URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID1
Нить номер: 90463
[ Назад ]

Исходное сообщение
"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено rt1975 , 02-Дек-10 17:00

Помогите разобраться плз. Есть проблема с шлюзом (между офисной сетью и интернет) - время от времени отваливается клиент-банк и другие сервисы. Помогает перезагрузка сервера. Уже снял все ограничения, но проблема сохраняется.. Настройка сервера -
В ядре -
#NETGRAPH
options         NETGRAPH
options         NETGRAPH_BPF
options         NETGRAPH_ETHER
options         NETGRAPH_NAT
options         NETGRAPH_IFACE
options         NETGRAPH_EIFACE
options         NETGRAPH_PPP
options         NETGRAPH_PPPOE
options         NETGRAPH_PPTPGRE
options         NETGRAPH_L2TP
options         NETGRAPH_ASYNC
options         NETGRAPH_ONE2MANY
options         NETGRAPH_TCPMSS
options         NETGRAPH_SOCKET
options         NETGRAPH_KSOCKET
options         NETGRAPH_SPLIT
options         NETGRAPH_TEE
options         NETGRAPH_HOLE
options         NETGRAPH_VJC
options         NETGRAPH_MPPC_ENCRYPTION
options         NETGRAPH_NETFLOW
options         NETGRAPH_IPFW
# FIREWALL
options       IPFIREWALL
options       IPFIREWALL_VERBOSE
options       IPFIREWALL_VERBOSE_LIMIT=10
options       IPDIVERT
options       DUMMYNET
options       LIBALIAS
options       IPFIREWALL_FORWARD
options       IPFIREWALL_NAT
options       IPSTEALTH
options       HZ=1000
options       DEVICE_POLLING
Настройки NAT + IPFW (Отключил уже все) -
ste0 смотрит наружу, rl0 - во внутр. сеть
server# ifconfig
ste0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:21:91:3b:2a:a5
        inet 120.223.6.58 netmask 0xfffffffc broadcast 120.223.6.59
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:30:18:a2:35:02
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000

server# ipfw -a list
00300      296      27592 allow ip from any to any via lo0
00400        0          0 deny ip from any to 127.0.0.0/8
00500        0          0 deny ip from 127.0.0.0/8 to any
01100  5505117 2218952626 divert 8668 ip from any to any via ste0
65000 10650582 5067290896 allow ip from any to any
65535        4        184 deny ip from any to any
Загрузка сервера практически нулевая:
server# top
last pid: 53311;  load averages:  0.00,  0.00,  0.00                                                                                 up 5+00:44:39  17:14:08
56 processes:  1 running, 55 sleeping
CPU:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
Mem: 47M Active, 258M Inact, 134M Wired, 24K Cache, 112M Buf, 1556M Free
Swap: 5000M Total, 5000M Free
Запущенные процессы:
server# ps ax
  PID  TT  STAT      TIME COMMAND
    0  ??  DLs    4:58.37 [kernel]
    1  ??  ILs    0:00.47 /sbin/init --
    2  ??  DL     0:07.88 [g_event]
    3  ??  DL     0:08.75 [g_up]
    4  ??  DL     0:09.86 [g_down]
    5  ??  DL     0:00.00 [xpt_thrd]
    6  ??  DL     0:01.09 [fdc0]
    7  ??  DL     0:00.00 [sctp_iterator]
    8  ??  DL     0:00.25 [pagedaemon]
    9  ??  DL     0:00.00 [vmdaemon]
   10  ??  DL     0:00.00 [audit]
   11  ??  RL   7199:24.89 [idle]
   12  ??  WL    11:29.92 [intr]
   13  ??  DL     0:51.45 [ng_queue]
   14  ??  DL     0:15.05 [yarrow]
   15  ??  DL     0:09.68 [acpi_thermal]
   16  ??  DL     0:00.19 [acpi_cooling0]
   17  ??  DL     0:06.42 [usb]
   18  ??  DL     0:00.00 [pagezero]
   19  ??  DL     0:00.31 [idlepoll]
   20  ??  DL     0:01.12 [bufdaemon]
   21  ??  DL     0:01.14 [vnlru]
   22  ??  DL     9:56.41 [syncer]
   23  ??  DL     0:02.51 [softdepflush]
   24  ??  DL     0:00.63 [flowcleaner]
  403  ??  Is     0:00.14 /sbin/devd
  426  ??  Ss     0:00.76 /sbin/routed -q
  533  ??  Ss     1:47.87 /sbin/natd -n ste0
  590  ??  Is     0:04.28 /usr/sbin/syslogd -s
  606  ??  Is     0:00.31 /usr/sbin/rpcbind
  702  ??  Is     0:00.80 /usr/local/sbin/mpd5 -p /var/run/mpd5.pid -b
  820  ??  Is     0:00.15 /usr/local/sbin/dhcpd -q -cf /usr/local/etc/dhcpd.conf -lf /var/db/dhcpd/dhcpd.leases -pf /var/run/dhcpd/dhcpd.pid -user dhcpd -gr
  922  ??  Ss     0:09.19 /usr/local/sbin/httpd
  941  ??  Is     0:07.15 /usr/sbin/sshd
  950  ??  Is     0:00.84 /usr/sbin/cron -s
  967  ??  I      0:00.11 /usr/local/sbin/httpd
  968  ??  I      0:00.01 /usr/local/sbin/httpd
39821  ??  I      0:00.01 /usr/local/sbin/httpd
39824  ??  I      0:00.01 /usr/local/sbin/httpd
39825  ??  I      0:00.01 /usr/local/sbin/httpd
39827  ??  I      0:00.01 /usr/local/sbin/httpd
39831  ??  I      0:00.00 /usr/local/sbin/httpd
39832  ??  I      0:00.01 /usr/local/sbin/httpd
39834  ??  I      0:00.00 /usr/local/sbin/httpd
39835  ??  I      0:00.00 /usr/local/sbin/httpd
53124  ??  Is     0:00.00 squid -D
53126  ??  S      0:03.17 (squid) -D (squid)
53132  ??  I      0:00.01 (unlinkd) (unlinkd)
53135  ??  I      0:00.01 (dnsserver) (dnsserver)
53136  ??  I      0:00.01 (dnsserver) (dnsserver)
53137  ??  I      0:00.01 (dnsserver) (dnsserver)
53138  ??  I      0:00.01 (dnsserver) (dnsserver)
53139  ??  I      0:00.01 (dnsserver) (dnsserver)
53257  ??  Is     0:00.05 sshd: user[priv] (sshd)
53260  ??  S      0:00.07 sshd: user@pts/2 (sshd)
  854  v0- I      0:00.01 /bin/sh /usr/local/bin/mysqld_safe --defaults-extra-file=/var/db/mysql/my.cnf --user=mysql --datadir=/var/db/mysql --pid-file=/var
  903  v0- I      1:51.80 /usr/local/libexec/mysqld --defaults-extra-file=/var/db/mysql/my.cnf --basedir=/usr/local --datadir=/var/db/mysql --log-error=/var
1005  v0  Is+    0:00.00 /usr/libexec/getty Pc ttyv0
1006  v1  Is+    0:00.00 /usr/libexec/getty Pc ttyv1
1007  v2  Is+    0:00.00 /usr/libexec/getty Pc ttyv2
1008  v3  Is+    0:00.00 /usr/libexec/getty Pc ttyv3
1009  v4  Is+    0:00.00 /usr/libexec/getty Pc ttyv4
1010  v5  Is+    0:00.00 /usr/libexec/getty Pc ttyv5
1011  v6  Is+    0:00.00 /usr/libexec/getty Pc ttyv6
1012  v7  Is+    0:00.00 /usr/libexec/getty Pc ttyv7
53261   2  Is     0:00.01 -sh (sh)
53264   2  I      0:00.01 su
53265   2  I      0:00.01 _su (csh)
53269   2  S+     0:00.28 mc
53270   3  Ss     0:00.03 tcsh (csh)
53314   3  R+     0:00.00 ps ax
В логах нет ничего..
Подскажите плз, как можно продиагностировать? Куда копать и что можно посмотреть?

Содержание

Периодические проблемы с шлюзом на FreeBSD 8,Alex_o, 23:14 , 02-Дек-10
- Периодические проблемы с шлюзом на FreeBSD 8,rt1975, 16:45 , 06-Дек-10
  - Периодические проблемы с шлюзом на FreeBSD 8,rt1975, 17:11 , 23-Дек-10
    - Периодические проблемы с шлюзом на FreeBSD 8,gpl77, 20:36 , 23-Дек-10
      - Периодические проблемы с шлюзом на FreeBSD 8,rt1975, 00:52 , 24-Дек-10
        
        Периодические проблемы с шлюзом на FreeBSD 8,gpl77, 18:45 , 24-Дек-10
Периодические проблемы с шлюзом на FreeBSD 8,2ihi, 19:49 , 24-Дек-10
- Периодические проблемы с шлюзом на FreeBSD 8,rt1975, 22:20 , 16-Янв-11
  - Периодические проблемы с шлюзом на FreeBSD 8,rt1975, 22:34 , 16-Янв-11
  - Периодические проблемы с шлюзом на FreeBSD 8,PavelR, 23:33 , 16-Янв-11
    - Периодические проблемы с шлюзом на FreeBSD 8,rt1975, 03:14 , 17-Янв-11
      - Периодические проблемы с шлюзом на FreeBSD 8,rt1975, 21:45 , 17-Янв-11
        
        Периодические проблемы с шлюзом на FreeBSD 8,Сергей, 22:34 , 17-Янв-11
        
        Периодические проблемы с шлюзом на FreeBSD 8,rt1975, 14:34 , 18-Янв-11
        
        Периодические проблемы с шлюзом на FreeBSD 8,rt1975, 04:39 , 22-Янв-11
        
        Периодические проблемы с шлюзом на FreeBSD 8,mic123456, 09:17 , 28-Фев-11
        
        Периодические проблемы с шлюзом на FreeBSD 8,rt1975, 14:52 , 28-Фев-11

Сообщения в этом обсуждении

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено Alex_o , 02-Дек-10 23:14

1. Апгрейд до RELENG_8_1, ибо в 8.0 от рождения было больше глюков, чем даже в несчастной 5-й ветке.
2. непонятно что делает mpd5. Есть ли там шейпинг/ng_car? - это дело в 8-й ветке тоже надо готовить правильно. Есть многа инфы по этому делу на nag.ru, но если вы не в теме, то осилить будет трудно :).
3. Попробуйте убрать сквид (нафиг он ваще вам сдался при нынешних скоростях?), оставьте один нат.

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено rt1975 , 06-Дек-10 16:45

> 1. Апгрейд до RELENG_8_1, ибо в 8.0 от рождения было больше глюков,
> чем даже в несчастной 5-й ветке.
Установлена 8.0 RELEASE #1
> 2. непонятно что делает mpd5. Есть ли там шейпинг/ng_car? - это дело
> в 8-й ветке тоже надо готовить правильно. Есть многа инфы по
> этому делу на nag.ru, но если вы не в теме, то
> осилить будет трудно :).
Для поднятия VPN-канала для доступа в офисную сетку.
> 3. Попробуйте убрать сквид (нафиг он ваще вам сдался при нынешних скоростях?),
> оставьте один нат.
Sarg-ом статистику собираю.. Сквид убирал, не помогло...

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено rt1975 , 23-Дек-10 17:11

>> 2. непонятно что делает mpd5. Есть ли там шейпинг/ng_car? - это дело
>> в 8-й ветке тоже надо готовить правильно. Есть многа инфы по
>> этому делу на nag.ru, но если вы не в теме, то
>> осилить будет трудно :).
> Для поднятия VPN-канала для доступа в офисную сетку.
Народ, помогите разобраться. Мля, достало уже. Перешел на релиз 8.1 - картина не изменилась. После продолжительных изысканий выяснилось, что проблема связана с MPD5. После поднятия VPN-соединения начинаются вышеописанные проблемы. Закрытие соединения не омогает, только рестарт сервера. Вот конфиг MPD:
default:
        load pptp_server
pptp_server:
        set ippool add pool1 192.168.0.64 192.168.0.99
create bundle template B
set bundle enable compression
set bundle enable encryption
set iface idle 1800
set iface disable proxy-arp
set iface enable tcpmssfix
set ipcp yes vjcomp
set ipcp ranges 192.168.0.1/24 ippool pool1
set ipcp dns 8.24.0.1
set ccp yes mppc
set mppc yes e40
set mppc yes e56
set mppc yes e128
set mppc yes stateless
create link template L pptp
set link action bundle B
set link enable multilink
set link yes acfcomp protocomp
set link max-children  20
set link disable pap chap eap
set link enable chap-md5
set link enable chap-msv1
set link enable chap-msv2
set link keep-alive 10 75
set link mtu 1500
set pptp self ХХ.ХХ.ХХ.ХХ
set link enable incoming
Поднятие соединения:
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1396
        inet 192.168.0.1 --> 192.168.0.64 netmask 0xffffffff
Таблица роутинга до и после установки соединения:
Routing tables
Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            1.1.1.1            UGS        42    85127    rl0
1.1.1.0/30         link#3             U           0        2    rl0
1.1.1.2            link#3             UHS         0      465    lo0
127.0.0.1          link#5             UH          0        0    lo0
192.168.0.1        127.0.0.1          UH          0        0    lo0
192.168.0.64       link#6             UH          0      115    ng0
192.168.1.0/24     link#1             U           4    99196    vr0
192.168.1.1        link#1             UHS         0        0    lo0
192.168.2.0/24     link#2             U           0        0   ste0
192.168.2.1        link#2             UHS         0        0    lo0
Routing tables
Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            1.1.1.1           UGS        61    86427    rl0
1.1.1.0/30         link#3             U           0        2    rl0
1.1.1.2            link#3             UHS         0      465    lo0
127.0.0.1          link#5             UH          0        0    lo0
192.168.1.0/24     link#1             U           5    99703    vr0
192.168.1.1        link#1             UHS         0        0    lo0
192.168.2.0/24     link#2             U           0        0   ste0
192.168.2.1        link#2             UHS         0        0    lo0
Пробовал снять tcpdump на локальном подключении. Вот кусок когда все работает:
15:19:13.316322 IP 192.168.1.104.1835 > 193.200.10.26.9443: Flags [S], seq 856881790, win 65535, options [mss 1460,nop,nop,sackOK], length 0
15:19:13.340028 IP 193.200.10.26.9443 > 192.168.1.104.1835: Flags [S.], seq 1577380176, ack 856881791, win 5840, options [mss 1460,nop,nop,sackOK], length 0
15:19:13.340561 IP 192.168.1.104.1835 > 193.200.10.26.9443: Flags [.], ack 1, win 65535, length 0
15:19:13.341030 IP 192.168.1.104.1835 > 193.200.10.26.9443: Flags [P.], ack 1, win 65535, length 112
15:19:13.362291 IP 193.200.10.26.9443 > 192.168.1.104.1835: Flags [.], ack 113, win 5840, length 0
15:19:13.366107 IP 193.200.10.26.9443 > 192.168.1.104.1835: Flags [P.], ack 113, win 5840, length 1019
15:19:13.368326 IP 192.168.1.104.1835 > 193.200.10.26.9443: Flags [.], ack 1020, win 64516, length 1460
15:19:13.368342 IP 192.168.1.104.1835 > 193.200.10.26.9443: Flags [P.], ack 1020, win 64516, length 109
15:19:13.402124 IP 193.200.10.26.9443 > 192.168.1.104.1835: Flags [.], ack 1682, win 8760, length 0
15:19:13.402565 IP 192.168.1.104.1835 > 193.200.10.26.9443: Flags [P.], ack 1020, win 64516, length 182
15:19:13.428401 IP 193.200.10.26.9443 > 192.168.1.104.1835: Flags [P.], ack 1864, win 8760, length 6
15:19:13.428564 IP 193.200.10.26.9443 > 192.168.1.104.1835: Flags [P.], ack 1864, win 8760, length 37
15:19:13.428912 IP 192.168.1.104.1835 > 193.200.10.26.9443: Flags [.], ack 1063, win 64473, length 0
15:19:13.429657 IP 192.168.1.104.1835 > 193.200.10.26.9443: Flags [P.], ack 1063, win 64473, length 1366
15:19:13.489759 IP 193.200.10.26.9443 > 192.168.1.104.1835: Flags [P.], ack 3230, win 11680, length 820
15:19:13.489837 IP 193.200.10.26.9443 > 192.168.1.104.1835: Flags [P.], ack 3230, win 11680, length 23
15:19:13.489993 IP 193.200.10.26.9443 > 192.168.1.104.1835: Flags [F.], seq 1906, ack 3230, win 11680, length 0
15:19:13.490450 IP 192.168.1.104.1835 > 193.200.10.26.9443: Flags [.], ack 1906, win 65535, length 0
15:19:13.490465 IP 192.168.1.104.1835 > 193.200.10.26.9443: Flags [.], ack 1907, win 65535, length 0
15:19:13.491590 IP 192.168.1.104.1835 > 193.200.10.26.9443: Flags [P.], ack 1907, win 65535, length 23
15:19:13.491607 IP 192.168.1.104.1835 > 193.200.10.26.9443: Flags [F.], seq 3253, ack 1907, win 65535, length 0
15:19:13.524555 IP 193.200.10.26.9443 > 192.168.1.104.1835: Flags [R], seq 1577382083, win 0, length 0
15:19:13.524734 IP 193.200.10.26.9443 > 192.168.1.104.1835: Flags [R], seq 1577382083, win 0, length 0
15:19:14.589374 IP 192.168.1.104.1826 > 193.200.10.26.9443: Flags [FP.], seq 3223:3246, ack 5719, win 65260, length 23

А вот восле поднятия и закрытия VPN-соединения:
15:54:50.330593 IP 192.168.1.104.2265 > 193.200.10.26.9443: Flags [S], seq 351366944, win 65535, options [mss 1460,nop,nop,sackOK], length 0
15:54:50.342333 IP 193.200.10.26.9443 > 192.168.1.104.2265: Flags [S.], seq 3842222780, ack 351366945, win 5840, options [mss 1460,nop,nop,sackOK], length 0
15:54:50.342817 IP 192.168.1.104.2265 > 193.200.10.26.9443: Flags [.], ack 1, win 65535, length 0
15:54:50.344579 IP 192.168.1.104.2265 > 193.200.10.26.9443: Flags [P.], ack 1, win 65535, length 103
15:54:50.360941 IP 193.200.10.26.9443 > 192.168.1.104.2265: Flags [.], ack 104, win 5840, length 0
15:54:50.367963 IP 193.200.10.26.9443 > 192.168.1.104.2265: Flags [P.], ack 104, win 5840, length 1019
15:54:50.377895 IP 192.168.1.104.2265 > 193.200.10.26.9443: Flags [.], ack 1020, win 64516, length 1460
15:54:50.377910 IP 192.168.1.104.2265 > 193.200.10.26.9443: Flags [P.], ack 1020, win 64516, length 101
15:54:50.377966 IP 192.168.1.1 > 192.168.1.104: ICMP 193.200.10.26 unreachable - need to frag (mtu 1488), length 36
15:54:50.378788 IP 192.168.1.104.2265 > 193.200.10.26.9443: Flags [.], ack 1020, win 64516, length 1448
15:54:50.378844 IP 192.168.1.1 > 192.168.1.104: ICMP 193.200.10.26 unreachable - need to frag (mtu 1488), length 36
15:54:50.397772 IP 193.200.10.26.9443 > 192.168.1.104.2265: Flags [.], ack 104, win 5840, options [nop,nop,sack 1 {1564:1665}], length 0
15:54:50.398264 IP 192.168.1.104.2265 > 193.200.10.26.9443: Flags [P.], ack 1020, win 64516, length 295
15:54:50.416653 IP 193.200.10.26.9443 > 192.168.1.104.2265: Flags [.], ack 104, win 5840, options [nop,nop,sack 2 {1564:1665}{1552:1847}], length 0
15:54:50.417495 IP 192.168.1.104.2265 > 193.200.10.26.9443: Flags [.], ack 1020, win 64516, length 1448
15:54:50.417551 IP 192.168.1.1 > 192.168.1.104: ICMP 193.200.10.26 unreachable - need to frag (mtu 1488), length 36
15:54:52.546607 IP 193.200.10.26.80 > 192.168.1.104.2259: Flags [F.], seq 185, ack 404, win 6432, length 0
15:54:52.546993 IP 192.168.1.104.2259 > 193.200.10.26.80: Flags [.], ack 186, win 65351, length 0
15:54:52.549758 IP 193.200.10.26.80 > 192.168.1.104.2261: Flags [F.], seq 184, ack 413, win 6432, length 0
15:54:52.549928 IP 193.200.10.26.80 > 192.168.1.104.2260: Flags [F.], seq 186, ack 401, win 6432, length 0
15:54:52.550103 IP 193.200.10.26.80 > 192.168.1.104.2262: Flags [F.], seq 185, ack 369, win 6432, length 0
15:54:52.550190 IP 192.168.1.104.2261 > 193.200.10.26.80: Flags [.], ack 185, win 65352, length 0
15:54:52.550204 IP 192.168.1.104.2260 > 193.200.10.26.80: Flags [.], ack 187, win 65350, length 0
15:54:52.550535 IP 192.168.1.104.2262 > 193.200.10.26.80: Flags [.], ack 186, win 65351, length 0
15:54:52.832287 IP 192.168.1.104.2265 > 193.200.10.26.9443: Flags [.], ack 1020, win 64516, length 1448
15:54:52.832348 IP 192.168.1.1 > 192.168.1.104: ICMP 193.200.10.26 unreachable - need to frag (mtu 1488), length 36
15:54:53.910218 IP 192.168.1.104.2249 > 193.200.10.26.80: Flags [R.], seq 2745, ack 30098, win 0, length 0

Смущают сообщения "IP 192.168.1.1 > 192.168.1.104: ICMP 193.200.10.26 unreachable - need to frag (mtu 1488), length 36".
192.168.1.1 - интерфейс в локалку
192.168.1.104 - комп в локалке
193.200.10.26 - сервер клиент-банка
Причем проблема отражается не только на клиент-банке, интернет в локалке практически отваливается, большая часть страниц не открывается, аська с мыл-агентом находятся в постоянном состоянии онлайн-офлайн с периодичностью в 10 секунд.
Помогите разобраться, откуда ноги растут...

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено gpl77 , 23-Дек-10 20:36

> Смущают сообщения "IP 192.168.1.1 > 192.168.1.104: ICMP 193.200.10.26 unreachable - need
> to frag (mtu 1488), length 36".
> 192.168.1.1 - интерфейс в локалку
> 192.168.1.104 - комп в локалке
> 193.200.10.26 - сервер клиент-банка
> Причем проблема отражается не только на клиент-банке, интернет в локалке практически отваливается,
> большая часть страниц не открывается, аська с мыл-агентом находятся в постоянном
> состоянии онлайн-офлайн с периодичностью в 10 секунд.
> Помогите разобраться, откуда ноги растут...
похоже на MTU / TCP MSS
я не знаю как это сделать в нетграф, в ipfilter есть опция mssclamp
попробуйте для проверки уменьшить mtu на клиентской машине - посмотрите будет работать или нет

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено rt1975 , 24-Дек-10 00:52

>[оверквотинг удален]
>> 193.200.10.26 - сервер клиент-банка
>> Причем проблема отражается не только на клиент-банке, интернет в локалке практически отваливается,
>> большая часть страниц не открывается, аська с мыл-агентом находятся в постоянном
>> состоянии онлайн-офлайн с периодичностью в 10 секунд.
>> Помогите разобраться, откуда ноги растут...
> похоже на MTU / TCP MSS
> я не знаю как это сделать в нетграф, в ipfilter есть опция
> mssclamp
> попробуйте для проверки уменьшить mtu на клиентской машине - посмотрите будет работать
> или нет
Выставил значение в 1024, проверить в офисе нет возможности, но ася у меня на удаленном клиенте перестала отваливаться.. Будем поглядеть завтра.. Но все-таки, если я правильно понимаю, при поднятии впн в системе меняются какие-то настройки, которые не откатываются после разъединения и восстанавливаются после ребута... Что это может быть, в какую сторону смотреть? Неужели никто не сталкивался?

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено gpl77 , 24-Дек-10 18:45

> Выставил значение в 1024, проверить в офисе нет возможности, но ася у
> меня на удаленном клиенте перестала отваливаться.. Будем поглядеть завтра.. Но
> все-таки, если я правильно понимаю, при поднятии впн в системе меняются
> какие-то настройки, которые не откатываются после разъединения и восстанавливаются после
> ребута... Что это может быть, в какую сторону смотреть? Неужели никто
> не сталкивался?
http://ru.wikipedia.org/wiki/MTU
http://www.opennet.me/base/cisco/df_packet_fragment.txt.html
почитайте.
это, конечно, гипотеза, что mtu великоват. проверьте сначала ее.

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено 2ihi , 24-Дек-10 19:49

покажите
dmesg
dmesg -a
включите расширенные логи mpd, задействуте ipfw nat или pf nat вместо natd (я так полагаю это он на 8668 слушает?), второй по скорости быстрее.
426 ?? Ss 0:00.76 /sbin/routed -q - это для чего?
покажите /etc/rc.conf

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено rt1975 , 16-Янв-11 22:20

> покажите
> dmesg
> dmesg -a
> включите расширенные логи mpd, задействуте ipfw nat или pf nat вместо natd
> (я так полагаю это он на 8668 слушает?), второй по скорости
> быстрее.
>  426  ??  Ss     0:00.76 /sbin/routed
> -q  - это для чего?
> покажите /etc/rc.conf
уменьшил MTU до 576, не помогло.
вывод dmesg:
Copyright (c) 1992-2010 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 8.1-RELEASE #1: Sat Dec 11 22:24:35 MSK 2010
    server@server:/usr/obj/usr/src/sys/MYKERNEL i386
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(R) CPU          420  @ 1.60GHz (1600.01-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x10661  Family = 6  Model = 16  Stepping = 1
  Features=0xafebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE>
  Features2=0xe31d<SSE3,DTES64,MON,DS_CPL,TM2,SSSE3,CX16,xTPR,PDCM>
  AMD Features=0x20100000<NX,LM>
  AMD Features2=0x1<LAHF>
  TSC: P-state invariant
real memory  = 1065287680 (1015 MB)
avail memory = 1032347648 (984 MB)
ACPI APIC Table: <JETWAY AWRDACPI>
ioapic0 <Version 2.0> irqs 0-23 on motherboard
acpi0: <JETWAY AWRDACPI> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
acpi0: reservation of 0, 3f7f0000 (3) failed
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
cpu0: <ACPI CPU> on acpi0
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
vgapci0: <VGA-compatible display> port 0xff00-0xff07 mem 0xfdf00000-0xfdf7ffff,0xd0000000-0xdfffffff,0xfdf80000-0xfdfbffff irq 16 at device 2.0 on pci0
pcib1: <ACPI PCI-PCI bridge> irq 16 at device 28.0 on pci0
pci1: <ACPI PCI bus> on pcib1
uhci0: <Intel 82801G (ICH7) USB controller USB-A> port 0xfe00-0xfe1f irq 23 at device 29.0 on pci0
uhci0: [ITHREAD]
usbus0: <Intel 82801G (ICH7) USB controller USB-A> on uhci0
uhci1: <Intel 82801G (ICH7) USB controller USB-B> port 0xfd00-0xfd1f irq 19 at device 29.1 on pci0
uhci1: [ITHREAD]
usbus1: <Intel 82801G (ICH7) USB controller USB-B> on uhci1
uhci2: <Intel 82801G (ICH7) USB controller USB-C> port 0xfc00-0xfc1f irq 18 at device 29.2 on pci0
uhci2: [ITHREAD]
usbus2: <Intel 82801G (ICH7) USB controller USB-C> on uhci2
uhci3: <Intel 82801G (ICH7) USB controller USB-D> port 0xfb00-0xfb1f irq 16 at device 29.3 on pci0
uhci3: [ITHREAD]
usbus3: <Intel 82801G (ICH7) USB controller USB-D> on uhci3
ehci0: <Intel 82801GB/R (ICH7) USB 2.0 controller> mem 0xfdfff000-0xfdfff3ff irq 23 at device 29.7 on pci0
ehci0: [ITHREAD]
usbus4: EHCI version 1.0
usbus4: <Intel 82801GB/R (ICH7) USB 2.0 controller> on ehci0
pcib2: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci2: <ACPI PCI bus> on pcib2
vr0: <VIA VT6105 Rhine III 10/100BaseTX> port 0xdc00-0xdcff mem 0xfdeff000-0xfdeff0ff irq 16 at device 1.0 on pci2
vr0: Quirks: 0x0
vr0: Revision: 0x8b
miibus0: <MII bus> on vr0
ukphy0: <Generic IEEE 802.3u media interface> PHY 1 on miibus0
ukphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
vr0: Ethernet address: 00:26:5a:13:d5:60
vr0: [ITHREAD]
ste0: <Sundance ST201 10/100BaseTX> port 0xdf00-0xdf7f mem 0xfdefe000-0xfdefe1ff irq 17 at device 2.0 on pci2
miibus1: <MII bus> on ste0
ukphy1: <Generic IEEE 802.3u media interface> PHY 0 on miibus1
ukphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
ste0: Ethernet address: 00:26:18:eb:bf:96
ste0: [ITHREAD]
rl0: <RealTek 8139 10/100BaseTX> port 0xda00-0xdaff mem 0xfdefd000-0xfdefd0ff irq 19 at device 4.0 on pci2
miibus2: <MII bus> on rl0
rlphy0: <RealTek internal media interface> PHY 0 on miibus2
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl0: Ethernet address: 00:30:18:a2:35:02
rl0: [ITHREAD]
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH7 SATA300 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf800-0xf80f at device 31.2 on pci0
ata0: <ATA channel 0> on atapci0
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci0
ata1: [ITHREAD]
pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
acpi_tz0: <Thermal Zone> on acpi0
atrtc0: <AT realtime clock> port 0x70-0x73 irq 8 on acpi0
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart0: [FILTER]
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
orm0: <ISA Option ROMs> at iomem 0xcc000-0xd3fff,0xef000-0xeffff pnpid ORM0000 on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
p4tcc0: <CPU Frequency Thermal Control> on cpu0
Timecounter "TSC" frequency 1600011424 Hz quality 800
Timecounters tick every 1.000 msec
ipfw2 (+ipv6) initialized, divert enabled, nat enabled, rule-based forwarding enabled, default to deny, logging disabled
load_dn_sched dn_sched FIFO loaded
load_dn_sched dn_sched PRIO loaded
load_dn_sched dn_sched QFQ loaded
load_dn_sched dn_sched RR loaded
load_dn_sched dn_sched WF2Q+ loaded
usbus0: 12Mbps Full Speed USB v1.0
usbus1: 12Mbps Full Speed USB v1.0
usbus2: 12Mbps Full Speed USB v1.0
usbus3: 12Mbps Full Speed USB v1.0
usbus4: 480Mbps High Speed USB v2.0
ad0: 953869MB <Seagate ST31000520AS CC32> at ata0-master UDMA100 SATA
ugen0.1: <Intel> at usbus0
uhub0: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
ugen1.1: <Intel> at usbus1
uhub1: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1
ugen2.1: <Intel> at usbus2
uhub2: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2
ugen3.1: <Intel> at usbus3
uhub3: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus3
ugen4.1: <Intel> at usbus4
uhub4: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus4
acd0: DVDR <PIONEER DVD-RW DVR-112D/1.21> at ata1-master UDMA66 SATA
Root mount waiting for: usbus4 usbus3 usbus2 usbus1 usbus0
uhub0: 2 ports with 2 removable, self powered
uhub1: 2 ports with 2 removable, self powered
uhub2: 2 ports with 2 removable, self powered
uhub3: 2 ports with 2 removable, self powered
Root mount waiting for: usbus4
Root mount waiting for: usbus4
Root mount waiting for: usbus4
uhub4: 8 ports with 8 removable, self powered
Trying to mount root from ufs:/dev/ad0s1a
rl0: link state changed to UP
nd6_setmtu0: new link MTU on ng0 (576) is too small for IPv6
вывод dmesg -a
Copyright (c) 1992-2010 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 8.1-RELEASE #1: Sat Dec 11 22:24:35 MSK 2010
    server@server:/usr/obj/usr/src/sys/MYKERNEL i386
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(R) CPU          420  @ 1.60GHz (1600.01-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x10661  Family = 6  Model = 16  Stepping = 1
  Features=0xafebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE>
  Features2=0xe31d<SSE3,DTES64,MON,DS_CPL,TM2,SSSE3,CX16,xTPR,PDCM>
  AMD Features=0x20100000<NX,LM>
  AMD Features2=0x1<LAHF>
  TSC: P-state invariant
real memory  = 1065287680 (1015 MB)
avail memory = 1032347648 (984 MB)
ACPI APIC Table: <JETWAY AWRDACPI>
ioapic0 <Version 2.0> irqs 0-23 on motherboard
acpi0: <JETWAY AWRDACPI> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
acpi0: reservation of 0, 3f7f0000 (3) failed
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
cpu0: <ACPI CPU> on acpi0
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
vgapci0: <VGA-compatible display> port 0xff00-0xff07 mem 0xfdf00000-0xfdf7ffff,0xd0000000-0xdfffffff,0xfdf80000-0xfdfbffff irq 16 at device 2.0 on pci0
pcib1: <ACPI PCI-PCI bridge> irq 16 at device 28.0 on pci0
pci1: <ACPI PCI bus> on pcib1
uhci0: <Intel 82801G (ICH7) USB controller USB-A> port 0xfe00-0xfe1f irq 23 at device 29.0 on pci0
uhci0: [ITHREAD]
usbus0: <Intel 82801G (ICH7) USB controller USB-A> on uhci0
uhci1: <Intel 82801G (ICH7) USB controller USB-B> port 0xfd00-0xfd1f irq 19 at device 29.1 on pci0
uhci1: [ITHREAD]
usbus1: <Intel 82801G (ICH7) USB controller USB-B> on uhci1
uhci2: <Intel 82801G (ICH7) USB controller USB-C> port 0xfc00-0xfc1f irq 18 at device 29.2 on pci0
uhci2: [ITHREAD]
usbus2: <Intel 82801G (ICH7) USB controller USB-C> on uhci2
uhci3: <Intel 82801G (ICH7) USB controller USB-D> port 0xfb00-0xfb1f irq 16 at device 29.3 on pci0
uhci3: [ITHREAD]
usbus3: <Intel 82801G (ICH7) USB controller USB-D> on uhci3
ehci0: <Intel 82801GB/R (ICH7) USB 2.0 controller> mem 0xfdfff000-0xfdfff3ff irq 23 at device 29.7 on pci0
ehci0: [ITHREAD]
usbus4: EHCI version 1.0
usbus4: <Intel 82801GB/R (ICH7) USB 2.0 controller> on ehci0
pcib2: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci2: <ACPI PCI bus> on pcib2
vr0: <VIA VT6105 Rhine III 10/100BaseTX> port 0xdc00-0xdcff mem 0xfdeff000-0xfdeff0ff irq 16 at device 1.0 on pci2
vr0: Quirks: 0x0
vr0: Revision: 0x8b
miibus0: <MII bus> on vr0
ukphy0: <Generic IEEE 802.3u media interface> PHY 1 on miibus0
ukphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
vr0: Ethernet address: 00:26:5a:13:d5:60
vr0: [ITHREAD]
ste0: <Sundance ST201 10/100BaseTX> port 0xdf00-0xdf7f mem 0xfdefe000-0xfdefe1ff irq 17 at device 2.0 on pci2
miibus1: <MII bus> on ste0
ukphy1: <Generic IEEE 802.3u media interface> PHY 0 on miibus1
ukphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
ste0: Ethernet address: 00:26:18:eb:bf:96
ste0: [ITHREAD]
rl0: <RealTek 8139 10/100BaseTX> port 0xda00-0xdaff mem 0xfdefd000-0xfdefd0ff irq 19 at device 4.0 on pci2
miibus2: <MII bus> on rl0
rlphy0: <RealTek internal media interface> PHY 0 on miibus2
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl0: Ethernet address: 00:30:18:a2:35:02
rl0: [ITHREAD]
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH7 SATA300 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf800-0xf80f at device 31.2 on pci0
ata0: <ATA channel 0> on atapci0
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci0
ata1: [ITHREAD]
pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
acpi_tz0: <Thermal Zone> on acpi0
atrtc0: <AT realtime clock> port 0x70-0x73 irq 8 on acpi0
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart0: [FILTER]
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
orm0: <ISA Option ROMs> at iomem 0xcc000-0xd3fff,0xef000-0xeffff pnpid ORM0000 on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
p4tcc0: <CPU Frequency Thermal Control> on cpu0
Timecounter "TSC" frequency 1600011424 Hz quality 800
Timecounters tick every 1.000 msec
ipfw2 (+ipv6) initialized, divert enabled, nat enabled, rule-based forwarding enabled, default to deny, logging disabled
load_dn_sched dn_sched FIFO loaded
load_dn_sched dn_sched PRIO loaded
load_dn_sched dn_sched QFQ loaded
load_dn_sched dn_sched RR loaded
load_dn_sched dn_sched WF2Q+ loaded
usbus0: 12Mbps Full Speed USB v1.0
usbus1: 12Mbps Full Speed USB v1.0
usbus2: 12Mbps Full Speed USB v1.0
usbus3: 12Mbps Full Speed USB v1.0
usbus4: 480Mbps High Speed USB v2.0
ad0: 953869MB <Seagate ST31000520AS CC32> at ata0-master UDMA100 SATA
ugen0.1: <Intel> at usbus0
uhub0: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
ugen1.1: <Intel> at usbus1
uhub1: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1
ugen2.1: <Intel> at usbus2
uhub2: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2
ugen3.1: <Intel> at usbus3
uhub3: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus3
ugen4.1: <Intel> at usbus4
uhub4: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus4
acd0: DVDR <PIONEER DVD-RW DVR-112D/1.21> at ata1-master UDMA66 SATA
Root mount waiting for: usbus4 usbus3 usbus2 usbus1 usbus0
uhub0: 2 ports with 2 removable, self powered
uhub1: 2 ports with 2 removable, self powered
uhub2: 2 ports with 2 removable, self powered
uhub3: 2 ports with 2 removable, self powered
Root mount waiting for: usbus4
Root mount waiting for: usbus4
Root mount waiting for: usbus4
uhub4: 8 ports with 8 removable, self powered
Trying to mount root from ufs:/dev/ad0s1a
Setting hostuuid: 5fd9978f-04cd-11e0-b2ed-002618ebbf96.
Setting hostid: 0x37cb2005.
Entropy harvesting:
interrupts
ethernet
point_to_point
kickstart
.
Starting file system checks:
/dev/ad0s1a: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s1a: clean, 50520605 free (4141 frags, 6314558 blocks, 0.0% fragmentation)
/dev/ad0s3d: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s3d: clean, 150296127 free (49871 frags, 18780782 blocks, 0.0% fragmentation)
/dev/ad0s4d: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s4d: clean, 266657759 free (48903 frags, 33326107 blocks, 0.0% fragmentation)
Mounting local file systems:
.
Setting hostname: server
.
Starting Network: lo0 vr0 ste0 rl0.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=82808<VLAN_MTU,WOL_UCAST,WOL_MAGIC,LINKSTATE>
        ether 00:26:5a:13:d5:60
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
ste0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=82008<VLAN_MTU,WOL_MAGIC,LINKSTATE>
        ether 00:26:18:eb:bf:96
        inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
        media: Ethernet autoselect (none)
        status: no carrier
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:30:18:a2:35:02
        inet XX.XX.XX.XX netmask 0xfffffffc broadcast XX.XX.XX.XX
        media: Ethernet autoselect (none)
        status: no carrier
add net default: gateway YY.YY.YY.YY
Additional routing options:
IP gateway=YES
.
Starting devd.
Starting routed.
routed: Send bcast sendto(rl0, XX.XX.XX.XX.520): Permission denied
routed: Send bcast sendto(ste0, 192.168.2.255.520): Permission denied
routed: Send bcast sendto(vr0, 192.168.1.255.520): Permission denied
Flushed all rules.
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
[: NO: bad number
Accounting cleared.
09999 skipto 10000 ip from any to any via rl0
09999 skipto 11000 ip from any to any via vr0
09999 skipto 12000 ip from any to any via ste0
09999 skipto 13000 ip from any to any via ng0
09999 skipto 65000 ip from any to any
10110 deny ip from any to table(2) in recv rl0
10110 deny ip from table(2) to any in recv rl0
10110 deny ip from table(1) to any in recv rl0
10120 deny icmp from any to any in icmptypes 5,9,13,14,15,16,17 recv rl0
10510 divert 8668 ip from 192.168.1.0/24 to any out xmit rl0
10520 divert 8668 ip from 192.168.0.0/24 to any out xmit rl0
10530 divert 8668 ip from any to XX.XX.XX.XX in recv rl0
10920 allow gre from XX.XX.XX.XX to any out xmit rl0
10920 allow gre from any to XX.XX.XX.XX in recv rl0
10930 check-state
10940 allow tcp from me to any out xmit rl0 setup keep-state
10940 allow udp from me to any out xmit rl0 keep-state
10940 allow icmp from any to any via rl0 keep-state
10990 allow ip from any to 192.168.1.0/24 via rl0
10990 allow ip from any to 192.168.0.0/24 via rl0
10998 deny log logamount 10 ip from any to any via rl0
11110 deny ip from not 192.168.1.0/24 to any in recv vr0
11520 fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any dst-port 23,70,80,210,280,488,591,777,2041,2042,5190,9080,9443 recv vr0
11910 allow ip from any to 192.168.1.0/24 out xmit vr0
11910 allow ip from 192.168.1.0/24 to any in recv vr0
11920 allow ip from any to 255.255.255.255 via vr0
11920 allow ip from 255.255.255.255 to any via vr0
11998 deny log logamount 10 ip from any to any via vr0
12110 deny ip from not 192.168.2.0/24 to any in recv ste0
12910 allow ip from 192.168.2.0/24 to 192.168.2.1 in recv ste0
12910 allow ip from 192.168.2.1 to 192.168.2.0/24 out xmit ste0
12920 allow ip from any to 255.255.255.255 via ste0
12920 allow ip from 255.255.255.255 to any via ste0
12998 deny ip from any to any via ste0
13110 deny ip from not 192.168.0.0/24 to any in recv ng0
13910 allow ip from any to 192.168.0.0/24 out xmit ng0
13910 allow ip from 192.168.0.0/24 to any in recv ng0
13920 allow ip from any to 255.255.255.255 via ng0
13920 allow ip from 255.255.255.255 to any via ng0
13998 deny log logamount 10 ip from any to any via ng0
Accounting cleared.
Firewall rules loaded.
Starting natd.
Loading /lib/libalias_cuseeme.so
Loading /lib/libalias_ftp.so
Loading /lib/libalias_irc.so
Loading /lib/libalias_nbt.so
Loading /lib/libalias_pptp.so
Loading /lib/libalias_skinny.so
Loading /lib/libalias_smedia.so
Jan 15 18:15:26 natd[857]: Aliasing to XX.XX.XX.XX, mtu 1500 bytes
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/mysql
a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout
Creating and/or trimming log files
.
Starting syslogd.
Starting rpcbind.
Clearing /tmp (X related).
Jan 15 18:15:27 server routed[622]: sendto(ste0, 224.0.0.2): Permission denied
ipfw: 11998 Deny ICMP:10.0 192.168.1.1 224.0.0.2 out via vr0
Jan 15 18:15:27 server routed[622]: sendto(vr0, 224.0.0.2): Permission denied
Starting mpd5.
Updating motd:
rl0: link state changed to UP
ipfw: 11998 Deny P:2 192.168.1.1 224.0.0.22 out via vr0
.
Starting dhcpd.
Starting proftpd.
Starting squid.
2011/01/15 18:15:30| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2011/01/15 18:15:30| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2011/01/15 18:15:30| WARNING: You should probably remove '::/0' from the ACL named 'all'
Starting mysql.
Jan 15 18:15:30 server routed[622]: sendto(ste0, 224.0.0.2): Permission denied
ipfw: 11998 Deny ICMP:10.0 192.168.1.1 224.0.0.2 out via vr0
Jan 15 18:15:30 server routed[622]: sendto(vr0, 224.0.0.2): Permission denied
Starting bruteblockd.
Performing sanity check on apache22 configuration:
Jan 15 18:15:33 server routed[622]: sendto(ste0, 224.0.0.2): Permission denied
ipfw: 11998 Deny ICMP:10.0 192.168.1.1 224.0.0.2 out via vr0
Jan 15 18:15:33 server routed[622]: sendto(vr0, 224.0.0.2): Permission denied
Syntax OK
Starting apache22.
Configuring syscons:
keymap
blanktime
.
Starting sshd.
eval: /usr/sbin/sendmail: not found
eval: /usr/sbin/sendmail: not found
Starting cron.
Local package initialization:
portsentry (
tcp
udp
)
.
Starting background file system checks in 60 seconds.
Sat Jan 15 18:15:34 MSK 2011
ipfw: 10998 Deny UDP 0.0.0.0:68 255.255.255.255:67 in via rl0
ipfw: 10998 Deny UDP 0.0.0.0:68 255.255.255.255:67 in via rl0
ipfw: 10998 Deny UDP 0.0.0.0:68 255.255.255.255:67 in via rl0
ipfw: 10998 Deny UDP 0.0.0.0:68 255.255.255.255:67 in via rl0
ipfw: 10998 Deny UDP 0.0.0.0:68 255.255.255.255:67 in via rl0
ipfw: limit 10 reached on entry 10998
Jan 15 22:15:40 server dhcpd: Remove host declaration webcam or remove 192.168.1.200
Jan 15 22:15:40 server dhcpd: from the dynamic address pool for 192.168.1.0/24
nd6_setmtu0: new link MTU on ng0 (576) is too small for IPv6
Jan 16 02:13:51 server routed[622]: write(rt_sock) RTM_ADD    192.168.0.68/32 -->192.168.0.1     metric=0 flags=0: File exists
Jan 16 02:13:51 server routed[622]: write(rt_sock) RTM_ADD    192.168.0.1/32  -->127.0.0.1       metric=0 flags=0: File exists
ipfw: 13998 Deny P:2 192.168.0.1 224.0.0.22 out via ng0
ipfw: 13998 Deny P:2 192.168.0.1 224.0.0.22 out via ng0
Jan 16 02:15:26 server    routed[622]: static route 192.168.0.1/32 --> 192.168.0.1 impossibly lacks ifp
Jan 16 02:30:26 server    routed[622]: 192.168.0.68/32 --> 192.168.0.1 disappeared from kernel

В логах мдп все хорошо, на соединение по мпд нат не использую..
"426  ??  Ss     0:00.76 /sbin/routed -q  - это для чего?" - маршрутизация
rc.conf:
defaultrouter="XX.XX.XX.XX"
ipv6_enable="NO"
sendmail_enable="NO"
gateway_enable="YES"
hostname="rusgeolit"
ifconfig_rl0="inet XX.XX.XX.XX netmask 255.255.255.252"
ifconfig_ste0="inet 192.168.2.1  netmask 255.255.255.0"
ifconfig_vr0="inet 192.168.1.1  netmask 255.255.255.0"
keymap="ru.koi8-r"
nisdomainname="NO"
router="/sbin/routed"
router_enable="YES"
router_flags="-q"
natd_enable="YES"
natd_interface="rl0"
firewall_enable="YES"
firewall_type="MYRULES"
rpcbind_enable="YES"
sshd_enable="YES"
bruteblockd_enable="YES"
bruteblockd_table="1"
bruteblockd_flags="-s 600"
proftpd_enable="YES"
mpd_enable="YES"
apache22_enable="YES"
apache22_http_accept_enable="YES"
mysql_enable="YES"
squid_enable="YES"
dhcpd_enable="YES"                          # dhcpd enabled?
dhcpd_flags="-q"                            # command option(s)
dhcpd_conf="/usr/local/etc/dhcpd.conf"      # configuration filer
dhcpd_ifaces="vr0"                          # ethernet interface(s)
dhcpd_withumask="022"                       # file creation maskr

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено rt1975 , 16-Янв-11 22:34

после установки и разрыва соединения через мпд вывод dmesg меняется -
CPU: Intel(R) Celeron(R) CPU          420  @ 1.60GHz (1600.01-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x10661  Family = 6  Model = 16  Stepping = 1
  Features=0xafebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE>
  Features2=0xe31d<SSE3,DTES64,MON,DS_CPL,TM2,SSSE3,CX16,xTPR,PDCM>
  AMD Features=0x20100000<NX,LM>
  AMD Features2=0x1<LAHF>
  TSC: P-state invariant
real memory  = 1065287680 (1015 MB)
avail memory = 1032347648 (984 MB)
ACPI APIC Table: <JETWAY AWRDACPI>
ioapic0 <Version 2.0> irqs 0-23 on motherboard
acpi0: <JETWAY AWRDACPI> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
acpi0: reservation of 0, 3f7f0000 (3) failed
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
cpu0: <ACPI CPU> on acpi0
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
vgapci0: <VGA-compatible display> port 0xff00-0xff07 mem 0xfdf00000-0xfdf7ffff,0xd0000000-0xdfffffff,0xfdf80000-0xfdfbffff irq 16 at device 2.0 on pci0
pcib1: <ACPI PCI-PCI bridge> irq 16 at device 28.0 on pci0
pci1: <ACPI PCI bus> on pcib1
uhci0: <Intel 82801G (ICH7) USB controller USB-A> port 0xfe00-0xfe1f irq 23 at device 29.0 on pci0
uhci0: [ITHREAD]
usbus0: <Intel 82801G (ICH7) USB controller USB-A> on uhci0
uhci1: <Intel 82801G (ICH7) USB controller USB-B> port 0xfd00-0xfd1f irq 19 at device 29.1 on pci0
uhci1: [ITHREAD]
usbus1: <Intel 82801G (ICH7) USB controller USB-B> on uhci1
uhci2: <Intel 82801G (ICH7) USB controller USB-C> port 0xfc00-0xfc1f irq 18 at device 29.2 on pci0
uhci2: [ITHREAD]
usbus2: <Intel 82801G (ICH7) USB controller USB-C> on uhci2
uhci3: <Intel 82801G (ICH7) USB controller USB-D> port 0xfb00-0xfb1f irq 16 at device 29.3 on pci0
uhci3: [ITHREAD]
usbus3: <Intel 82801G (ICH7) USB controller USB-D> on uhci3
ehci0: <Intel 82801GB/R (ICH7) USB 2.0 controller> mem 0xfdfff000-0xfdfff3ff irq 23 at device 29.7 on pci0
ehci0: [ITHREAD]
usbus4: EHCI version 1.0
usbus4: <Intel 82801GB/R (ICH7) USB 2.0 controller> on ehci0
pcib2: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci2: <ACPI PCI bus> on pcib2
vr0: <VIA VT6105 Rhine III 10/100BaseTX> port 0xdc00-0xdcff mem 0xfdeff000-0xfdeff0ff irq 16 at device 1.0 on pci2
vr0: Quirks: 0x0
vr0: Revision: 0x8b
miibus0: <MII bus> on vr0
ukphy0: <Generic IEEE 802.3u media interface> PHY 1 on miibus0
ukphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
vr0: Ethernet address: 00:26:5a:13:d5:60
vr0: [ITHREAD]
ste0: <Sundance ST201 10/100BaseTX> port 0xdf00-0xdf7f mem 0xfdefe000-0xfdefe1ff irq 17 at device 2.0 on pci2
miibus1: <MII bus> on ste0
ukphy1: <Generic IEEE 802.3u media interface> PHY 0 on miibus1
ukphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
ste0: Ethernet address: 00:26:18:eb:bf:96
ste0: [ITHREAD]
rl0: <RealTek 8139 10/100BaseTX> port 0xda00-0xdaff mem 0xfdefd000-0xfdefd0ff irq 19 at device 4.0 on pci2
miibus2: <MII bus> on rl0
rlphy0: <RealTek internal media interface> PHY 0 on miibus2
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl0: Ethernet address: 00:30:18:a2:35:02
rl0: [ITHREAD]
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH7 SATA300 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf800-0xf80f at device 31.2 on pci0
ata0: <ATA channel 0> on atapci0
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci0
ata1: [ITHREAD]
pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
acpi_tz0: <Thermal Zone> on acpi0
atrtc0: <AT realtime clock> port 0x70-0x73 irq 8 on acpi0
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart0: [FILTER]
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
orm0: <ISA Option ROMs> at iomem 0xcc000-0xd3fff,0xef000-0xeffff pnpid ORM0000 on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
p4tcc0: <CPU Frequency Thermal Control> on cpu0
Timecounter "TSC" frequency 1600011424 Hz quality 800
Timecounters tick every 1.000 msec
ipfw2 (+ipv6) initialized, divert enabled, nat enabled, rule-based forwarding enabled, default to deny, logging disabled
load_dn_sched dn_sched FIFO loaded
load_dn_sched dn_sched PRIO loaded
load_dn_sched dn_sched QFQ loaded
load_dn_sched dn_sched RR loaded
load_dn_sched dn_sched WF2Q+ loaded
usbus0: 12Mbps Full Speed USB v1.0
usbus1: 12Mbps Full Speed USB v1.0
usbus2: 12Mbps Full Speed USB v1.0
usbus3: 12Mbps Full Speed USB v1.0
usbus4: 480Mbps High Speed USB v2.0
ad0: 953869MB <Seagate ST31000520AS CC32> at ata0-master UDMA100 SATA
ugen0.1: <Intel> at usbus0
uhub0: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
ugen1.1: <Intel> at usbus1
uhub1: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1
ugen2.1: <Intel> at usbus2
uhub2: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2
ugen3.1: <Intel> at usbus3
uhub3: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus3
ugen4.1: <Intel> at usbus4
uhub4: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus4
acd0: DVDR <PIONEER DVD-RW DVR-112D/1.21> at ata1-master UDMA66 SATA
Root mount waiting for: usbus4 usbus3 usbus2 usbus1 usbus0
uhub0: 2 ports with 2 removable, self powered
uhub1: 2 ports with 2 removable, self powered
uhub2: 2 ports with 2 removable, self powered
uhub3: 2 ports with 2 removable, self powered
Root mount waiting for: usbus4
Root mount waiting for: usbus4
Root mount waiting for: usbus4
uhub4: 8 ports with 8 removable, self powered
Trying to mount root from ufs:/dev/ad0s1a
rl0: link state changed to UP
nd6_setmtu0: new link MTU on ng0 (576) is too small for IPv6
nd6_setmtu0: new link MTU on ng0 (576) is too small for IPv6
добавлена последняя строчка.

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено PavelR , 16-Янв-11 23:33

>> покажите
>> dmesg
>> dmesg -a
>> включите расширенные логи mpd, задействуте ipfw nat или pf nat вместо natd
> В логах мдп все хорошо, на соединение по мпд нат не использую..
ну так не стесняемся, показываем..

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено rt1975 , 17-Янв-11 03:14

> ну так не стесняемся, показываем..
:) Полный лог с подключением/отключением клиента
Jan 16 23:18:28 server mpd: [L-1] Accepting PPTP connection
Jan 16 23:18:28 server mpd: [L-1] Link: OPEN event
Jan 16 23:18:28 server mpd: [L-1] LCP: Open event
Jan 16 23:18:28 server mpd: [L-1] LCP: state change Initial --> Starting
Jan 16 23:18:28 server mpd: [L-1] LCP: LayerStart
Jan 16 23:18:28 server mpd: [L-1] PPTP: attaching to peer's outgoing call
Jan 16 23:18:28 server mpd: [L-1] Link: UP event
Jan 16 23:18:28 server mpd: [L-1] LCP: Up event
Jan 16 23:18:28 server mpd: [L-1] LCP: state change Starting --> Req-Sent
Jan 16 23:18:28 server mpd: [L-1] LCP: SendConfigReq #1
Jan 16 23:18:28 server mpd: [L-1]   ACFCOMP
Jan 16 23:18:28 server mpd: [L-1]   PROTOCOMP
Jan 16 23:18:28 server mpd: [L-1]   MRU 1500
Jan 16 23:18:28 server mpd: [L-1]   MAGICNUM 10fbf260
Jan 16 23:18:28 server mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Jan 16 23:18:28 server mpd: [L-1]   MP MRRU 2048
Jan 16 23:18:28 server mpd: [L-1]   MP SHORTSEQ
Jan 16 23:18:28 server mpd: [L-1]   ENDPOINTDISC [802.1] 00 26 5a 13 d5 60
Jan 16 23:18:28 server mpd: [L-1] LCP: rec'd Configure Request #0 (Req-Sent)
Jan 16 23:18:28 server mpd: [L-1]   MRU 1400
Jan 16 23:18:28 server mpd: [L-1]   MAGICNUM 666a791a
Jan 16 23:18:28 server mpd: [L-1]   PROTOCOMP
Jan 16 23:18:28 server mpd: [L-1]   ACFCOMP
Jan 16 23:18:28 server mpd: [L-1]   CALLBACK 6
Jan 16 23:18:28 server mpd: [L-1] LCP: SendConfigRej #0
Jan 16 23:18:28 server mpd: [L-1]   CALLBACK 6
Jan 16 23:18:28 server mpd: [L-1] LCP: rec'd Configure Request #1 (Req-Sent)
Jan 16 23:18:28 server mpd: [L-1]   MRU 1400
Jan 16 23:18:28 server mpd: [L-1]   MAGICNUM 666a791a
Jan 16 23:18:28 server mpd: [L-1]   PROTOCOMP
Jan 16 23:18:28 server mpd: [L-1]   ACFCOMP
Jan 16 23:18:28 server mpd: [L-1] LCP: SendConfigAck #1
Jan 16 23:18:28 server mpd: [L-1]   MRU 1400
Jan 16 23:18:28 server mpd: [L-1]   MAGICNUM 666a791a
Jan 16 23:18:28 server mpd: [L-1]   PROTOCOMP
Jan 16 23:18:28 server mpd: [L-1]   ACFCOMP
Jan 16 23:18:28 server mpd: [L-1] LCP: state change Req-Sent --> Ack-Sent
Jan 16 23:18:30 server mpd: [L-1] LCP: SendConfigReq #2
Jan 16 23:18:30 server mpd: [L-1]   ACFCOMP
Jan 16 23:18:30 server mpd: [L-1]   PROTOCOMP
Jan 16 23:18:30 server mpd: [L-1]   MRU 1500
Jan 16 23:18:30 server mpd: [L-1]   MAGICNUM 10fbf260
Jan 16 23:18:30 server mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Jan 16 23:18:30 server mpd: [L-1]   MP MRRU 2048
Jan 16 23:18:30 server mpd: [L-1]   MP SHORTSEQ
Jan 16 23:18:30 server mpd: [L-1]   ENDPOINTDISC [802.1] 00 26 5a 13 d5 60
Jan 16 23:18:30 server mpd: [L-1] LCP: rec'd Configure Reject #2 (Ack-Sent)
Jan 16 23:18:30 server mpd: [L-1]   MP MRRU 2048
Jan 16 23:18:30 server mpd: [L-1]   MP SHORTSEQ
Jan 16 23:18:30 server mpd: [L-1]   ENDPOINTDISC [802.1] 00 26 5a 13 d5 60
Jan 16 23:18:30 server mpd: [L-1] LCP: SendConfigReq #3
Jan 16 23:18:30 server mpd: [L-1]   ACFCOMP
Jan 16 23:18:30 server mpd: [L-1]   PROTOCOMP
Jan 16 23:18:30 server mpd: [L-1]   MRU 1500
Jan 16 23:18:30 server mpd: [L-1]   MAGICNUM 10fbf260
Jan 16 23:18:30 server mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Jan 16 23:18:30 server mpd: [L-1] LCP: rec'd Configure Ack #3 (Ack-Sent)
Jan 16 23:18:30 server mpd: [L-1]   ACFCOMP
Jan 16 23:18:30 server mpd: [L-1]   PROTOCOMP
Jan 16 23:18:30 server mpd: [L-1]   MRU 1500
Jan 16 23:18:30 server mpd: [L-1]   MAGICNUM 10fbf260
Jan 16 23:18:30 server mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Jan 16 23:18:30 server mpd: [L-1] LCP: state change Ack-Sent --> Opened
Jan 16 23:18:30 server mpd: [L-1] LCP: auth: peer wants nothing, I want CHAP
Jan 16 23:18:30 server mpd: [L-1] CHAP: sending CHALLENGE #1 len: 21
Jan 16 23:18:30 server mpd: [L-1] LCP: LayerUp
Jan 16 23:18:30 server mpd: [L-1] LCP: rec'd Ident #2 (Opened)
Jan 16 23:18:30 server mpd: [L-1]   MESG: MSRASV5.10
Jan 16 23:18:30 server mpd: [L-1] LCP: rec'd Ident #3 (Opened)
Jan 16 23:18:30 server mpd: [L-1]   MESG: MSRAS-0-DIGGER
Jan 16 23:18:30 server mpd: [L-1] CHAP: rec'd RESPONSE #1 len: 60
Jan 16 23:18:30 server mpd: [L-1]   Name: "user"
Jan 16 23:18:30 server mpd: [L-1] AUTH: Trying INTERNAL
Jan 16 23:18:31 server mpd: [L-1] AUTH: INTERNAL returned: undefined
Jan 16 23:18:31 server mpd: [L-1] CHAP: Auth return status: undefined
Jan 16 23:18:31 server mpd: [L-1] CHAP: Response is valid
Jan 16 23:18:31 server mpd: [L-1] CHAP: Reply message: S=A925429CB210D99936E6708445583B4F286992EC
Jan 16 23:18:31 server mpd: [L-1] CHAP: sending SUCCESS #1 len: 46
Jan 16 23:18:31 server mpd: [L-1] LCP: authorization successful
Jan 16 23:18:31 server mpd: [L-1] Link: Matched action 'bundle "B" ""'
Jan 16 23:18:31 server mpd: [L-1] Creating new bundle using template "B".
Jan 16 23:18:31 server mpd: [B-1] Bundle: Interface ng0 created
Jan 16 23:18:31 server mpd: [L-1] Link: Join bundle "B-1"
Jan 16 23:18:31 server mpd: [B-1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
Jan 16 23:18:31 server mpd: [B-1] IPCP: Open event
Jan 16 23:18:31 server mpd: [B-1] IPCP: state change Initial --> Starting
Jan 16 23:18:31 server mpd: [B-1] IPCP: LayerStart
Jan 16 23:18:31 server mpd: [B-1] CCP: Open event
Jan 16 23:18:31 server mpd: [B-1] CCP: state change Initial --> Starting
Jan 16 23:18:31 server mpd: [B-1] CCP: LayerStart
Jan 16 23:18:31 server mpd: [B-1] ECP: Open event
Jan 16 23:18:31 server mpd: [B-1] ECP: state change Initial --> Starting
Jan 16 23:18:31 server mpd: [B-1] ECP: LayerStart
Jan 16 23:18:31 server mpd: [B-1] IPCP: Up event
Jan 16 23:18:31 server mpd: [B-1] IPCP: state change Starting --> Req-Sent
Jan 16 23:18:31 server mpd: [B-1] IPCP: SendConfigReq #1
Jan 16 23:18:31 server mpd: [B-1]   IPADDR 192.168.0.1
Jan 16 23:18:31 server mpd: [B-1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Jan 16 23:18:31 server mpd: [B-1] CCP: Up event
Jan 16 23:18:31 server mpd: [B-1] CCP: state change Starting --> Req-Sent
Jan 16 23:18:31 server mpd: [B-1] CCP: SendConfigReq #1
Jan 16 23:18:31 server mpd: [B-1]   MPPC
Jan 16 23:18:31 server mpd: [B-1]     0x010000e0:MPPE(40, 56, 128 bits), stateless
Jan 16 23:18:31 server mpd: [B-1] ECP: Up event
Jan 16 23:18:31 server mpd: [B-1] ECP: state change Starting --> Req-Sent
Jan 16 23:18:31 server mpd: [B-1] ECP: SendConfigReq #1
Jan 16 23:18:31 server mpd: [B-1] CCP: rec'd Configure Request #4 (Req-Sent)
Jan 16 23:18:31 server mpd: [B-1]   MPPC
Jan 16 23:18:31 server mpd: [B-1]     0x010000e1:MPPC, MPPE(40, 56, 128 bits), stateless
Jan 16 23:18:31 server mpd: [B-1] CCP: SendConfigNak #4
Jan 16 23:18:31 server mpd: [B-1]   MPPC
Jan 16 23:18:31 server mpd: [B-1]     0x01000040:MPPE(128 bits), stateless
Jan 16 23:18:31 server mpd: [B-1] IPCP: rec'd Configure Request #5 (Req-Sent)
Jan 16 23:18:31 server mpd: [B-1]   IPADDR 0.0.0.0
Jan 16 23:18:31 server mpd: [B-1]     NAKing with 192.168.0.64
Jan 16 23:18:31 server mpd: [B-1]   PRIDNS 0.0.0.0
Jan 16 23:18:31 server mpd: [B-1]     NAKing with 1.1.1.1
Jan 16 23:18:31 server mpd: [B-1]   PRINBNS 0.0.0.0
Jan 16 23:18:31 server mpd: [B-1]   SECDNS 0.0.0.0
Jan 16 23:18:31 server mpd: [B-1]   SECNBNS 0.0.0.0
Jan 16 23:18:31 server mpd: [B-1] IPCP: SendConfigRej #5
Jan 16 23:18:31 server mpd: [B-1]   PRINBNS 0.0.0.0
Jan 16 23:18:31 server mpd: [B-1]   SECDNS 0.0.0.0
Jan 16 23:18:31 server mpd: [B-1]   SECNBNS 0.0.0.0
Jan 16 23:18:31 server mpd: [B-1] IPCP: rec'd Configure Reject #1 (Req-Sent)
Jan 16 23:18:31 server mpd: [B-1]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Jan 16 23:18:31 server mpd: [B-1] IPCP: SendConfigReq #2
Jan 16 23:18:31 server mpd: [B-1]   IPADDR 192.168.0.1
Jan 16 23:18:31 server mpd: [B-1] CCP: rec'd Configure Nak #1 (Req-Sent)
Jan 16 23:18:31 server mpd: [B-1]   MPPC
Jan 16 23:18:31 server mpd: [B-1]     0x01000040:MPPE(128 bits), stateless
Jan 16 23:18:31 server mpd: [B-1] CCP: SendConfigReq #2
Jan 16 23:18:31 server mpd: [B-1]   MPPC
Jan 16 23:18:31 server mpd: [B-1]     0x01000040:MPPE(128 bits), stateless
Jan 16 23:18:31 server mpd: [L-1] LCP: rec'd Protocol Reject #6 (Opened)
Jan 16 23:18:31 server mpd: [L-1] LCP: protocol ECP was rejected
Jan 16 23:18:31 server mpd: [B-1] ECP: protocol was rejected by peer
Jan 16 23:18:31 server mpd: [B-1] ECP: state change Req-Sent --> Stopped
Jan 16 23:18:31 server mpd: [B-1] ECP: LayerFinish
Jan 16 23:18:31 server mpd: [B-1] CCP: rec'd Configure Request #7 (Req-Sent)
Jan 16 23:18:31 server mpd: [B-1]   MPPC
Jan 16 23:18:31 server mpd: [B-1]     0x01000040:MPPE(128 bits), stateless
Jan 16 23:18:31 server mpd: [B-1] CCP: SendConfigAck #7
Jan 16 23:18:31 server mpd: [B-1]   MPPC
Jan 16 23:18:31 server mpd: [B-1]     0x01000040:MPPE(128 bits), stateless
Jan 16 23:18:31 server mpd: [B-1] CCP: state change Req-Sent --> Ack-Sent
Jan 16 23:18:31 server mpd: [B-1] IPCP: rec'd Configure Request #8 (Req-Sent)
Jan 16 23:18:31 server mpd: [B-1]   IPADDR 0.0.0.0
Jan 16 23:18:31 server mpd: [B-1]     NAKing with 192.168.0.64
Jan 16 23:18:31 server mpd: [B-1]   PRIDNS 0.0.0.0
Jan 16 23:18:31 server mpd: [B-1]     NAKing with 1.1.1.1
Jan 16 23:18:31 server mpd: [B-1] IPCP: SendConfigNak #8
Jan 16 23:18:31 server mpd: [B-1]   IPADDR 192.168.0.64
Jan 16 23:18:31 server mpd: [B-1]   PRIDNS 1.1.1.1
Jan 16 23:18:31 server mpd: [B-1] IPCP: rec'd Configure Ack #2 (Req-Sent)
Jan 16 23:18:31 server mpd: [B-1]   IPADDR 192.168.0.1
Jan 16 23:18:31 server mpd: [B-1] IPCP: state change Req-Sent --> Ack-Rcvd
Jan 16 23:18:31 server mpd: [B-1] CCP: rec'd Configure Ack #2 (Ack-Sent)
Jan 16 23:18:31 server mpd: [B-1]   MPPC
Jan 16 23:18:31 server mpd: [B-1]     0x01000040:MPPE(128 bits), stateless
Jan 16 23:18:31 server mpd: [B-1] CCP: state change Ack-Sent --> Opened
Jan 16 23:18:31 server mpd: [B-1] CCP: LayerUp
Jan 16 23:18:31 server mpd: [B-1] CCP: Compress using: mppc (MPPE(128 bits), stateless)
Jan 16 23:18:31 server mpd: [B-1] CCP: Decompress using: mppc (MPPE(128 bits), stateless)
Jan 16 23:18:31 server mpd: [B-1] IPCP: rec'd Configure Request #9 (Ack-Rcvd)
Jan 16 23:18:31 server mpd: [B-1]   IPADDR 192.168.0.64
Jan 16 23:18:31 server mpd: [B-1]     192.168.0.64 is OK
Jan 16 23:18:31 server mpd: [B-1]   PRIDNS 1.1.1.1
Jan 16 23:18:31 server mpd: [B-1] IPCP: SendConfigAck #9
Jan 16 23:18:31 server mpd: [B-1]   IPADDR 192.168.0.64
Jan 16 23:18:31 server mpd: [B-1]   PRIDNS 1.1.1.1
Jan 16 23:18:31 server mpd: [B-1] IPCP: state change Ack-Rcvd --> Opened
Jan 16 23:18:31 server mpd: [B-1] IPCP: LayerUp
Jan 16 23:18:31 server mpd: [B-1]   192.168.0.1 -> 192.168.0.64
Jan 16 23:18:31 server mpd: [B-1] IFACE: No interface to proxy arp on for 192.168.0.64
Jan 16 23:18:31 server mpd: [B-1] IFACE: Up event
Jan 16 23:18:38 server mpd: [L-1] LCP: rec'd Terminate Request #10 (Opened)
Jan 16 23:18:38 server mpd: [L-1] LCP: state change Opened --> Stopping
Jan 16 23:18:38 server mpd: [L-1] Link: Leave bundle "B-1"
Jan 16 23:18:38 server mpd: [B-1] Bundle: Status update: up 0 links, total bandwidth 9600 bps
Jan 16 23:18:38 server mpd: [B-1] IPCP: Close event
Jan 16 23:18:38 server mpd: [B-1] IPCP: state change Opened --> Closing
Jan 16 23:18:38 server mpd: [B-1] IPCP: SendTerminateReq #3
Jan 16 23:18:38 server mpd: [B-1] IPCP: LayerDown
Jan 16 23:18:38 server mpd: [B-1] IFACE: Down event
Jan 16 23:18:38 server mpd: [B-1] CCP: Close event
Jan 16 23:18:38 server mpd: [B-1] CCP: state change Opened --> Closing
Jan 16 23:18:38 server mpd: [B-1] CCP: SendTerminateReq #3
Jan 16 23:18:38 server mpd: [B-1] CCP: LayerDown
Jan 16 23:18:38 server mpd: [B-1] ECP: Close event
Jan 16 23:18:38 server mpd: [B-1] ECP: state change Stopped --> Closed
Jan 16 23:18:38 server mpd: [B-1] IPCP: Down event
Jan 16 23:18:38 server mpd: [B-1] IPCP: LayerFinish
Jan 16 23:18:38 server mpd: [B-1] Bundle: No NCPs left. Closing links...
Jan 16 23:18:38 server mpd: [B-1] IPCP: state change Closing --> Initial
Jan 16 23:18:38 server mpd: [B-1] CCP: Down event
Jan 16 23:18:38 server mpd: [B-1] CCP: LayerFinish
Jan 16 23:18:38 server mpd: [B-1] CCP: state change Closing --> Initial
Jan 16 23:18:38 server mpd: [B-1] ECP: Down event
Jan 16 23:18:38 server mpd: [B-1] ECP: state change Closed --> Initial
Jan 16 23:18:38 server mpd: [B-1] Bundle: Shutdown
Jan 16 23:18:38 server mpd: [L-1] LCP: SendTerminateAck #4
Jan 16 23:18:38 server mpd: [L-1] LCP: LayerDown
Jan 16 23:18:39 server mpd: [L-1] rec'd proto IP during terminate phase
Jan 16 23:18:40 server mpd: [L-1] LCP: rec'd Terminate Request #11 (Stopping)
Jan 16 23:18:40 server mpd: [L-1] LCP: SendTerminateAck #5
Jan 16 23:18:40 server mpd: [L-1] LCP: state change Stopping --> Stopped
Jan 16 23:18:40 server mpd: [L-1] LCP: LayerFinish
Jan 16 23:18:40 server mpd: [L-1] PPTP call terminated
Jan 16 23:18:40 server mpd: [L-1] Link: DOWN event
Jan 16 23:18:40 server mpd: [L-1] LCP: Close event
Jan 16 23:18:40 server mpd: [L-1] LCP: state change Stopped --> Closed
Jan 16 23:18:40 server mpd: [L-1] LCP: Down event
Jan 16 23:18:40 server mpd: [L-1] LCP: state change Closed --> Initial
Jan 16 23:18:40 server mpd: [L-1] Link: SHUTDOWN event
Jan 16 23:18:40 server mpd: [L-1] Link: Shutdown

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено rt1975 , 17-Янв-11 21:45

мля.. задрало. буду пробовать как openvpn будет отрабатывать. Отпишусь. Но вопрос не закрыт, если у кого есть какие мысли - пишите, хочется добить это дело..

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено Сергей , 17-Янв-11 22:34

> мля.. задрало. буду пробовать как openvpn будет отрабатывать. Отпишусь. Но вопрос не
> закрыт, если у кого есть какие мысли - пишите, хочется добить
> это дело..
У меня mtu установлен в 1460 и вроде все пашет...

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено rt1975 , 18-Янв-11 14:34

Эксперимент прошел успешно, c openvpn все работает нормально..

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено rt1975 , 22-Янв-11 04:39

> Эксперимент прошел успешно, c openvpn все работает нормально..
уважаемые гуру, по поводу мпд даже нет никаких предположений?

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено mic123456 , 28-Фев-11 09:17

>> Эксперимент прошел успешно, c openvpn все работает нормально..
> уважаемые гуру, по поводу мпд даже нет никаких предположений?
посмотрите тему
http://bsdportal.ru/viewtopic.php?t=20617
столкнулся со схожей проблемой

"Периодические проблемы с шлюзом на FreeBSD 8"
Отправлено rt1975 , 28-Фев-11 14:52

> посмотрите тему
> http://bsdportal.ru/viewtopic.php?t=20617
> столкнулся со схожей проблемой
Спасибо!