Последние ответы: HIT

Биллинговая система Nodeny

23 Ноября 2024, 10:37:03

Добро пожаловать, Гость. Пожалуйста, войдите или зарегистрируйтесь.
Вам не пришло письмо с кодом активации?

Новости: Прекращена поддержка версии Nodeny 49

Поиск

Войти

Регистрация

Просмотр сообщений
Страниц: [1]

1	Главная категория / Nodeny 49 / Не шейпится входящая скорость.	: 22 Мая 2010, 02:29:39
Исходящая при этом шейпится. Цитировать # ipfw show 00050 317 23444 allow tcp from any to me dst-port 22 00051 292 45884 allow tcp from me 22 to any 00100 0 0 deny tcp from any to any dst-port 445 00110 1160 116448 allow ip from any to any via lo0 00120 30 1957 skipto 1000 ip from me to any 00130 0 0 deny icmp from any to any in icmptypes 5,9,13,14,15,16,17 00140 0 0 deny ip from any to table(120) 00150 0 0 deny ip from table(120) to any 00160 1056 170891 skipto 2000 ip from any to me 00200 2363 881615 skipto 500 ip from any to any via re0 00300 2901 971917 skipto 4500 ip from any to any in 00400 0 0 skipto 450 ip from any to any recv re0 00420 0 0 divert 1 ip from any to any 00450 0 0 divert 2 ip from any to any 00490 0 0 allow ip from any to any 00500 7 777 skipto 32500 ip from any to any in 00510 2356 880838 divert 1 ip from any to any 00540 2343 880100 allow ip from any to any 01000 18 1186 allow udp from any 53,7723 to any 01010 0 0 allow tcp from any to any setup keep-state 01020 24 5196 allow udp from any to any keep-state 01100 0 0 allow ip from any to any 02000 0 0 check-state 02010 0 0 allow icmp from any to any 02020 0 0 allow tcp from any to any dst-port 80,443 02050 1026 165669 deny ip from any to any via re0 02060 18 797 allow udp from any to any dst-port 53,7723 02100 0 0 deny ip from any to any 05000 485 55398 deny ip from not table(0) to any 05001 0 0 skipto 5010 ip from table(127) to table(126) 05002 2335 906766 skipto 5030 ip from any to not table(2) 05003 0 0 deny ip from any to not table(1) 05004 0 0 pipe tablearg ip from table(21) to any 05005 0 0 deny ip from any to any 05010 0 0 pipe tablearg ip from table(127) to any 05030 0 0 deny tcp from table(15) to any dst-port 25 05400 2335 906766 pipe tablearg ip from table(11) to any 32000 0 0 deny ip from any to any 32490 8 731 deny ip from any to any 33000 0 0 pipe tablearg ip from table(126) to table(127) 33001 6 666 skipto 33010 ip from not table(2) to any 33002 0 0 pipe tablearg ip from any to table(20) 33003 0 0 deny ip from any to any 33400 0 0 pipe tablearg ip from any to table(10) 65535 7 777 deny ip from any to any Цитировать # ipfw pipe show 01004: 512.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail burst: 0 Byte 00001: unlimited 0 ms 50 sl. 0 queues (1 buckets) droptail burst: 0 Byte 01008: 512.000 Kbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail burst: 0 Byte mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 tcp 1.2.1.2/1319 74.125.87.105/80 2754 971313 0 0 33 Цитировать # ipfw table 11 list 1.2.1.2/32 1008 1.2.1.15/32 1004 nodeny 49.33 freebsd 8.0

2	Главная категория / Nodeny 49 / Re: Nodeny Не пускает авторизованных пользователей в глобальную сеть!	: 26 Февраля 2010, 07:57:59
Цитата: VitalVas от 26 Февраля 2010, 00:58:04 Цитата: Efendy от 26 Февраля 2010, 00:38:10 tee - это дубликат пакета. я знаю. тогда когда я делал под себя фаер, то заюзал tee. после последнього ребуту и запуска сателита в действее, через 5 часов ipcad сожрал 99% проца и памяти и сервак завис. Трафф считает причом на ура! Ммм ето вообще странно почему так тогда заработало! Подскажите теперь раз так работаек как сделать правильно(Чтоб не зависало!) PS глюков и зависаний не заметил ганяли серв по полной перегружали сколько могли!)

