Jarve# netstat -i rl1
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
rl0 1500 <Link#1> 00:30:84:9e:91:60 5225201 0 4098026 0 0
rl0 1500 217.0.0/8 217-159-130-139 1693993 - 4105870 - -
rl0 1500 fe80:1::230 fe80:1::230:84ff: 0 - 0 - -
rl0 1500 192.168.2 192.168.2.100 4900 - 398 - -
rl1 1500 <Link#2> 00:30:84:9e:7c:ee 2787865 0 3308479 0 0
rl1 1500 192.168.1 Jarve 30768 - 12349 - -
rl1 1500 fe80:2::230 fe80:2::230:84ff: 0 - 0 - -
lp0* 1500 <Link#3> 0 0 0 0 0
lo0 16384 <Link#4> 200 0 200 0 0
lo0 16384 ::1 ::1 0 - 0 - -
lo0 16384 fe80:4::1 fe80:4::1 0 - 0 - -
lo0 16384 your-net localhost 0 - 0 - -
ppp0* 1500 <Link#5> 0 0 0 0 0
sl0* 552 <Link#6> 0 0 0 0 0
faith 1500 <Link#7> 0 0 0 0 0
Не понял, какой шнурок? от сервера к свичу что-ли?
firewall:
fwcmd='/sbin/ipfw -q'
ipfw='/sbin/ipfw -q'
#SIMPLE FIREWALL
ipfw -f flush
setup_loopback ()
############
# Only in rare cases do you want to change these rules
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
# set these to your outside interface network and netmask and ip
oif="rl0"
onet="192.168.2.0"
omask="255.255.255.0"
oip="192.168.2.10"
# set these to your inside interface network and netmask and ip
#1podsetj######################
iif1="rl1"
inet1="192.168.1.0"
imask1="255.255.255.0"
iip1="192.168.1.1"
#################################################################
####otkrivaem adresa#############################################
#1podsetj########################################################
ipfw add 10 allow ip from 192.168.1.10 to any via rl0 #5-18
ipfw add 10 allow ip from any to 192.168.1.10 via rl0
ipfw add 11 allow ip from 192.168.1.11 to any via rl0
ipfw add 11 allow ip from any to 192.168.1.11 via rl0
#i td
ipfw add 95 deny ip from 192.168.1.0/24 to any via rl0
ipfw add 96 deny ip from any to 192.168.1.0/24 via rl0
ipfw add 97 allow all from any to 217.159.130.139
#########################################################
#########################################################
#rezem traffik nahren
#dlja 1 podsetki
ipfw pipe 10 config mask dst-ip 0x000000ff bw 1500000 queue 100
ipfw add 2 pipe 10 ip from 192.168.2.100 to 192.168.1.1/24 via rl1
ipfw add 3 pipe 10 ip from 192.168.1.1/24 to 192.168.2.100 via rl1
ipfw pipe 11 config mask dst-ip 0x000000ff bw 240000 queue 100
ipfw add 103 pipe 11 ip from any to 192.168.1.1/24 via rl1
ipfw add 104 pipe 11 ip from 192.168.1.1/24 to any via rl1
###########################################
ipfw add 1 divert natd all from any to any via rl0
#ipfw add 400 check-state
#ipfw add 500 deny icmp from any to any in icmptype 5,9,13,14,15,16,17
#ipfw add 510 reject ip from ${inet1} to any in via ${oif}
# Stop spoofing
#1
${fwcmd} add 540 deny all from ${inet1}:${imask1} to any in via ${oif}
${fwcmd} add 550 deny all from ${onet}:${omask} to any in via ${iif1}
# Stop RFC1918 nets on the outside interface
${fwcmd} add 580 deny all from any to 10.0.0.0/8 via ${oif}
${fwcmd} add 590 deny all from any to 172.16.0.0/12 via ${oif}
${fwcmd} add 601 deny all from 192.168.1.1/24 to me via ${oif}
# Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
# DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
# on the outside interface
${fwcmd} add 605 deny all from any to 0.0.0.0/8 via ${oif}
${fwcmd} add 610 deny all from any to 169.254.0.0/16 via ${oif}
#${fwcmd} add 620 deny all from any to 192.168.0.2/24 via ${oif}
${fwcmd} add 630 deny tcp from any to me telnet
ipfw add 640 allow ip from any to any via lo
ipfw add 650 allow tcp from me to any keep-state via ${oif}
ipfw add 660 allow icmp from any to any
ipfw add 670 allow udp from me to any domain keep-state
ipfw add 680 allow udp from any to me domain
ipfw add 690 allow ip from me to any
###############################################################################
ЯДРО
machine i386
#cpu I386_CPU
#cpu I486_CPU
cpu I586_CPU
#cpu I686_CPU
ident SERVER
maxusers 32
#makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols
options MATH_EMULATE #Support for x87 emulation
options INET #InterNETworking
options INET6 #IPv6 communications protocols
options FFS #Berkeley Fast Filesystem
options FFS_ROOT #FFS usable as root device [keep this!]
options SOFTUPDATES #Enable FFS soft updates support
options UFS_DIRHASH #Improve performance on big directories
options MFS #Memory Filesystem
options MD_ROOT #MD is a potential root device
options NFS #Network Filesystem
options NFS_ROOT #NFS usable as root device, NFS required
options MSDOSFS #MSDOS Filesystem
options CD9660 #ISO 9660 Filesystem
options CD9660_ROOT #CD-ROM usable as root, CD9660 required
options PROCFS #Process filesystem
options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!]
options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI
options UCONSOLE #Allow users to grab the console
options USERCONFIG #boot -c editor
options VISUAL_USERCONFIG #visual boot -c editor
options KTRACE #ktrace(1) support
options SYSVSHM #SYSV-style shared memory
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores
options P1003_1B #Posix P1003_1B real-time extensions
options _KPOSIX_PRIORITY_SCHEDULING
options ICMP_BANDLIM #Rate limit bad replies
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
# To make an SMP kernel, the next two are needed
#options SMP # Symmetric MultiProcessor Kernel
#options APIC_IO # Symmetric (APIC) I/O
# To support HyperThreading, HTT is needed in addition to SMP and APIC_IO
#options HTT # HyperThreading Technology
device isa
device eisa
device pci
# Floppy drives
device fdc0 at isa? port IO_FD1 irq 6 drq 2
device fd0 at fdc0 drive 0
device fd1 at fdc0 drive 1
#
# If you have a Toshiba Libretto with its Y-E Data PCMCIA floppy,
# don't use the above line for fdc0 but the following one:
#device fdc0
# ATA and ATAPI devices
device ata0 at isa? port IO_WD1 irq 14
device ata1 at isa? port IO_WD2 irq 15
device ata
device atadisk # ATA disk drives
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
#device atapist # ATAPI tape drives
options ATA_STATIC_ID #Static device numbering
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc0 at isa? port IO_KBD
device atkbd0 at atkbdc? irq 1 flags 0x1
device psm0 at atkbdc? irq 12
device vga0 at isa?
# splash screen/screen saver
pseudo-device splash
# syscons is the default console driver, resembling an SCO console
device sc0 at isa? flags 0x100
# Enable this and PCVT_FREEBSD for pcvt vt220 compatible console driver
#device vt0 at isa?
#options XSERVER # support for X server on a vt console
#options FAT_CURSOR # start with block cursor
# If you have a ThinkPAD, uncomment this along with the rest of the PCVT lines
#options PCVT_SCANSET=2 # IBM keyboards are non-std
#device agp # support several AGP chipsets
# Floating point support - do not disable.
device npx0 at nexus? port IO_NPX irq 13
# Power management support (see LINT for more options)
device apm0 at nexus? disable flags 0x20 # Advanced Power Management
# PCCARD (PCMCIA) support
#device card
#device pcic0 at isa? irq 0 port 0x3e0 iomem 0xd0000
#device pcic1 at isa? irq 0 port 0x3e2 iomem 0xd4000 disable
# Serial (COM) ports
device sio0 at isa? port IO_COM1 flags 0x10 irq 4
device sio1 at isa? port IO_COM2 irq 3
# Parallel port
device ppc0 at isa? irq 7
device ppbus # Parallel port bus (required)
#device lpt # Printer
device plip # TCP/IP over parallel
device ppi # Parallel port interface device
#device vpo # Requires scbus and da
# PCI Ethernet NICs.
#device de # DEC/Intel DC21x4x (``Tulip'')
#device em # Intel PRO/1000 adapter Gigabit Ethernet Card (``Wiseman'')
#device txp # 3Com 3cR990 (``Typhoon'')
#device vx # 3Com 3c590, 3c595 (``Vortex'')
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
#device dc # DEC/Intel 21143 and various workalikes
#device fxp # Intel EtherExpress PRO/100B (82557, 82558)
#device pcn # AMD Am79C97x PCI 10/100 NICs
device rl # RealTek 8129/8139
#device sf # Adaptec AIC-6915 (``Starfire'')
#device sis # Silicon Integrated Systems SiS 900/SiS 7016
#device ste # Sundance ST201 (D-Link DFE-550TX)
#device tl # Texas Instruments ThunderLAN
#device tx # SMC EtherPower II (83c170 ``EPIC'')
#device vr # VIA Rhine, Rhine II
#device wb # Winbond W89C840F
#device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
#device bge # Broadcom BCM570x (``Tigon III'')
# ISA Ethernet NICs.
# 'device ed' requires 'device miibus'
#device ed0 at isa? disable port 0x280 irq 10 iomem 0xd8000
#device ex
#device ep
#device fe0 at isa? disable port 0x300
# Xircom Ethernet
#device xe
# PRISM I IEEE 802.11b wireless NIC.
#device awi
# WaveLAN/IEEE 802.11 wireless NICs. Note: the WaveLAN/IEEE really
# exists only as a PCMCIA device, so there is no ISA attachment needed
# and resources will always be dynamically assigned by the pccard code.
#device wi
# Aironet 4500/4800 802.11 wireless NICs. Note: the declaration below will
# work for PCMCIA and PCI cards, as well as ISA cards set to ISA PnP
# mode (the factory default). If you set the switches on your ISA
# card for a manually chosen I/O address and IRQ, you must specify
# those parameters here.
#device an
# The probe order of these is presently determined by i386/isa/isa_compat.c.
device ie0 at isa? disable port 0x300 irq 10 iomem 0xd0000
#device le0 at isa? disable port 0x300 irq 5 iomem 0xd0000
device lnc0 at isa? disable port 0x280 irq 10 drq 0
device cs0 at isa? disable port 0x300
device sn0 at isa? disable port 0x300 irq 10
# Pseudo devices - the number indicates how many units to allocate.
pseudo-device loop # Network loopback
pseudo-device ether # Ethernet support
pseudo-device sl 1 # Kernel SLIP
pseudo-device ppp 1 # Kernel PPP
pseudo-device tun # Packet tunnel.
pseudo-device pty # Pseudo-ttys (telnet etc)
pseudo-device md # Memory "disks"
pseudo-device gif # IPv6 and IPv4 tunneling
pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation)
# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device bpf #Berkeley packet filter
# USB support
#device uhci # UHCI PCI->USB interface
#device ohci # OHCI PCI->USB interface
#device usb # USB Bus (required)
#device ugen # Generic
#device uhid # "Human Interface Devices"
#device ukbd # Keyboard
#device ulpt # Printer
#device umass # Disks/Mass storage - Requires scbus and da
#device ums # Mouse
#device uscanner # Scanners
#device urio # Diamond Rio MP3 Player
# USB Ethernet, requires mii
#device aue # ADMtek USB ethernet
#device cue # CATC USB ethernet
#device kue # Kawasaki LSI USB ethernet
options IPFIREWALL
options IPDIVERT
options DUMMYNET
options HZ=100
а какие именно пременные ты имеешь ввиду, какие-то sysctl я менял... но вроде все по инструкции...
если есть конкретные соображения, насчет переменных скажи какие - я скажу тебе значения.....