salut,
Daca loghez via ipfw tot traficul (gen add 50 log ip from any to any),
vad pachetele care ies prin tun0 si nu vad "raspunsul" pentru ele.
Asta cu ppp -nat.
Cu natd e ca si cum as opri interfata aia spre net, nu mai iese / intra
nimic prin ea.
ar fi interesant de stiut ce se intampla daca ai schimba ipfw-ul sa
fie default=open. asta presupunand ca il ai default=deny.
vei gasi mai jos un check list care sper sa fie cat de cat complet:
1. legat de kernel
1.1 PPPoE
options NETGRAPH
options NETGRAPH_ETHER
options NETGRAPH_SOCKET
options NETGRAPH_PPPOE
1.2 IPFW si NATD
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPDIVERT
2. setari rc.conf
gateway_enable="YES"
ifconfig_fxp0="up mtu 1492"
ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="NO"
firewall_enable="YES"
firewall_script="/etc/ipfw.conf"
firewall_logging="YES"
firewall_type="OPEN"
natd_program="/sbin/natd"
natd_enable="YES"
natd_interface="tun0"
natd_flags="-dynamic -f /etc/natd.conf"
3. reguli ipfw
#!/bin/sh
ipfw add 10 divert natd all from any to any via tun0
ipfw add allow ip from any to any via lo0
ipfw add allow ip from any to any via xl0
# conexiuni din lan in afara
ipfw add allow tcp from any to any out xmit tun0 setup
ipfw add allow tcp from any to any via tun0 established
ipfw add allow log tcp from any to any 22 setup
ipfw add deny log tcp from any to any 0-1000 in recv tun0 setup
# deny all
ipfw add denylog ip from any to any
4. natd.conf
unregistered_only yes
same_ports yes
5. ppp.conf
# cat /etc/ppp/ppp.conf
set device PPPoE:fxp0
set MTU 1492
set MRU 1492
set dial
set crtscts off
set speed sync
accept lqr
disable deflate
disable pred1
disable vjcomp
disable acfcomp
disable protocomp
set log Phase Chat LCP IPCP CCP Warning Error Alert tun command
#end default
# test:
set login
set authname XXXXXXXX
set authkey XXXXXXX
add default HISADDR
numai bine,
nicolae arghezi
________________________________________________________
To unsubscribe send a mail to [EMAIL PROTECTED]
