Добрый день!У меня проблема такова :
Есть FreeBSD 7.0,
стоит две сетевых
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:1e:c9:f7:56:30
inet 192.168.1.55 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
bge1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:1e:c9:f7:56:31
inet 192.168.5.3 netmask 0xffffff00 broadcast 192.168.5.255
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet 127.0.0.1 netmask 0xff000000
на второю карточку FreeBSD с ІР 192.168.5.3 заходит нет от циски!
bge1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:1e:c9:f7:56:31
inet 192.168.5.3 netmask 0xffffff00 broadcast 192.168.5.255
IP Циски 192.168.5.10
вот /etc/rc.conf
###########################################################################
defaultrouter="192.168.5.10"
hostname="хххххххххх"
ifconfig_bge0="inet 192.168.1.55 netmask 255.255.255.0"
ifconfig_bge1="inet 192.168.5.3 netmask 255.255.255.0"
###########################################################################
gateway_enable="YES"
inetd_enable="YES"
keymap="ua.koi8-u"
linux_enable="YES"
moused_enable="YES"
sshd_enable="YES"
##############################-samba-#####################################
samba_enable="YES"
###############################-DNS-######################################
named_enable="YES"
named_flage="-u bind -g bind"
rpcbind_enable="YES"
nisdomainname="NO"
###############################-IPFW-#####################################
firewall_enable="YES"
firewall_type="/etc/rc.firewall"
firewall_logging="YES"
natd_enable="YES"
natd_interface="bge0"
natd_flags=" -u -m "
############################-time server-#################################
ntpd_enable=YES
###############################-mail-#####################################
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
##########################- VPN for windows -#############################
pptpd_enable="YES"
################################-www-#####################################
apache22_enable="YES"
#############################-monitoring-#################################
ntop_enable="YES"
ntop_flags="@/usr/local/etc/ntop/ntop.conf"
##########################- probros portov -#############################
rinetd_enable="YES"
Конфиг /etc/resolv.conf
# cat /etc/resolv.conf
domain ххххххххх
nameserver 127.0.0.1
nameserver 123.123.123.123
Конфиг /etc/rc.firewall
# cat /etc/rc.firewall
#!/bin/sh
#FwCMD="/sbin/ipfw -q " #
LanOut="bge0" #
NetOut="192.168.1.0" #
IpOut="192.168.1.55" #
LanIn="bge1" #
NetIn="192.168.5.0/24" #
ip_lan="192.168.5" #
# Sbros vseh pravil
${FwCMD} -f flush
# sbros pipe
${FwCMD} -f pipe flush
# sbros ocheredi
${FwCMD} -f queue flush
# razreshaem vse po vnutrennemu interfeysu
#${FwCMD} add allow ip from any to any via lo0
# zapreschaem localhostu lazit
${FwCMD} add deny ip from any to 127.0.0.0/8
${FwCMD} add deny ip from 127.0.0.0/8 to any
# NAT
${FwCMD} add divert natd ip from any to any via ${LanOut}
#${FwCMD} add divert natd ip from any to ${IpOut} in via ${LanOut}
###########################-VPN i-net to lan-#################################
#${FwCMD} add allow tcp from any to me 1723
#${FwCMD} add allow tcp from me 1723 to any
#${FwCMD} add allow gre from any to any
#${FwCMD} add allow ip from any to any via tun0
# ping
${FwCMD} add allow icmp from any to any icmptypes 0,8,11
# vnutrenniy trafik na vnutrennem interfeyse
${FwCMD} add allow ip from any to ${NetIn} in via ${LanIn}
${FwCMD} add allow ip from ${NetIn} to any out via ${LanIn}
# razreshaem suschstv. soedineniya
${FwCMD} add allow tcp from any to any established
# DNS
${FwCMD} add allow udp from any to ${IpOut} 53 in via ${LanOut}
${FwCMD} add allow udp from ${IpOut} 53 to any out via ${LanOut}
${FwCMD} add allow udp from any 53 to ${IpOut} in via ${LanOut}
${FwCMD} add allow udp from ${IpOut} to any 53 out via ${LanOut}
# time-123
${FwCMD} add allow udp from any to any 123 via ${LanOut}
${FwCMD} add allow udp from any 123 to any via ${LanOut}
# DNS
${FwCMD} add pass udp from any to any 53
${FwCMD} add pass udp from any 53 to any
# SSH
${FwCMD} add allow tcp from any to any 22
${FwCMD} add allow tcp from any 22 to any
# ntop
${FwCMD} add allow tcp from me 3000,161 to any
${FwCMD} add allow udp from me 161 to any
# RDP windows
${FwCMD} add allow tcp from any to any 3389
${FwCMD} add allow tcp from any 3389 to any
${FwCMD} add allow tcp from any to any 3390
${FwCMD} add allow tcp from any 3390 to any
#razreshaem vse
${FwCMD} add allow log ip from any to any
Вот /etc/namedb/named.conf
# cat /etc/namedb/named.conf
// $FreeBSD: src/etc/namedb/named.conf,v 1.21.2.1 2005/09/10 08:27:27 dougb Exp $
//
// Refer to the named.conf(5) and named(8) man pages, and the documentation
// in /usr/share/doc/bind9 for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works. Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.options {
directory "/etc/namedb";
listen-on { 192.168.5.3; localhost; };
allow-transfer { none; };
allow-query { 192.168.5/24; localhost; };
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
forward first;
forwarders { 123.123.123.123; };
version "Windows XP home edition :)";
query-source address * port 53;
};
//////////////////////////////////////////////////////////////////////////////// /////////
zone "." {
type hint;
file "named.root";
};
zone "localhost" {
type master;
file "master/localhost";
allow-transfer { 127.0.0.1; };
allow-query { 127.0.0.1; 192.168.5/24; };
};
zone "0.0.127.in-addr.arpa" {
type master;
file "master/localhost.rev";
allow-transfer { 127.0.0.1; };
allow-query { 127.0.0.1; 192.168.5/24; };
};
//////////////////////////////////////////////////////////////////////////////// /////////
#zone "хххххххх" {
# type master;
# file "master/ххххххх";
# allow-transfer { none; };
#};
#
#zone "5.168.192.in-addr.arpa" {
# type master;
# file "master/хххххххх.rev";
# allow-transfer { none; };
#};
//////////////////////////////////////////////////////////////////////////////// /////////
logging {
channel update_debug {
file "/var/log/named-update.log";
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/named-auth.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category update { update_debug; };
category security { security_info; };
};
У меня комп имеет IP 192.168.1.53
В настройках подключения я поставил
шлюз 192.168.1.55
ДНС 192.168.1.55
НО НЕТА НЕТ! но ІР адреса статические пингуються. А сайты НЕТ
А когда я ставлю вот так
шлюз 192.168.1.55
ДНС 123.123.123.123 - ДНС провайдера (123.123.123.123 - взят для примера)
то тогда нет есть!
Подскажите где я ошибся!
Или как решить проблему ?
[i]Спасибо![/i]