.168.0.41
Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: state change Ack-Rcvd --> Opened
Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: LayerUp
Oct 25 00:45:12 gateway mpd:   192.168.0.1 -> 192.168.0.41
Oct 25 00:45:12 gateway mpd: [pptp0] IFACE: Up event
Oct 25 00:45:12 gateway mpd: [pptp0] setting interface ng0 MTU to 1296 bytes
Oct 25 00:45:12 gateway mpd: [pptp0] exec: /sbin/ifconfig ng0 192.168.0.1 192.168.0.41 netmask 0xffffffff -link0
Oct 25 00:45:12 gateway mpd: [pptp0] exec: /usr/sbin/arp -s 192.168.0.41 0:11:95:5c:5c:75 pub
Oct 25 00:45:12 gateway mpd: [pptp0] exec: /sbin/route add 192.168.0.1 -iface lo0
Oct 25 00:45:12 gateway mpd: [pptp0] IFACE: Up event
Oct 25 00:45:14 gateway mpd: [pptp0] CCP: rec'd Configure Request #9 link 0 (Opened)
Oct 25 00:45:14 gateway mpd:  MPPC
Oct 25 00:45:14 gateway mpd:    0x01000040: MPPE, 128 bit, stateless
Oct 25 00:45:14 gateway mpd: [pptp0] CCP: Checking whether 128 bits are acceptable -> yes
Oct 25 00:45:14 gateway mpd: [pptp0] CCP: LayerDown
Oct 25 00:45:14 gateway mpd: [pptp0] CCP: SendConfigReq #10
Oct 25 00:45:14 gateway mpd: [pptp0] CCP: Checking whether 40 bits are enabled -> no
Oct 25 00:45:14 gateway mpd: [pptp0] CCP: Checking whether 56 bits are enabled -> no
Oct 25 00:45:14 gateway mpd: [pptp0] CCP: Checking whether 128 bits are enabled -> yes
Oct 25 00:45:14 gateway mpd:  MPPC
Oct 25 00:45:14 gateway mpd:    0x01000040: MPPE, 128 bit, stateless
Oct 25 00:45:14 gateway mpd: [pptp0] CCP: SendConfigAck #9
Oct 25 00:45:14 gateway mpd:  MPPC
Oct 25 00:45:14 gateway mpd:    0x01000040: MPPE, 128 bit, stateless
Oct 25 00:45:14 gateway mpd: [pptp0] CCP: state change Opened --> Ack-Sent
Oct 25 00:45:14 gateway mpd: [pptp0] CCP: rec'd Configure Ack #10 link 0 (Ack-Sent)
Oct 25 00:45:14 gateway mpd:  MPPC
Oct 25 00:45:14 gateway mpd:    0x01000040: MPPE, 128 bit, stateless
Oct 25 00:45:14 gateway mpd: [pptp0] CCP: state change Ack-Sent --> Opened
Oct 25 00:45:14 gateway mpd: [pptp0] CCP: LayerUp
Oct 25 00:45:14 gateway mpd:   Compress using: MPPE, 128 bit, stateless
Oct 25 00:45:14 gateway mpd: Decompress using: MPPE, 128 bit, stateless
Oct 25 00:45:14 gateway mpd: [pptp0] setting interface ng0 MTU to 1296 bytes
4) ipconfig /all
  Настройка протокола IP для Windows
        Имя компьютера  . . . . . . . . . : Osiris
        Основной DNS-суффикс  . . . . . . :
        Тип узла. . . . . . . . . . . . . : неизвестный
        IP-маршрутизация включена . . . . : нет
        WINS-прокси включен . . . . . . . : нет
  homeuser - Ethernet адаптер:
        DNS-суффикс этого подключения . . :
        Описание  . . . . . . . . . . . . : 3Com Gigabit LOM (3C940)
        Физический адрес. . . . . . . . . : 00-0E-A6-16-B0-63
        Dhcp включен. . . . . . . . . . . : нет
        IP-адрес  . . . . . . . . . . . . : 192.168.0.101
        Маска подсети . . . . . . . . . . : 255.255.255.0
        Основной шлюз . . . . . . . . . . : 192.168.0.100
        DNS-серверы . . . . . . . . . . . : 84.242.4.101
                                            84.242.2.10
        NetBIOS через TCP/IP. . . . . . . : отключен
  VPN - PPP адаптер:
        DNS-суффикс этого подключения . . :
        Описание  . . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Физический адрес. . . . . . . . . : 00-53-45-00-00-00
        Dhcp включен. . . . . . . . . . . : нет
        IP-адрес  . . . . . . . . . . . . : 192.168.0.41
        Маска подсети . . . . . . . . . . : 255.255.255.255
        Основной шлюз . . . . . . . . . . : 192.168.0.41
5) route print
===========================================================================
Список интерфейсов
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0e a6 16 b0 63 ...... 3Com Gigabit LOM (3C940)
0x1c0004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Активные маршруты:
Сетевой адрес           Маска сети      Адрес шлюза       Интерфейс  Метрика
          0.0.0.0          0.0.0.0     192.168.0.41    192.168.0.41       1
          0.0.0.0          0.0.0.0    192.168.0.100   192.168.0.101       21
     80.70.230.87  255.255.255.255    192.168.0.100   192.168.0.101       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.0.0    255.255.255.0    192.168.0.101   192.168.0.101       20
     192.168.0.41  255.255.255.255        127.0.0.1       127.0.0.1       50
    192.168.0.101  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.0.255  255.255.255.255     192.168.0.41    192.168.0.41       50
    192.168.0.255  255.255.255.255    192.168.0.101   192.168.0.101       20
        224.0.0.0        240.0.0.0    192.168.0.101   192.168.0.101       20
        224.0.0.0        240.0.0.0     192.168.0.41    192.168.0.41       1
  255.255.255.255  255.255.255.255     192.168.0.41    192.168.0.41       1
  255.255.255.255  255.255.255.255    192.168.0.101   192.168.0.101       1
Основной шлюз:        192.168.0.41
===========================================================================
Постоянные маршруты:
  Отсутствует
6) tcpdump -i ng0 во время пинга с клиентской машины НИЧЕГО не выводит.
7) IP-шники прятать смысла нет, уже засветил в первом посте, а форум не дал отредактировать, сказал, что можно только в течение 30 минут после публикации. :)
Так что, вот он - конфиг Огненно Стены :)
# Loopback
exec = /sbin/ipfw -f flush
exec = /sbin/ipfw add 100 allow all from any to any via lo0
exec = /sbin/ipfw add 110 deny ip from any to 127.0.0.0/8
exec = /sbin/ipfw add 120 deny ip from 127.0.0.0/8 to any
# Nat
exec = /sbin/ipfw add 200 divert natd all from any to any via rl1
# Netbios & mysql
exec = /sbin/ipfw add 300 deny tcp from any to any 135-139 via rl1
exec = /sbin/ipfw add 301 deny tcp from any 135-139 to any
exec = /sbin/ipfw add 310 deny tcp from any to any 3306 via rl1
exec = /sbin/ipfw add 311 deny tcp from any 3306 to any via rl1
# Internal SSH
exec = /sbin/ipfw add 400 allow all from any to 192.168.0.1 22
exec = /sbin/ipfw add 401 allow all from 192.168.0.1 22 to any
# External SSH
exec = /sbin/ipfw add 500 allow all from any to 80.70.230.87 22
exec = /sbin/ipfw add 501 allow all from 80.70.230.87 22 to any
# VPN
exec = /sbin/ipfw add 600 allow tcp from any to 80.70.230.87 1723
exec = /sbin/ipfw add 601 allow tcp from 80.70.230.87 1723 to any
exec = /sbin/ipfw add 602 allow gre from any to any
exec = /sbin/ipfw add 603 allow all from any to any via ng0