3	Главная категория / Nodeny 49 / Re: Nodeny Не пускает авторизованных пользователей в глобальную сеть!	: 25 Февраля 2010, 23:27:26
я так и делал Цитировать в мир не уходят, на внешнем интерфейсе тишина в /etc/rc.firewall заменил все divert на tee заработало! ipfw show Цитировать 00050 49 3000 allow tcp from any to me dst-port 22 00051 43 5812 allow tcp from me 22 to any 00100 0 0 deny tcp from any to any dst-port 445 00110 266 144204 allow ip from any to any via lo0 00120 575 52871 skipto 1000 ip from me to any 00130 5 340 deny icmp from any to any in icmptypes 5,9,13,14,15,16,17 00160 579 82654 skipto 2000 ip from any to me 00200 3646 2132390 skipto 500 ip from any to any via bge0 00300 1845 300082 skipto 4500 ip from any to any in 00400 1801 1832308 skipto 450 ip from any to any recv bge0 00420 0 0 tee 1 ip from any to any 00450 1801 1832308 tee 2 ip from any to any 00490 1801 1832308 allow ip from any to any 00500 1815 1833378 skipto 32500 ip from any to any in 00510 1831 299012 tee 1 ip from any to any 00540 1831 299012 allow ip from any to any 01000 148 23455 allow udp from any 53,7723 to any 01010 0 0 allow tcp from any to any setup keep-state 01020 587 81524 allow udp from any to any keep-state 01100 119 7136 allow ip from any to any 02000 0 0 check-state 02010 120 7254 allow icmp from any to any 02020 0 0 allow tcp from any to any dst-port 80,443 02030 0 0 allow gre from any to any 02050 11 5856 deny ip from any to any via bge0 02060 166 10190 allow udp from any to any dst-port 53,7723 02100 3 110 deny ip from any to any 05000 5 428 deny ip from not table(0) to any 05001 0 0 skipto 5010 ip from table(127) to table(126) 05002 1840 299654 skipto 5030 ip from any to not table(2) 05003 0 0 deny ip from any to not table(1) 05004 0 0 pipe tablearg ip from table(21) to any 05005 0 0 deny ip from any to any 05010 0 0 pipe tablearg ip from table(127) to any 05030 0 0 deny tcp from table(15) to any dst-port 25 05400 1840 299654 pipe tablearg ip from table(11) to any 32000 0 0 deny ip from any to any 32490 0 0 deny ip from any to any 33000 0 0 pipe tablearg ip from table(126) to table(127) 33001 1806 1832736 skipto 33010 ip from not table(2) to any 33002 0 0 pipe tablearg ip from any to table(20) 33003 9 642 deny ip from any to any 33400 1801 1832308 pipe tablearg ip from any to table(10) 65535 5 428 allow ip from any to any только вот странно, что в 420 правиле счетчик на нуле

4	Главная категория / Nodeny 49 / Re: Nodeny Не пускает авторизованных пользователей в глобальную сеть!	: 25 Февраля 2010, 18:47:42
Цитата: Efendy от 24 Февраля 2010, 17:18:26 В правила пакеты попадают? В мир уходят? (tcpdump) В мир уходят заначенными? (tcpdump) по всей видимости нет в мир не уходят, на внешнем интерфейсе тишина вот ipfw list с большим к-вом трафика Цитировать 00050 74 4068 allow tcp from any to me dst-port 22 00051 95 17576 allow tcp from me 22 to any 00100 0 0 deny tcp from any to any dst-port 445 00110 194 15664 allow ip from any to any via lo0 00120 0 0 skipto 1000 ip from me to any 00130 0 0 deny icmp from any to any in icmptypes 5,9,13,14,15,16,17 00160 0 0 skipto 2000 ip from any to me 00200 307 24806 skipto 500 ip from any to any via bge0 00300 307 24806 skipto 4500 ip from any to any in 00400 0 0 skipto 450 ip from any to any recv bge0 00420 0 0 divert 1 ip from any to any 00450 0 0 divert 2 ip from any to any 00490 0 0 allow ip from any to any 00500 166 16486 skipto 32500 ip from any to any in 00510 141 8320 divert 1 ip from any to any 00540 0 0 allow ip from any to any 01000 0 0 allow udp from any 53,7723 to any 01010 0 0 allow tcp from any to any setup keep-state 01010 0 0 allow ip from any to table(11) 01010 0 0 allow ip from table(11) to any 01020 0 0 allow udp from any to any keep-state 01100 0 0 allow ip from any to any 02000 0 0 check-state 02010 0 0 allow icmp from any to any 02020 0 0 allow tcp from any to any dst-port 80,443 02030 0 0 allow gre from any to any 02050 0 0 deny ip from any to any via bge0 02060 0 0 allow udp from any to any dst-port 53,7723 02100 0 0 deny ip from any to any 05000 147 15044 deny ip from not table(0) to any 05001 0 0 skipto 5010 ip from table(127) to table(126) 05002 160 9762 skipto 5030 ip from any to not table(2) 05003 0 0 deny ip from any to not table(1) 05004 0 0 pipe tablearg ip from table(21) to any 05005 0 0 deny ip from any to any 05010 0 0 pipe tablearg ip from table(127) to any 05030 0 0 deny tcp from table(15) to any dst-port 25 05400 160 9762 pipe tablearg ip from table(11) to any 10101 0 0 allow ip from any to table(11) 32000 0 0 deny ip from any to any 32490 0 0 deny ip from any to any 33000 0 0 pipe tablearg ip from table(126) to table(127) 33001 147 15044 skipto 33010 ip from not table(2) to any 33002 0 0 pipe tablearg ip from any to table(20) 33400 0 0 pipe tablearg ip from any to table(10) 65535 166 16486 allow ip from any to any

5	Главная категория / Nodeny 49 / Re: Nodeny Не пускает авторизованных пользователей в глобальную сеть!	: 24 Февраля 2010, 12:30:14
не работает, но в таблицах 10, 11 записи есть

6	Главная категория / Nodeny 49 / Re: Nodeny Не пускает авторизованных пользователей в глобальную сеть!	: 24 Февраля 2010, 11:57:42
сорь протупил, я просто перезапустил фаирволл, а нофаир не успел создать правила (утро, не проснулся еще видимо)) вот ipfw list Цитировать 00050 7 332 allow tcp from any to me dst-port 22 00051 8 784 allow tcp from me 22 to any 00100 0 0 deny tcp from any to any dst-port 445 00110 60 3752 allow ip from any to any via lo0 00120 0 0 skipto 1000 ip from me to any 00130 0 0 deny icmp from any to any in icmptypes 5,9,13,14,15,16,17 00140 0 0 deny ip from any to table(120) 00150 0 0 deny ip from table(120) to any 00160 0 0 skipto 2000 ip from any to me 00200 6 502 skipto 500 ip from any to any via bge0 00300 6 502 skipto 4500 ip from any to any in 00400 0 0 skipto 450 ip from any to any recv bge0 00420 0 0 divert 1 ip from any to any 00450 0 0 divert 2 ip from any to any 00490 0 0 allow ip from any to any 00500 6 502 skipto 32500 ip from any to any in 00510 0 0 divert 1 ip from any to any 00540 0 0 allow ip from any to any 01000 0 0 allow udp from any 53,7723 to any 01010 0 0 allow tcp from any to any setup keep-state 01020 0 0 allow udp from any to any keep-state 01100 0 0 allow ip from any to any 02000 0 0 check-state 02010 0 0 allow icmp from any to any 02020 0 0 allow tcp from any to any dst-port 80,443 02030 0 0 allow gre from any to any 02050 0 0 deny ip from any to any via bge0 02060 0 0 allow udp from any to any dst-port 53,7723 02100 0 0 deny ip from any to any 05000 2 200 deny ip from not table(0) to any 05001 0 0 skipto 5010 ip from table(127) to table(126) 05002 4 302 skipto 5030 ip from any to not table(2) 05003 0 0 deny ip from any to not table(1) 05004 0 0 pipe tablearg ip from table(21) to any 05005 0 0 deny ip from any to any 05010 0 0 pipe tablearg ip from table(127) to any 05030 0 0 deny tcp from table(15) to any dst-port 25 05400 4 302 pipe tablearg ip from table(11) to any 32000 0 0 deny ip from any to any 32490 0 0 deny ip from any to any 33000 0 0 pipe tablearg ip from table(126) to table(127) 33001 2 200 skipto 33010 ip from not table(2) to any 33002 0 0 pipe tablearg ip from any to table(20) 33003 4 302 deny ip from any to any 33400 0 0 pipe tablearg ip from any to table(10) 65535 2 200 allow ip from any to any

7	Главная категория / Nodeny 49 / Re: Nodeny Не пускает авторизованных пользователей в глобальную сеть!	: 24 Февраля 2010, 11:07:23
Цитировать 00050 7 332 allow tcp from any to me dst-port 22 00051 9 876 allow tcp from me 22 to any 00100 0 0 deny tcp from any to any dst-port 445 00110 68 4168 allow ip from any to any via lo0 00120 0 0 skipto 1000 ip from me to any 00130 0 0 deny icmp from any to any in icmptypes 5,9,13,14,15,16,17 00140 0 0 deny ip from any to table(120) 00150 0 0 deny ip from table(120) to any 00160 0 0 skipto 2000 ip from any to me 00200 1 68 skipto 500 ip from any to any via bge0 00300 1 68 skipto 4500 ip from any to any in 00400 0 0 skipto 450 ip from any to any recv bge0 00420 0 0 divert 1 ip from any to any 00450 0 0 divert 2 ip from any to any 00490 0 0 allow ip from any to any 00500 1 68 skipto 32500 ip from any to any in 00510 0 0 divert 1 ip from any to any 00540 0 0 allow ip from any to any 01000 0 0 allow udp from any 53,7723 to any 01010 0 0 allow tcp from any to any setup keep-state 01020 0 0 allow udp from any to any keep-state 01100 0 0 allow ip from any to any 02000 0 0 check-state 02010 0 0 allow icmp from any to any 02020 0 0 allow tcp from any to any dst-port 80,443 02030 0 0 allow gre from any to any 02050 0 0 deny ip from any to any via bge0 02060 0 0 allow udp from any to any dst-port 53,7723 02100 0 0 deny ip from any to any 32490 1 68 deny ip from any to any 65535 1 68 allow ip from any to any

8	Главная категория / Nodeny 49 / Re: Nodeny Не пускает авторизованных пользователей в глобальную сеть!	: 24 Февраля 2010, 06:40:50
ipfw show Цитировать 00040 0 0 allow ip from any to table(10) 00041 127196 7825658 allow ip from table(10) to any 00050 58 6052 allow tcp from any to me dst-port 22 00051 49 6848 allow tcp from me 22 to any 00100 3 144 deny tcp from any to any dst-port 445 00110 320 29982 allow ip from any to any via lo0 00120 80 4602 skipto 1000 ip from me to any 00130 0 0 deny icmp from any to any in icmptypes 5,9,13,14,15,16,17 00140 478 13384 deny ip from any to table(120) 00150 0 0 deny ip from table(120) to any 00160 136 11084 skipto 2000 ip from any to me 00200 7423 698055 skipto 500 ip from any to any via bge0 00300 7435 698715 skipto 4500 ip from any to any in 00400 0 0 skipto 450 ip from any to any recv bge0 00420 0 0 divert 1 ip from any to any 00450 0 0 divert 2 ip from any to any 00490 0 0 allow ip from any to any 00500 7423 698055 skipto 32500 ip from any to any in 00510 0 0 divert 1 ip from any to any 00540 0 0 allow ip from any to any 01000 0 0 allow udp from any 53,7723 to any 01010 0 0 allow tcp from any to any setup keep-state 01020 40 3950 allow udp from any to any keep-state 01100 60 3384 allow ip from any to any 02000 0 0 check-state 02010 5 304 allow icmp from any to any 02020 0 0 allow tcp from any to any dst-port 80,443 02030 0 0 allow gre from any to any 02050 17 4643 deny ip from any to any via bge0 02060 55 1975 allow udp from any to any dst-port 53,7723 02100 39 1430 deny ip from any to any 05000 7428 698331 deny ip from not table(0) to any 05001 0 0 skipto 5010 ip from table(127) to table(126) 05002 0 0 skipto 5030 ip from any to not table(2) 05003 0 0 deny ip from any to not table(1) 05004 0 0 pipe tablearg ip from table(21) to any 05005 0 0 deny ip from any to any 05010 0 0 pipe tablearg ip from table(127) to any 05030 0 0 deny tcp from table(15) to any dst-port 25 05400 0 0 pipe tablearg ip from table(11) to any 32000 0 0 deny ip from any to any 32490 7 384 deny ip from any to any 33000 0 0 pipe tablearg ip from table(126) to table(127) 33001 7423 698055 skipto 33010 ip from not table(2) to any 33002 0 0 pipe tablearg ip from any to table(20) 33003 0 0 deny ip from any to any 33400 0 0 pipe tablearg ip from any to table(10) 65535 7423 698055 allow ip from any to any вот так он выглядит!

9	Главная категория / Nodeny 49 / Re: Nodeny Не пускает авторизованных пользовател	: 23 Февраля 2010, 18:43:19
Та же проблема FreeBSD 8.0 /etc/rc.firewall Цитировать #!/bin/sh - f='/sbin/ipfw' ifOut='bge0' # Сети, в/из которых трафик блокируем ${f} table 120 flush ${f} table 120 add 224.0.0.0/4 #${f} table 120 add 192.168.0.0/16 #${f} table 120 add 172.16.0.0/12 ${f} -f flush #${f} add 40 accept ip from any to "table(10)" #${f} add 41 accept ip from "table(10)" to any ${f} add 50 allow tcp from any to me 22 ${f} add 51 allow tcp from me 22 to any ${f} add 100 deny tcp from any to any 445 ${f} add 110 allow ip from any to any via lo0 ${f} add 120 skipto 1000 ip from me to any ${f} add 130 deny icmp from any to any in icmptype 5,9,13,14,15,16,17 ${f} add 140 deny ip from any to "table(120)" ${f} add 150 deny ip from "table(120)" to any ${f} add 160 skipto 2000 ip from any to me ${f} add 200 skipto 500 ip from any to any via ${ifOut} ${f} add 300 skipto 4500 ip from any to any in ${f} add 400 skipto 450 ip from any to any recv ${ifOut} ${f} add 420 divert 1 ip from any to any ${f} add 450 divert 2 ip from any to any ${f} add 490 allow ip from any to any ${f} add 500 skipto 32500 ip from any to any in ${f} add 510 divert 1 ip from any to any ${f} add 540 allow ip from any to any ${f} add 1000 allow udp from any 53,7723 to any ${f} add 1010 allow tcp from any to any setup keep-state ${f} add 1020 allow udp from any to any keep-state ${f} add 1100 allow ip from any to any ${f} add 2000 check-state ${f} add 2010 allow icmp from any to any ${f} add 2020 allow tcp from any to any 80,443 ${f} add 2030 allow gre from any to any ${f} add 2050 deny ip from any to any via ${ifOut} ${f} add 2060 allow udp from any to any 53,7723 ${f} add 2100 deny ip from any to any ${f} add 32490 deny ip from any to any #${f} add 40 accept ip from any to "table(10)" #${f} add 41 accept ip from "table(10)" to any при раскоментировании инет начинает работать, только не шейпится. ipfw table 10 list Цитировать 172.16.1.77/32 1008 172.16.1.90/32 1004 ipfw table 1 list Цитировать 172.16.1.77/32 0 172.16.1.90/32 0 ipfw table 2 list Цитировать 172.16.1.77/32 0 172.16.1.79/32 0 172.16.1.90/32 0 конфиг ядра Цитировать # # GENERIC -- Generic kernel configuration file for FreeBSD/i386 # # For more information on this file, please read the config(5) manual page, # and/or the handbook section on Kernel Configuration Files: # # http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the # FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the # latest information. # # An exhaustive list of options and more detailed explanations of the # device lines is also present in the ../../conf/NOTES and NOTES files. # If you are in doubt as to the purpose or necessity of a line, check first # in NOTES. # # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.519.2.4.2.2 2009/11/09 23:48:01 kensmith Exp $ #cpu I486_CPU #cpu I586_CPU cpu I686_CPU ident HITlan4 # To statically compile in device wiring instead of /boot/device.hints #hints "GENERIC.hints" # Default places to look for devices. # Use the following to compile in values accessible to the kernel # through getenv() (or kenv(1) in userland). The format of the file # is 'variable=value', see kenv(1) # # env "GENERIC.env" #makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols options SCHED_ULE # ULE scheduler options PREEMPTION # Enable kernel thread preemption options INET # InterNETworking options INET6 # IPv6 communications protocols options SCTP # Stream Control Transmission Protocol options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists options UFS_DIRHASH # Improve performance on big directories options UFS_GJOURNAL # Enable gjournal-based UFS journaling options MD_ROOT # MD is a potential root device options NFSCLIENT # Network Filesystem Client options NFSSERVER # Network Filesystem Server options NFSLOCKD # Network Lock Manager options NFS_ROOT # NFS usable as /, requires NFSCLIENT options MSDOSFS # MSDOS Filesystem options CD9660 # ISO 9660 Filesystem options PROCFS # Process filesystem (requires PSEUDOFS) options PSEUDOFS # Pseudo-filesystem framework options GEOM_PART_GPT # GUID Partition Tables. options GEOM_LABEL # Provides labelization options COMPAT_43TTY # BSD 4.3 TTY compat (sgtty) options COMPAT_FREEBSD4 # Compatible with FreeBSD4 options COMPAT_FREEBSD5 # Compatible with FreeBSD5 options COMPAT_FREEBSD6 # Compatible with FreeBSD6 options COMPAT_FREEBSD7 # Compatible with FreeBSD7 options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI options KTRACE # ktrace(1) support options STACK # stack(9) support options SYSVSHM # SYSV-style shared memory options SYSVMSG # SYSV-style message queues options SYSVSEM # SYSV-style semaphores options P1003_1B_SEMAPHORES # POSIX-style semaphores options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed. options KBD_INSTALL_CDEV # install a CDEV entry in /dev options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing options MAC # TrustedBSD MAC Framework options FLOWTABLE # per-cpu routing cache #options KDTRACE_HOOKS # Kernel DTrace hooks options IPFIREWALL options IPDIVERT options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100 options IPFIREWALL_FORWARD options DUMMYNET options IPFILTER_LOG options ALTQ options ALTQ_CBQ options ALTQ_RED options ALTQ_RIO options ALTQ_HFSC options ALTQ_PRIQ options ALTQ_NOPCC # To make an SMP kernel, the next two lines are needed options SMP # Symmetric MultiProcessor Kernel device apic # I/O APIC device pf ... ps -x \| grep perl Цитировать 990 ?? S< 0:03.18 perl nol2auth.pl (perl5.10.1) 991 ?? S< 0:00.89 perl noserver.pl (perl5.10.1) 1380 ?? S< 0:02.74 perl nodeny.pl (perl5.10.1) 2980 1 S+ 0:00.00 grep perl sysctl -a \| grep net.inet.ip.fw Цитировать net.inet.ip.fw.dyn_keepalive: 1 net.inet.ip.fw.dyn_short_lifetime: 5 net.inet.ip.fw.dyn_udp_lifetime: 10 net.inet.ip.fw.dyn_rst_lifetime: 1 net.inet.ip.fw.dyn_fin_lifetime: 1 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_ack_lifetime: 300 net.inet.ip.fw.static_count: 33 net.inet.ip.fw.dyn_max: 4096 net.inet.ip.fw.dyn_count: 0 net.inet.ip.fw.curr_dyn_buckets: 256 net.inet.ip.fw.dyn_buckets: 256 net.inet.ip.fw.default_to_accept: 1 net.inet.ip.fw.tables_max: 128 net.inet.ip.fw.default_rule: 65535 net.inet.ip.fw.verbose_limit: 100 net.inet.ip.fw.verbose: 1 net.inet.ip.fw.one_pass: 1 net.inet.ip.fw.autoinc_step: 100 net.inet.ip.fw.enable: 1 ipfw pipe list Цитировать 01005: 512.000 Kbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail burst: 0 Byte mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 icmp 172.16.1.90/0 193.109.164.1/0 171 10206 0 0 0 01004: 512.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail burst: 0 Byte 00001: unlimited 0 ms 50 sl. 0 queues (1 buckets) droptail burst: 0 Byte 01008: 8.192 Mbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail burst: 0 Byte ifconfig Цитировать bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> ether 00:13:21:f2:74:c5 inet 192.168.33.80 netmask 0xffffff00 broadcast 192.168.33.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active bge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> ether 00:13:21:f2:74:c4 inet 172.16.1.1 netmask 0xffff0000 broadcast 172.16.1.255 media: Ethernet autoselect (100baseTX <full-duplex>) status: active lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 конфиг ipcadа Цитировать capture-ports enable; interface divert port 1 netflow-disable; interface divert port 2 netflow-disable; rsh enable at 127.0.0.1; rsh root@127.0.0.1 admin; rsh ttl = 3; rsh timeout = 30; dumpfile = ipcad.dump; chroot = /tmp; memory_limit = 50m; в нетстате порты 1,2 слушаются /etc/pf.conf Цитировать set limit states 128000 set optimization aggressive nat pass on bge0 from 172.16.0.0/16 to any -> bge0 ипкад запущен rsh 127.0.0.1 show ip accounting Цитировать Source Destination Packets Bytes SrcPt DstPt Proto IF 78.84.185.196 172.16.1.90 2 92 37598 48897 6 2 92.113.26.119 172.16.1.90 3 120 52566 48868 6 2 79.126.28.156 172.16.1.90 5 268 20805 49138 6 2 91.124.134.38 172.16.1.90 9 514 18553 48863 6 2 Accounting data age is 0 Accounting data age exact 30 Accounting data saved 1266951554 Interface 2: received ??, 5 m average 2 bytes/sec, 0 pkts/sec, dropped ?? Interface 1: received ??, 5 m average 0 bytes/sec, 0 pkts/sec, dropped ?? Flow entries made: 4 Memory usage: 0% (448 from 52428800) Free slots for rsh clients: 9 IPCAD uptime is 1:28 core-gw uptime is 1:28 прозьба помочь!

Страниц: [1]

Powered by SMF 1.1.20 | SMF © 2006-2009, Simple Machines