[freebsd] Re: [freebsd] natd не натит

Anton Sayetsky Mon, 08 Dec 2014 05:18:03 -0800

Мне нужно, дабы пакеты из сети 172.17.5.0/24 натились на адрес
172.31.249.1 и отправлялись дальше в сеть 192.168.137.0/24. Т.е.
приходит из tun1, натится на один из адресов lo1, идёт дальше по
таблице маршрутизации.


2014-12-08 15:07 GMT+02:00 Anton Sayetsky <[email protected]>:
> Приветствую, коллеги.
>
> Имеется сабж с natd. Выхлоп демона и конфиги:
> root@vpnc:~# natd -f /etc/natd.conf -v
> natd[5339]: Aliasing to 172.31.249.1, mtu 16384 bytes
> In  {default}[ICMP] [ICMP] 172.17.5.4 -> 192.168.137.51 8(0) aliased to
>            [ICMP] 172.17.5.4 -> 192.168.137.51 8(0)
> In  {default}[ICMP] [ICMP] 172.17.5.4 -> 192.168.137.51 8(0) aliased to
>            [ICMP] 172.17.5.4 -> 192.168.137.51 8(0)
> In  {default}[ICMP] [ICMP] 172.17.5.4 -> 192.168.137.51 8(0) aliased to
>            [ICMP] 172.17.5.4 -> 192.168.137.51 8(0)
> In  {default}[ICMP] [ICMP] 172.17.5.4 -> 192.168.137.51 8(0) aliased to
>            [ICMP] 172.17.5.4 -> 192.168.137.51 8(0)
> In  {default}[ICMP] [ICMP] 172.17.5.4 -> 192.168.137.51 8(0) aliased to
>            [ICMP] 172.17.5.4 -> 192.168.137.51 8(0)
> In  {default}[ICMP] [ICMP] 172.17.5.4 -> 192.168.137.51 8(0) aliased to
>            [ICMP] 172.17.5.4 -> 192.168.137.51 8(0)
> In  {default}[ICMP] [ICMP] 172.17.5.4 -> 192.168.137.51 8(0) aliased to
>            [ICMP] 172.17.5.4 -> 192.168.137.51 8(0)
>
> 00010  1856  661896 allow ip from any to any via lo0 // allow local traffic
> 00020     0       0 deny ip from any to 127.0.0.0/8
> 00030     0       0 deny ip from 127.0.0.0/8 to any
> 00040     0       0 deny ip from any to ::1
> 00050     0       0 deny ip from ::1 to any
> 00060     0       0 deny ip from table(1) to any // fail2ban
> 00070     0       0 deny ip from any to table(1)
> 00080     0       0 deny ip from table(2) to any // blocked clients
> 00090     0       0 deny ip from any to table(2)
> 00100     0       0 deny ip from any to 0.0.0.0/8 // block source net
> 00110     0       0 deny ip from 0.0.0.0/8 to any
> 00120     0       0 deny ip from table(3) to any // block reserved networks
> 00130     0       0 deny ip from any to table(3)
> 00140 30318 3971601 reass ip4 from any to any in
> 00150     0       0 deny log ip4 from any to any frag in
> 00155   100    8400 divert 7777 ip from any to any via tun1
> 65534 54914 7634273 allow log ip from any to any
> 65535     0       0 deny ip from any to any
>
> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>         options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
>         inet 172.31.249.1 netmask 0xffffff00
>         inet 172.31.249.2 netmask 0xffffffff
>         inet 172.31.249.3 netmask 0xffffffff
>         nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>
> root@vpnc:~# cat /etc/natd.conf
> #
>
> log
> #deny_incoming
> log_denied
> same_ports
>
> instance default
> port 7777
> interface lo1
>
> ЧЯДНТ?

[freebsd] Re: [freebsd] natd не натит

Ответить