exec = /sbin/ipfw add 604 allow all from any to any via ng1
exec = /sbin/ipfw add 605 allow icmp from any to any
# Server gateway
exec = /sbin/ipfw add 1010 allow ip from 192.168.0.1 to any
exec = /sbin/ipfw add 1011 allow ip from any to 192.168.0.1 via rl1
exec = /sbin/ipfw add 1012 allow ip from any to 192.168.0.1 via rl0
exec = /sbin/ipfw add 1013 allow ip from 80.70.230.87 to any
# USER 1
exec = /sbin/ipfw add 1020 allow ip from 192.168.0.2 to any
exec = /sbin/ipfw add 1021 allow ip from any to 192.168.0.2 via rl1
exec = /sbin/ipfw add 1022 allow ip from any to 192.168.0.2 via rl0
# ... Далее еще с 30 подобных записей, отличающихся только IPшниками
# VPN
exec = /sbin/ipfw add 1410 allow ip from 192.168.0.41 to any
exec = /sbin/ipfw add 1411 allow ip from any to 192.168.0.41 via rl1
exec = /sbin/ipfw add 1412 allow ip from any to 192.168.0.41 via rl0

Исходное сообщение
"Помогите, пожалуйста, с VPN mpd под FreeBSD" Отправлено cheshire_cat, 25-Окт-06 00:59
Есть мнение, что не стоило подключаться с IP, который попадает в сеть, в которую я подключаюсь. Как Вы думаете, имеет это значение? Я имею в виду, что подключаюсь я в 192.168.0.0/24 из такой же сети, скрытой за шлюзом, просто IP с которого я подключаюсь - 192.168.0.101? Так, по пунктам все вывожу. 1) netstat -rn после подключения клиента: Internet: Destination Gateway Flags Refs Use Netif Expire default 80.70.230.65 UGS 0 8922622 rl1 80.70.230.64/26 link#2 UC 0 0 rl1 80.70.230.65 00:13:60:97:a8:41 UHLW 2 0 rl1 1196 127.0.0.1 127.0.0.1 UH 0 742 lo0 192.168.0 link#1 UC 0 0 rl0 192.168.0.1 lo0 UHS 0 0 lo0 192.168.0.4 00:02:b3:a8:82:d2 UHLW 1 2 rl0 930 192.168.0.6 00:0c:76:eb:86:4d UHLW 1 4014088 rl0 1082 192.168.0.41 192.168.0.1 UH 0 0 ng0 192.168.0.41 00:11:95:5c:5c:75 UHLS2 1 0 rl0 192.168.0.255 ff:ff:ff:ff:ff:ff UHLWb 1 4 rl0 2) tcpdump -i ng0 во время пинга НИЧЕГО не выводит. 3) mpd.log во время подключения клиента: Oct 25 00:44:04 gateway mpd: [pptp0] LCP: state change Stopped --> Closed Oct 25 00:44:04 gateway mpd: [pptp0] device: DOWN event in state DOWN Oct 25 00:44:04 gateway mpd: [pptp0] device is now in state DOWN Oct 25 00:44:04 gateway mpd: [pptp0] link: DOWN event Oct 25 00:44:04 gateway mpd: [pptp0] LCP: Down event Oct 25 00:44:04 gateway mpd: [pptp0] LCP: state change Closed --> Initial Oct 25 00:44:04 gateway mpd: [pptp0] LCP: phase shift ESTABLISH --> DEAD Oct 25 00:44:04 gateway mpd: [pptp0] link: DOWN event Oct 25 00:44:04 gateway mpd: [pptp0] LCP: Down event Oct 25 00:44:04 gateway mpd: pptp0: killing connection with 84.242.8.165:1844 Oct 25 00:45:09 gateway mpd: mpd: PPTP connection from 84.242.8.165:1857 Oct 25 00:45:09 gateway mpd: pptp0: attached to connection with 84.242.8.165:1857 Oct 25 00:45:09 gateway mpd: [pptp0] IFACE: Open event Oct 25 00:45:09 gateway mpd: [pptp0] IPCP: Open event Oct 25 00:45:09 gateway mpd: [pptp0] IPCP: state change Initial --> Starting Oct 25 00:45:09 gateway mpd: [pptp0] IPCP: LayerStart Oct 25 00:45:09 gateway mpd: [pptp0] IPCP: Open event Oct 25 00:45:09 gateway mpd: [pptp0] bundle: OPEN event in state CLOSED Oct 25 00:45:09 gateway mpd: [pptp0] opening link "pptp0"... Oct 25 00:45:09 gateway mpd: [pptp0] link: OPEN event Oct 25 00:45:09 gateway mpd: [pptp0] LCP: Open event Oct 25 00:45:09 gateway mpd: [pptp0] LCP: state change Initial --> Starting Oct 25 00:45:09 gateway mpd: [pptp0] LCP: LayerStart Oct 25 00:45:09 gateway mpd: [pptp0] device: OPEN event in state DOWN Oct 25 00:45:09 gateway mpd: [pptp0] attaching to peer's outgoing call Oct 25 00:45:09 gateway mpd: [pptp0] device is now in state OPENING Oct 25 00:45:09 gateway mpd: [pptp0] device: UP event in state OPENING Oct 25 00:45:09 gateway mpd: [pptp0] device is now in state UP Oct 25 00:45:09 gateway mpd: [pptp0] link: UP event Oct 25 00:45:09 gateway mpd: [pptp0] link: origination is remote Oct 25 00:45:09 gateway mpd: [pptp0] LCP: Up event Oct 25 00:45:09 gateway mpd: [pptp0] LCP: state change Starting --> Req-Sent Oct 25 00:45:09 gateway mpd: [pptp0] LCP: phase shift DEAD --> ESTABLISH Oct 25 00:45:09 gateway mpd: [pptp0] LCP: SendConfigReq #23 Oct 25 00:45:09 gateway mpd: ACFCOMP Oct 25 00:45:09 gateway mpd: PROTOCOMP Oct 25 00:45:09 gateway mpd: MRU 1500 Oct 25 00:45:09 gateway mpd: MAGICNUM fd1cba59 Oct 25 00:45:09 gateway mpd: AUTHPROTO CHAP MSOFTv2 Oct 25 00:45:10 gateway mpd: pptp0-0: ignoring SetLinkInfo Oct 25 00:45:10 gateway mpd: [pptp0] LCP: rec'd Configure Request #0 link 0 (Req-Sent) Oct 25 00:45:10 gateway mpd: MRU 1400 Oct 25 00:45:10 gateway mpd: MAGICNUM 1f710477 Oct 25 00:45:10 gateway mpd: PROTOCOMP Oct 25 00:45:10 gateway mpd: ACFCOMP Oct 25 00:45:10 gateway mpd: CALLBACK Oct 25 00:45:10 gateway mpd: Not supported Oct 25 00:45:10 gateway mpd: [pptp0] LCP: SendConfigRej #0 Oct 25 00:45:10 gateway mpd: CALLBACK Oct 25 00:45:10 gateway mpd: [pptp0] LCP: rec'd Configure Request #1 link 0 (Req-Sent) Oct 25 00:45:10 gateway mpd: MRU 1400 Oct 25 00:45:10 gateway mpd: MAGICNUM 1f710477 Oct 25 00:45:10 gateway mpd: PROTOCOMP Oct 25 00:45:10 gateway mpd: ACFCOMP Oct 25 00:45:10 gateway mpd: [pptp0] LCP: SendConfigAck #1 Oct 25 00:45:10 gateway mpd: MRU 1400 Oct 25 00:45:10 gateway mpd: MAGICNUM 1f710477 Oct 25 00:45:10 gateway mpd: PROTOCOMP Oct 25 00:45:10 gateway mpd: ACFCOMP Oct 25 00:45:10 gateway mpd: [pptp0] LCP: state change Req-Sent --> Ack-Sent Oct 25 00:45:11 gateway mpd: [pptp0] LCP: SendConfigReq #24 Oct 25 00:45:11 gateway mpd: ACFCOMP Oct 25 00:45:11 gateway mpd: PROTOCOMP Oct 25 00:45:11 gateway mpd: MRU 1500 Oct 25 00:45:11 gateway mpd: MAGICNUM fd1cba59 Oct 25 00:45:11 gateway mpd: AUTHPROTO CHAP MSOFTv2 Oct 25 00:45:12 gateway mpd: [pptp0] LCP: rec'd Configure Ack #24 link 0 (Ack-Sent) Oct 25 00:45:12 gateway mpd: ACFCOMP Oct 25 00:45:12 gateway mpd: PROTOCOMP Oct 25 00:45:12 gateway mpd: MRU 1500 Oct 25 00:45:12 gateway mpd: MAGICNUM fd1cba59 Oct 25 00:45:12 gateway mpd: AUTHPROTO CHAP MSOFTv2 Oct 25 00:45:12 gateway mpd: [pptp0] LCP: state change Ack-Sent --> Opened Oct 25 00:45:12 gateway mpd: [pptp0] LCP: phase shift ESTABLISH --> AUTHENTICATE Oct 25 00:45:12 gateway mpd: [pptp0] LCP: auth: peer wants nothing, I want CHAP Oct 25 00:45:12 gateway mpd: [pptp0] CHAP: sending CHALLENGE Oct 25 00:45:12 gateway mpd: [pptp0] LCP: LayerUp Oct 25 00:45:12 gateway mpd: pptp0-0: ignoring SetLinkInfo Oct 25 00:45:12 gateway mpd: [pptp0] LCP: rec'd Ident #2 link 0 (Opened) Oct 25 00:45:12 gateway mpd: MESG: MSRASV5.10 Oct 25 00:45:12 gateway mpd: [pptp0] LCP: rec'd Ident #3 link 0 (Opened) Oct 25 00:45:12 gateway mpd: MESG: MSRAS-0-OSIRIS Oct 25 00:45:12 gateway mpd: [pptp0] CHAP: rec'd RESPONSE #1 Oct 25 00:45:12 gateway mpd: Name: "**" Oct 25 00:45:12 gateway mpd: Peer name: "**" Oct 25 00:45:12 gateway mpd: Response is valid Oct 25 00:45:12 gateway mpd: [pptp0] CHAP: sending SUCCESS Oct 25 00:45:12 gateway mpd: [pptp0] LCP: authorization successful Oct 25 00:45:12 gateway mpd: [pptp0] LCP: phase shift AUTHENTICATE --> NETWORK Oct 25 00:45:12 gateway mpd: [pptp0] setting interface ng0 MTU to 1300 bytes Oct 25 00:45:12 gateway mpd: [pptp0] up: 1 link, total bandwidth 64000 bps Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: Up event Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: state change Starting --> Req-Sent Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: SendConfigReq #8 Oct 25 00:45:12 gateway mpd: IPADDR 192.168.0.1 Oct 25 00:45:12 gateway mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Open event Oct 25 00:45:12 gateway mpd: [pptp0] CCP: state change Initial --> Starting Oct 25 00:45:12 gateway mpd: [pptp0] CCP: LayerStart Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Up event Oct 25 00:45:12 gateway mpd: [pptp0] CCP: state change Starting --> Req-Sent Oct 25 00:45:12 gateway mpd: [pptp0] CCP: SendConfigReq #8 Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 40 bits are enabled -> yes Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 56 bits are enabled -> no Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 128 bits are enabled -> yes Oct 25 00:45:12 gateway mpd: MPPC Oct 25 00:45:12 gateway mpd: 0x01000060: MPPE, 40 bit, 128 bit, stateless Oct 25 00:45:12 gateway mpd: [pptp0] CCP: rec'd Configure Request #4 link 0 (Req-Sent) Oct 25 00:45:12 gateway mpd: MPPC Oct 25 00:45:12 gateway mpd: 0x010000e1: MPPC MPPE, 40 bit, 56 bit, 128 bit, stateless Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 40 bits are acceptable -> yes Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 56 bits are acceptable -> no Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 128 bits are acceptable -> yes Oct 25 00:45:12 gateway mpd: [pptp0] CCP: SendConfigNak #4 Oct 25 00:45:12 gateway mpd: MPPC Oct 25 00:45:12 gateway mpd: 0x01000040: MPPE, 128 bit, stateless Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: rec'd Configure Request #5 link 0 (Req-Sent) Oct 25 00:45:12 gateway mpd: IPADDR 0.0.0.0 Oct 25 00:45:12 gateway mpd: NAKing with 192.168.0.41 Oct 25 00:45:12 gateway mpd: PRIDNS 0.0.0.0 Oct 25 00:45:12 gateway mpd: PRINBNS 0.0.0.0 Oct 25 00:45:12 gateway mpd: SECDNS 0.0.0.0 Oct 25 00:45:12 gateway mpd: SECNBNS 0.0.0.0 Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: SendConfigRej #5 Oct 25 00:45:12 gateway mpd: PRIDNS 0.0.0.0 Oct 25 00:45:12 gateway mpd: PRINBNS 0.0.0.0 Oct 25 00:45:12 gateway mpd: SECDNS 0.0.0.0 Oct 25 00:45:12 gateway mpd: SECNBNS 0.0.0.0 Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: rec'd Configure Reject #8 link 0 (Req-Sent) Oct 25 00:45:12 gateway mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: SendConfigReq #9 Oct 25 00:45:12 gateway mpd: IPADDR 192.168.0.1 Oct 25 00:45:12 gateway mpd: [pptp0] CCP: rec'd Configure Nak #8 link 0 (Req-Sent) Oct 25 00:45:12 gateway mpd: MPPC Oct 25 00:45:12 gateway mpd: 0x01000040: MPPE, 128 bit, stateless Oct 25 00:45:12 gateway mpd: [pptp0] CCP: SendConfigReq #9 Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 40 bits are enabled -> no Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 56 bits are enabled -> no Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 128 bits are enabled -> yes Oct 25 00:45:12 gateway mpd: MPPC Oct 25 00:45:12 gateway mpd: 0x01000040: MPPE, 128 bit, stateless Oct 25 00:45:12 gateway mpd: [pptp0] CCP: rec'd Configure Request #6 link 0 (Req-Sent) Oct 25 00:45:12 gateway mpd: MPPC Oct 25 00:45:12 gateway mpd: 0x01000040: MPPE, 128 bit, stateless Oct 25 00:45:12 gateway mpd: [pptp0] CCP: Checking whether 128 bits are acceptable -> yes Oct 25 00:45:12 gateway mpd: [pptp0] CCP: SendConfigAck #6 Oct 25 00:45:12 gateway mpd: MPPC Oct 25 00:45:12 gateway mpd: 0x01000040: MPPE, 128 bit, stateless Oct 25 00:45:12 gateway mpd: [pptp0] CCP: state change Req-Sent --> Ack-Sent Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: rec'd Configure Request #7 link 0 (Req-Sent) Oct 25 00:45:12 gateway mpd: IPADDR 0.0.0.0 Oct 25 00:45:12 gateway mpd: NAKing with 192.168.0.41 Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: SendConfigNak #7 Oct 25 00:45:12 gateway mpd: IPADDR 192.168.0.41 Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: rec'd Configure Ack #9 link 0 (Req-Sent) Oct 25 00:45:12 gateway mpd: IPADDR 192.168.0.1 Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: state change Req-Sent --> Ack-Rcvd Oct 25 00:45:12 gateway mpd: [pptp0] CCP: rec'd Configure Ack #9 link 0 (Ack-Sent) Oct 25 00:45:12 gateway mpd: MPPC Oct 25 00:45:12 gateway mpd: 0x01000040: MPPE, 128 bit, stateless Oct 25 00:45:12 gateway mpd: [pptp0] CCP: state change Ack-Sent --> Opened Oct 25 00:45:12 gateway mpd: [pptp0] CCP: LayerUp Oct 25 00:45:12 gateway mpd: Compress using: MPPE, 128 bit, stateless Oct 25 00:45:12 gateway mpd: Decompress using: MPPE, 128 bit, stateless Oct 25 00:45:12 gateway mpd: [pptp0] setting interface ng0 MTU to 1296 bytes Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: rec'd Configure Request #8 link 0 (Ack-Rcvd) Oct 25 00:45:12 gateway mpd: IPADDR 192.168.0.41 Oct 25 00:45:12 gateway mpd: 192.168.0.41 is OK Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: SendConfigAck #8 Oct 25 00:45:12 gateway mpd: IPADDR 192.168.0.41 Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: state change Ack-Rcvd --> Opened Oct 25 00:45:12 gateway mpd: [pptp0] IPCP: LayerUp Oct 25 00:45:12 gateway mpd: 192.168.0.1 -> 192.168.0.41 Oct 25 00:45:12 gateway mpd: [pptp0] IFACE: Up event Oct 25 00:45:12 gateway mpd: [pptp0] setting interface ng0 MTU to 1296 bytes Oct 25 00:45:12 gateway mpd: [pptp0] exec: /sbin/ifconfig ng0 192.168.0.1 192.168.0.41 netmask 0xffffffff -link0 Oct 25 00:45:12 gateway mpd: [pptp0] exec: /usr/sbin/arp -s 192.168.0.41 0:11:95:5c:5c:75 pub Oct 25 00:45:12 gateway mpd: [pptp0] exec: /sbin/route add 192.168.0.1 -iface lo0 Oct 25 00:45:12 gateway mpd: [pptp0] IFACE: Up event Oct 25 00:45:14 gateway mpd: [pptp0] CCP: rec'd Configure Request #9 link 0 (Opened) Oct 25 00:45:14 gateway mpd: MPPC Oct 25 00:45:14 gateway mpd: 0x01000040: MPPE, 128 bit, stateless Oct 25 00:45:14 gateway mpd: [pptp0] CCP: Checking whether 128 bits are acceptable -> yes Oct 25 00:45:14 gateway mpd: [pptp0] CCP: LayerDown Oct 25 00:45:14 gateway mpd: [pptp0] CCP: SendConfigReq #10 Oct 25 00:45:14 gateway mpd: [pptp0] CCP: Checking whether 40 bits are enabled -> no Oct 25 00:45:14 gateway mpd: [pptp0] CCP: Checking whether 56 bits are enabled -> no Oct 25 00:45:14 gateway mpd: [pptp0] CCP: Checking whether 128 bits are enabled -> yes Oct 25 00:45:14 gateway mpd: MPPC Oct 25 00:45:14 gateway mpd: 0x01000040: MPPE, 128 bit, stateless Oct 25 00:45:14 gateway mpd: [pptp0] CCP: SendConfigAck #9 Oct 25 00:45:14 gateway mpd: MPPC Oct 25 00:45:14 gateway mpd: 0x01000040: MPPE, 128 bit, stateless Oct 25 00:45:14 gateway mpd: [pptp0] CCP: state change Opened --> Ack-Sent Oct 25 00:45:14 gateway mpd: [pptp0] CCP: rec'd Configure Ack #10 link 0 (Ack-Sent) Oct 25 00:45:14 gateway mpd: MPPC Oct 25 00:45:14 gateway mpd: 0x01000040: MPPE, 128 bit, stateless Oct 25 00:45:14 gateway mpd: [pptp0] CCP: state change Ack-Sent --> Opened Oct 25 00:45:14 gateway mpd: [pptp0] CCP: LayerUp Oct 25 00:45:14 gateway mpd: Compress using: MPPE, 128 bit, stateless Oct 25 00:45:14 gateway mpd: Decompress using: MPPE, 128 bit, stateless Oct 25 00:45:14 gateway mpd: [pptp0] setting interface ng0 MTU to 1296 bytes 4) ipconfig /all Настройка протокола IP для Windows Имя компьютера . . . . . . . . . : Osiris Основной DNS-суффикс . . . . . . : Тип узла. . . . . . . . . . . . . : неизвестный IP-маршрутизация включена . . . . : нет WINS-прокси включен . . . . . . . : нет homeuser - Ethernet адаптер: DNS-суффикс этого подключения . . : Описание . . . . . . . . . . . . : 3Com Gigabit LOM (3C940) Физический адрес. . . . . . . . . : 00-0E-A6-16-B0-63 Dhcp включен. . . . . . . . . . . : нет IP-адрес . . . . . . . . . . . . : 192.168.0.101 Маска подсети . . . . . . . . . . : 255.255.255.0 Основной шлюз . . . . . . . . . . : 192.168.0.100 DNS-серверы . . . . . . . . . . . : 84.242.4.101 84.242.2.10 NetBIOS через TCP/IP. . . . . . . : отключен VPN - PPP адаптер: DNS-суффикс этого подключения . . : Описание . . . . . . . . . . . . : WAN (PPP/SLIP) Interface Физический адрес. . . . . . . . . : 00-53-45-00-00-00 Dhcp включен. . . . . . . . . . . : нет IP-адрес . . . . . . . . . . . . : 192.168.0.41 Маска подсети . . . . . . . . . . : 255.255.255.255 Основной шлюз . . . . . . . . . . : 192.168.0.41 5) route print =========================================================================== Список интерфейсов 0x1 ........................... MS TCP Loopback interface 0x10003 ...00 0e a6 16 b0 63 ...... 3Com Gigabit LOM (3C940) 0x1c0004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface =========================================================================== =========================================================================== Активные маршруты: Сетевой адрес Маска сети Адрес шлюза Интерфейс Метрика 0.0.0.0 0.0.0.0 192.168.0.41 192.168.0.41 1 0.0.0.0 0.0.0.0 192.168.0.100 192.168.0.101 21 80.70.230.87 255.255.255.255 192.168.0.100 192.168.0.101 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.0.0 255.255.255.0 192.168.0.101 192.168.0.101 20 192.168.0.41 255.255.255.255 127.0.0.1 127.0.0.1 50 192.168.0.101 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.0.255 255.255.255.255 192.168.0.41 192.168.0.41 50 192.168.0.255 255.255.255.255 192.168.0.101 192.168.0.101 20 224.0.0.0 240.0.0.0 192.168.0.101 192.168.0.101 20 224.0.0.0 240.0.0.0 192.168.0.41 192.168.0.41 1 255.255.255.255 255.255.255.255 192.168.0.41 192.168.0.41 1 255.255.255.255 255.255.255.255 192.168.0.101 192.168.0.101 1 Основной шлюз: 192.168.0.41 =========================================================================== Постоянные маршруты: Отсутствует 6) tcpdump -i ng0 во время пинга с клиентской машины НИЧЕГО не выводит. 7) IP-шники прятать смысла нет, уже засветил в первом посте, а форум не дал отредактировать, сказал, что можно только в течение 30 минут после публикации. :) Так что, вот он - конфиг Огненно Стены :) # Loopback exec = /sbin/ipfw -f flush exec = /sbin/ipfw add 100 allow all from any to any via lo0 exec = /sbin/ipfw add 110 deny ip from any to 127.0.0.0/8 exec = /sbin/ipfw add 120 deny ip from 127.0.0.0/8 to any # Nat exec = /sbin/ipfw add 200 divert natd all from any to any via rl1 # Netbios & mysql exec = /sbin/ipfw add 300 deny tcp from any to any 135-139 via rl1 exec = /sbin/ipfw add 301 deny tcp from any 135-139 to any exec = /sbin/ipfw add 310 deny tcp from any to any 3306 via rl1 exec = /sbin/ipfw add 311 deny tcp from any 3306 to any via rl1 # Internal SSH exec = /sbin/ipfw add 400 allow all from any to 192.168.0.1 22 exec = /sbin/ipfw add 401 allow all from 192.168.0.1 22 to any # External SSH exec = /sbin/ipfw add 500 allow all from any to 80.70.230.87 22 exec = /sbin/ipfw add 501 allow all from 80.70.230.87 22 to any # VPN exec = /sbin/ipfw add 600 allow tcp from any to 80.70.230.87 1723 exec = /sbin/ipfw add 601 allow tcp from 80.70.230.87 1723 to any exec = /sbin/ipfw add 602 allow gre from any to any exec = /sbin/ipfw add 603 allow all from any to any via ng0 exec = /sbin/ipfw add 604 allow all from any to any via ng1 exec = /sbin/ipfw add 605 allow icmp from any to any # Server gateway exec = /sbin/ipfw add 1010 allow ip from 192.168.0.1 to any exec = /sbin/ipfw add 1011 allow ip from any to 192.168.0.1 via rl1 exec = /sbin/ipfw add 1012 allow ip from any to 192.168.0.1 via rl0 exec = /sbin/ipfw add 1013 allow ip from 80.70.230.87 to any # USER 1 exec = /sbin/ipfw add 1020 allow ip from 192.168.0.2 to any exec = /sbin/ipfw add 1021 allow ip from any to 192.168.0.2 via rl1 exec = /sbin/ipfw add 1022 allow ip from any to 192.168.0.2 via rl0 # ... Далее еще с 30 подобных записей, отличающихся только IPшниками # VPN exec = /sbin/ipfw add 1410 allow ip from 192.168.0.41 to any exec = /sbin/ipfw add 1411 allow ip from any to 192.168.0.41 via rl1 exec = /sbin/ipfw add 1412 allow ip from any to 192.168.0.41 via rl0

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру