Привет Всем
Есть # uname -a
FreeBSD nas1 7.1-RELEASE-p3 amd64
На нем стоит pf-nat для НАТА и ipfw для ограничения скорости, mpd5.2. Все было хорошо, но сейчас пользователи не могут поиграть по сети, так как по какой-то причине соединение не происходит. Если поставить Его как шлюз, то так же не работает тот же КС онлайн. Так что проблема в pf natНА клиентском соеденении (клиент - впн сервер)
nas1# tcpdump -n -ing72 host cs4.hotpoint.org.ua
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ng72, link-type NULL (BSD loopback), capture size 96 bytes
17:56:32.823661 IP 10.200.254.21.27005 > 213.169.71.173.27015: UDP, length 23
17:56:38.825972 IP 10.200.254.21.27005 > 213.169.71.173.27015: UDP, length 23
17:56:44.855313 IP 10.200.254.21.27005 > 213.169.71.173.27015: UDP, length 23
17:56:50.897638 IP 10.200.254.21.27005 > 213.169.71.173.27015: UDP, length 23
^C
4 packets captured
485 packets received by filter
0 packets dropped by kernel
Трафф на сервер идет
nas1# tcpdump -n -ivlan20 host cs4.hotpoint.org.ua
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vlan20, link-type EN10MB (Ethernet), capture size 96 bytes
21:16:25.660462 IP 91.203.143.ХХХ.62180 > 213.169.71.173.27015: UDP, length 23
21:16:25.682948 IP 213.169.71.173.27015 > 91.203.143.ХХХ.62180: UDP, length 27
21:16:31.657390 IP 91.203.143.ХХХ.62180 > 213.169.71.173.27015: UDP, length 23
21:16:31.680387 IP 213.169.71.173.27015 > 91.203.143.ХХХ.62180: UDP, length 27
21:16:37.656497 IP 91.203.143.ХХХ.62180 > 213.169.71.173.27015: UDP, length 23
21:16:37.673141 IP 213.169.71.173.27015 > 91.203.143.ХХХ.62180: UDP, length 27
21:16:43.666777 IP 91.203.143.ХХХ.62180 > 213.169.71.173.27015: UDP, length 23
21:16:43.686519 IP 213.169.71.173.27015 > 91.203.143.ХХХ.62180: UDP, length 27
^C
8 packets captured
331051 packets received by filter
0 packets dropped by kernel
nas1# cat pf.conf|grep -v #
ext_if="vlan20"
ext_if2="em0"
int_if="vr0"
table <local> { !192.168.0.0/16, !172.16.0.0/12, !10.0.0.0/8 }
table <inat> { 10.200.24.6 }
table <ext_ip> { 172.19.19.2,192.168.1.2 }
scrub in
set skip on lo0
nat on $ext_if from <inat> -> {$ext_if:0}
pass all
nas1# ipfw show
00001 1 73 deny ip from not 10.0.0.0/8 to me dst-port 3306,1812,1813
00002 60745 3118328 deny ip from not 10.0.0.0/8 to me dst-port 1723
00003 0 0 deny ip from not 10.0.0.0/8 to me dst-port 5005
00004 86 4284 deny ip from any to 192.168.0.0/18
00005 28 1492 deny ip from any to 192.168.0.0/16
00006 280034 25068985 deny ip from any to any dst-port 137-141
00007 121216 8800085 allow icmp from any to any
00011 0 0 pipe 11 ip from not 10.0.0.0/8 to table(11) in
00011 0 0 pipe 11 ip from table(11) to not 10.0.0.0/8 out
00012 0 0 pipe 12 ip from not 10.0.0.0/8 to table(12) in
00012 0 0 pipe 12 ip from table(12) to not 10.0.0.0/8 out
00013 0 0 pipe 13 ip from not 10.0.0.0/8 to table(13) in
00013 0 0 pipe 13 ip from table(13) to not 10.0.0.0/8 out
00014 0 0 pipe 14 ip from not 10.0.0.0/8 to table(14) in
00014 0 0 pipe 14 ip from table(14) to not 10.0.0.0/8 out
00015 539496 671724574 pipe 15 ip from not 10.0.0.0/8 to table(15) in
00015 368345 53393119 pipe 15 ip from table(15) to not 10.0.0.0/8 out
00016 9996659 10163340739 pipe 16 ip from not 10.0.0.0/8 to table(16) in
00016 8759833 3224872714 pipe 16 ip from table(16) to not 10.0.0.0/8 out
00017 0 0 pipe 17 ip from not 10.0.0.0/8 to table(17) in
00017 0 0 pipe 17 ip from table(17) to not 10.0.0.0/8 out
00018 1032708 1063799760 pipe 18 ip from not 10.0.0.0/8 to table(18) in
00018 923562 400876557 pipe 18 ip from table(18) to not 10.0.0.0/8 out
00019 0 0 pipe 19 ip from not 10.0.0.0/8 to table(19) in
00019 0 0 pipe 19 ip from table(19) to not 10.0.0.0/8 out
00020 2344 2938589 pipe 20 ip from not 10.0.0.0/8 to table(20) in
00020 1517 156136 pipe 20 ip from table(20) to not 10.0.0.0/8 out
00021 302928 397126297 pipe 21 ip from not 10.0.0.0/8 to table(21) in
00021 196115 12773305 pipe 21 ip from table(21) to not 10.0.0.0/8 out
00022 0 0 pipe 22 ip from not 10.0.0.0/8 to table(22) in
00022 0 0 pipe 22 ip from table(22) to not 10.0.0.0/8 out
00023 0 0 pipe 23 ip from not 10.0.0.0/8 to table(23) in
00023 0 0 pipe 23 ip from table(23) to not 10.0.0.0/8 out
00024 42200989 37883506219 pipe 24 ip from not 10.0.0.0/8 to table(24) in
00024 40257628 19176112715 pipe 24 ip from table(24) to not 10.0.0.0/8 out
00025 6148449 6720238513 pipe 25 ip from not 10.0.0.0/8 to table(25) in
00025 4912818 2047435767 pipe 25 ip from table(25) to not 10.0.0.0/8 out
65535 240774772 167792033666 allow ip from any to any