Linux-Bulgaria.ORG
навигация

 

начало

пощенски списък

архив на групата

семинари ...

документи

как да ...

 

 

Предишно писмо Следващо писмо Предишно по тема Следващо по тема По Дата По тема (thread)

Re: lug-bg: homelan.bg & freebsd router


  • Subject: Re: lug-bg: homelan.bg & freebsd router
  • From: Dimitar Tomow <the.real.maniac@xxxxxxxxx>
  • Date: Sun, 26 Jun 2005 14:23:54 +0300
  • Delivered-to: lug-bg-list@xxxxxxxxxxxxxxxxxx
  • Delivered-to: lug-bg@xxxxxxxxxxxxxxxxxx

Peter wrote:

Здравейте,
Опитвам се да подкарам FreeBSD router, който да изпозлва връзка на Хоумлан, но за сега без успех.

Конфигурации:

Router:

FreeBSD 5.4
Pub interface: fxp0
private ineterface: rl0
PPPoE interface: tun0

Client:

Laptop - Windows XP Pro

Без проблеми подкарах, PPPoE връзка под FreeBSD, също без проблеми се свързвам от Уиндоуса към рутера по SSH. Опитах със PPP_NAT и със NATD - но без успех да накарам NAT-a да заработи.

Като слушам с tcpdump na tun0 вижда странни неша от типа:

12:51:33.240233 IP rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain] 12:51:33.241378 IP mail.data.bg.domain > unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain] 12:51:33.242773 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg: icmp 36: time exceeded in-transit 12:51:33.243076 IP unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time exceeded in-transit

Ето и ipfw правилата:

f# ipfw list
00002 allow ip from any to any via rl0
00003 allow ip from any to any via lo0
00100 divert 8668 ip from any to any in via tun0
00101 check-state
00120 skipto 500 udp from any to 195.149.255.139 dst-port 53 out via tun0 keep-s tate 00121 skipto 500 udp from any to 195.149.248.177 dst-port 53 out via tun0 keep-s tate
00125 skipto 500 tcp from any to any via tun0 setup keep-state
00130 skipto 500 icmp from any to any out via tun0 keep-state
00400 allow udp from 195.149.248.177 to any in keep-state
00420 allow tcp from any to me dst-port 80 in via tun0 setup limit src-addr 1
00500 divert 8668 ip from any to any out via tun0
00510 allow ip from any to any
65535 deny ip from any to any

От това по отворено не мога да си го представя.


Етои мрежовата конфигурация:

f# ifconfig
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       options=8<VLAN_MTU>
       inet6 fe80::20a:e4ff:fe41:adea%fxp0 prefixlen 64 scopeid 0x1
       ether xx:xx:xx:xx:xx
       media: Ethernet autoselect (100baseTX <full-duplex>)
       status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       options=8<VLAN_MTU>
       inet 10.30.12.1 netmask 0xffffff00 broadcast 10.30.12.255
       inet6 fe80::2c0:26ff:fe79:7d98%rl0 prefixlen 64 scopeid 0x2
       ether 00:c0:26:79:7d:98
       media: Ethernet autoselect (100baseTX <full-duplex>)
       status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
       inet 127.0.0.1 netmask 0xff000000
       inet6 ::1 prefixlen 128
       inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
       inet 83.97.XX.XXX --> 195.149.255.142 netmask 0xffffff00
       Opened by PID 195

Routing table:

f# netstat -r
Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default            rtr3-lulin.data.bg UGS         0      168   tun0
10.30.12/24        link#2             UC          0        0    rl0
10.30.12.3 00:0a:e4:41:ae:0b UHLW 0 108 rl0 1091
localhost          localhost          UH          0        0    lo0
rtr3-lulin.data.bg unknown            UH          1       36   tun0


f# cat /etc/rc.conf

# -- sysinstall generated deltas -- # Wed Jun 15 23:11:25 2005
# Created: Wed Jun 15 23:11:25 2005
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
#REMOVED: ifconfig_fxp0="inet 192.168.0.35  netmask 255.255.255.0"
#REMOVED: usbd_enable="YES"
#defaultrouter="192.168.0.1"
gateway_enable="YES"
hostname="bivol.ddns.homelan.bg"
ifconfig_fxp0="inet 192.168.x.xx  netmask 255.255.255.0"
ifconfig_rl0="inet 10.30.12.1 netmask 255.255.255.0"
linux_enable="YES"
sshd_enable="YES"
usbd_enable="NO"
ppp_enable="YES"
ppp_mode="ddial"
#ppp_nat="YES"
ppp_profile="hl1"
firewall_enable="YES"
firewall_type="open"
natd_enable="YES"
natd_interface="tun0"
natd_flags="-dynamic -m"


TCPDUMP:

12:51:26.240092 IP unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time exceeded in-transit 12:51:27.116457 IP rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.1066: 22679 NXDomain 0/1/0 (122) 12:51:27.117588 IP mail.data.bg.domain > unknown.ddns.HomeLan.BG.1066: 22679 NXDomain 0/1/0 (122) 12:51:27.118985 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg: icmp 36: time exceeded in-transit 12:51:27.119299 IP unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time exceeded in-transit 12:51:27.233741 IP unknown.ddns.HomeLan.BG.1065 > rtr-lulin.data.bg.domain: 42640+ A? newsrss.bbc.co.uk. (35) 12:51:27.238243 IP rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain] 12:51:27.239554 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg: icmp 36: time exceeded in-transit 12:51:29.234803 IP unknown.ddns.HomeLan.BG.1065 > rtr-lulin.data.bg.domain: 42640+ A? newsrss.bbc.co.uk. (35) 12:51:29.235163 IP unknown.ddns.HomeLan.BG.1065 > mail.data.bg.domain: 42640+ A? newsrss.bbc.co.uk. (35) 12:51:29.243392 IP rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain] 12:51:29.244190 IP mail.data.bg.domain > unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain] 12:51:29.245603 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg: icmp 36: time exceeded in-transit 12:51:29.245905 IP unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time exceeded in-transit 12:51:33.235947 IP unknown.ddns.HomeLan.BG.1065 > rtr-lulin.data.bg.domain: 42640+ A? newsrss.bbc.co.uk. (35) 12:51:33.237839 IP unknown.ddns.HomeLan.BG.1065 > mail.data.bg.domain: 42640+ A? newsrss.bbc.co.uk. (35) 12:51:33.240233 IP rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain] 12:51:33.241378 IP mail.data.bg.domain > unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain] 12:51:33.242773 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg: icmp 36: time exceeded in-transit 12:51:33.243076 IP unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time exceeded in-transit
^C
79 packets captured
79 packets received by filter
0 packets dropped by kernel
f# tcpdump -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type NULL (BSD loopback), capture size 96 bytes
12:53:45.129486 IP unknown.ddns.HomeLan.BG.1066 > rtr-lulin.data.bg.domain: 39058+ A? it.slashdot.org. (33) 12:53:45.129854 IP unknown.ddns.HomeLan.BG.1066 > mail.data.bg.domain: 39058+ A? it.slashdot.org. (33) 12:53:45.135620 IP rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.1066: 39058 1/5/5 A star.slashdot.org (238) 12:53:45.136805 IP mail.data.bg.domain > unknown.ddns.HomeLan.BG.1066: 39058 1/5/5 A star.slashdot.org (238) 12:53:45.139168 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg: icmp 36: time exceeded in-transit 12:53:45.139502 IP unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time exceeded in-transit 12:53:45.321043 IP unknown.ddns.HomeLan.BG.51985 > rtr-lulin.data.bg.domain: 44355+ PTR? 139.255.149.195.in-addr.arpa. (46) 12:53:45.325618 IP rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.51985: 44355 1/7/11 PTR[|domain] 12:53:45.330726 IP unknown.ddns.HomeLan.BG.50079 > rtr-lulin.data.bg.domain: 44356+ PTR? 141.31.97.83.in-addr.arpa. (43) 12:53:45.337158 IP rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.50079: 44356 1/2/2 (177) 12:53:45.341953 IP unknown.ddns.HomeLan.BG.54720 > rtr-lulin.data.bg.domain: 44357+ PTR? 177.248.149.195.in-addr.arpa. (46) 12:53:45.346612 IP rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.54720: 44357 1/3/3 PTR[|domain] 12:53:45.351294 IP unknown.ddns.HomeLan.BG.65222 > rtr-lulin.data.bg.domain: 44358+ PTR? 151.250.35.66.in-addr.arpa. (44) 12:53:45.710193 IP rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.65222: 44358 2/2/2[|domain] 12:54:01.087425 IP unknown.ddns.HomeLan.BG.1066 > rtr-lulin.data.bg.domain: 12946+ A? it.slashdot.org. (33) 12:54:01.092699 IP rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.1066: 12946 1/5/5 A star.slashdot.org (238) 12:54:01.094003 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg: icmp 36: time exceeded in-transit 12:54:02.087348 IP unknown.ddns.HomeLan.BG.1066 > mail.data.bg.domain: 12946+ A? it.slashdot.org. (33) 12:54:02.092405 IP mail.data.bg.domain > unknown.ddns.HomeLan.BG.1066: 12946 1/5/5 A star.slashdot.org (238) 12:54:02.093743 IP unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time exceeded in-transit 12:54:03.087550 IP unknown.ddns.HomeLan.BG.1066 > rtr-lulin.data.bg.domain: 12946+ A? it.slashdot.org. (33) 12:54:03.092805 IP rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.1066: 12946 1/5/5 A star.slashdot.org (238) 12:54:03.094087 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg: icmp 36: time exceeded in-transit

Надявам се някой да помогне.

Мерси предварително.

Поздрави,

Петър

Не съм ползвал FreeBSD не съм хич запознат с инструментите , програмите , които ползва за изграждане на маршрути , защитини стени , етц. По същество, просто исках да ти кажа ,че Homelan ползват намаляване на TTL и ttl=1 , т.е стигне ли твоята машина и дотук с маршрута. С Линукс ядрото нещата са ясни -> Netfilter + PoM (ttl target support) и готово --ttl-set 128 примерно и т.н.

Може това да те бърка ;) Успе ! :)



 

наши приятели

 

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

 

 

Linux-Bulgaria.ORG

Mailing list messages are © Copyright their authors.