forum.opennet.ru

Составление сообщения

Исходное сообщение

"Проблема с Bind 9.Не пингуются адреса интернета, не работает..."
Отправлено imperatorboxer, 01-Окт-08 17:11

>показывайте /etc/pf.conf
ext_if = "vlan0"
int_if_ren = "vr0"
#int_if_per = "vr1"
int_if_shp = "rl1"
int_if_uni = "vr1"
ext_ip = ""
int_ip_ren = "192.168.13.1"
int_ip_per = "{192.168.2.100, 192.168.4.100}"
int_ip_shp = "192.168.16.100"
int_ip_uni = "192.168.3.100"
uni_ip = "192.168.3.101"
adm_ip = "{192.168.13.77, 192.168.3.103}"
dns_hosts = "{212.1.94.3,212.1.94.54}"
icmp_types = "{0,3,8}"
ext_mail = "{smtp,pop3}"
ext_port = "{smtp}"
int_port = "{3128}"
ren_port = "{smtp,pop3,smtps,pop3s}"
adm_port = "{3724,3725,8128,8129,2370,21,4080,443,8080,7777,5999,30000,30001,2222,995,587}"
uni_port = "{smtp,pop3,smtps,pop3s}"
table <ext_ssh> {212.82.217.4}
table <local_ssh> {192.168.13.77}
set block-policy drop
set limit { states 20000, frags 20000 }
set optimization aggressive
set loginterface $ext_if
scrub in on $ext_if all
scrub in on $int_if_ren all no-df
#scrub in on $int_if_per all no-df
scrub in on $int_if_shp all no-df
scrub in on $int_if_uni all no-df
nat on $ext_if from $int_if_ren:network to any -> ($ext_if)
#nat on $ext_if from $int_if_per:network to any -> ($ext_if)
nat on $ext_if from $int_if_shp:network to any -> ($ext_if)
nat on $ext_if from $int_if_uni:network to any -> ($ext_if)
block log all
pass quick on lo0 all
antispoof quick for $ext_if inet
block in quick on $ext_if from any to 255.255.255.255
pass in  quick inet proto icmp all icmp-type $icmp_types keep state
pass out quick inet proto icmp all icmp-type $icmp_types keep state
pass in  on $ext_if inet proto tcp from any to $ext_if port smtp flags S/SA keep state
pass in  quick on $ext_if inet proto tcp from <ext_ssh> to $ext_if port ssh flags S/SA keep state
pass in  quick on $int_if_ren inet proto tcp from <local_ssh> to $int_if_ren port ssh flags S/SA keep state
pass in  on $int_if_ren inet proto tcp from $int_if_ren:network to $int_ip_ren port $int_port keep state
pass in  on $int_if_ren inet proto tcp from $int_if_ren:network to $int_ip_per port $int_port keep state
pass in  on $int_if_shp inet proto tcp from $int_if_shp:network to $int_ip_shp port $int_port keep state
pass in  on $int_if_uni inet proto tcp from $int_if_uni:network to $int_ip_uni port $int_port keep state
pass in  quick on $int_if_ren proto tcp from $int_if_ren:network to any port $ren_port keep state
pass in  quick on $int_if_ren proto tcp from $adm_ip             to any port $adm_port keep state
#pass in  quick on $int_if_per proto tcp from $int_if_per:network to any port $ext_mail keep state
pass in  quick on $int_if_shp proto tcp from $int_if_shp:network to any port $ext_mail keep state
pass in  quick on $int_if_uni proto tcp from $int_if_uni:network to any port $uni_port keep state
pass in  quick on $int_if_ren proto tcp from $uni_ip             to any port $uni_port keep state

pass out on $int_if_ren inet from any to $int_if_ren:network keep state
#pass out on $int_if_per inet from any to $int_if_per:network keep state
pass out on $int_if_shp inet from any to $int_if_shp:network keep state
pass out on $int_if_uni inet from any to $int_if_uni:network keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass in on $ext_if proto tcp from any to $ext_if port > 49151 keep state
pass out quick on $ext_if proto udp from any to $dns_hosts port domain keep state
pass out quick on $ext_if proto udp from any to any port ntp keep state

Исходное сообщение
"Проблема с Bind 9.Не пингуются адреса интернета, не работает..." Отправлено imperatorboxer, 01-Окт-08 17:11
>показывайте /etc/pf.conf ext_if = "vlan0" int_if_ren = "vr0" #int_if_per = "vr1" int_if_shp = "rl1" int_if_uni = "vr1" ext_ip = "" int_ip_ren = "192.168.13.1" int_ip_per = "{192.168.2.100, 192.168.4.100}" int_ip_shp = "192.168.16.100" int_ip_uni = "192.168.3.100" uni_ip = "192.168.3.101" adm_ip = "{192.168.13.77, 192.168.3.103}" dns_hosts = "{212.1.94.3,212.1.94.54}" icmp_types = "{0,3,8}" ext_mail = "{smtp,pop3}" ext_port = "{smtp}" int_port = "{3128}" ren_port = "{smtp,pop3,smtps,pop3s}" adm_port = "{3724,3725,8128,8129,2370,21,4080,443,8080,7777,5999,30000,30001,2222,995,587}" uni_port = "{smtp,pop3,smtps,pop3s}" table <ext_ssh> {212.82.217.4} table <local_ssh> {192.168.13.77} set block-policy drop set limit { states 20000, frags 20000 } set optimization aggressive set loginterface $ext_if scrub in on $ext_if all scrub in on $int_if_ren all no-df #scrub in on $int_if_per all no-df scrub in on $int_if_shp all no-df scrub in on $int_if_uni all no-df nat on $ext_if from $int_if_ren:network to any -> ($ext_if) #nat on $ext_if from $int_if_per:network to any -> ($ext_if) nat on $ext_if from $int_if_shp:network to any -> ($ext_if) nat on $ext_if from $int_if_uni:network to any -> ($ext_if) block log all pass quick on lo0 all antispoof quick for $ext_if inet block in quick on $ext_if from any to 255.255.255.255 pass in quick inet proto icmp all icmp-type $icmp_types keep state pass out quick inet proto icmp all icmp-type $icmp_types keep state pass in on $ext_if inet proto tcp from any to $ext_if port smtp flags S/SA keep state pass in quick on $ext_if inet proto tcp from <ext_ssh> to $ext_if port ssh flags S/SA keep state pass in quick on $int_if_ren inet proto tcp from <local_ssh> to $int_if_ren port ssh flags S/SA keep state pass in on $int_if_ren inet proto tcp from $int_if_ren:network to $int_ip_ren port $int_port keep state pass in on $int_if_ren inet proto tcp from $int_if_ren:network to $int_ip_per port $int_port keep state pass in on $int_if_shp inet proto tcp from $int_if_shp:network to $int_ip_shp port $int_port keep state pass in on $int_if_uni inet proto tcp from $int_if_uni:network to $int_ip_uni port $int_port keep state pass in quick on $int_if_ren proto tcp from $int_if_ren:network to any port $ren_port keep state pass in quick on $int_if_ren proto tcp from $adm_ip to any port $adm_port keep state #pass in quick on $int_if_per proto tcp from $int_if_per:network to any port $ext_mail keep state pass in quick on $int_if_shp proto tcp from $int_if_shp:network to any port $ext_mail keep state pass in quick on $int_if_uni proto tcp from $int_if_uni:network to any port $uni_port keep state pass in quick on $int_if_ren proto tcp from $uni_ip to any port $uni_port keep state pass out on $int_if_ren inet from any to $int_if_ren:network keep state #pass out on $int_if_per inet from any to $int_if_per:network keep state pass out on $int_if_shp inet from any to $int_if_shp:network keep state pass out on $int_if_uni inet from any to $int_if_uni:network keep state pass out on $ext_if proto tcp all modulate state flags S/SA pass in on $ext_if proto tcp from any to $ext_if port > 49151 keep state pass out quick on $ext_if proto udp from any to $dns_hosts port domain keep state pass out quick on $ext_if proto udp from any to any port ntp keep state

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру