The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

форумы  помощь  поиск  регистрация  майллист  ВХОД  слежка  RSS
"проблемы с nat"
Вариант для распечатки Архивированная нить - только для чтения! 
Пред. тема | След. тема 
Форумы OpenNET: Виртуальная конференция (Public)
Изначальное сообщение [Проследить за развитием треда]

"проблемы с nat"
Сообщение от victor emailИскать по авторуВ закладки on 09-Дек-03, 19:04  (MSK)
ситуация такая. есть роутер (freebsd4.9), два интерфейса - один в мир с реальным ip - другой - в внутреннюю сеть. надо пустить народ в мир - проблема решается простым использованием nat.

делаю:
1. в ядро -
options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=0
options         IPDIVERT
options         DUMMYNET
options         IPFIREWALL_DEFAULT_TO_ACCEPT

по сути нужны первая и четвертая.

ядро пересобираю.

2. rc.conf

ifconfig_rl0="inet 193.---.---.154 netmask 255.255.255.248" - это меня смущает - но вроде так должно быть, сказал провайдер.
ifconfig_ed0="inet 192.168.0.99  netmask 255.255.255.0"
defaultrouter="193.---.---.153"
hostname="---"
firewall_enable="YES"
gateway_enable="YES"
firewall_type="/etc/firewall.conf"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-f /etc/natd.conf"

3. natd.conf -

interface rl0
use_sockets yes
same_ports yes
redirect_port tcp 192.168.0.9:25 25
redirect_port tcp 192.168.0.9:110 110

пробовал как с последними двумя строчками так и без них

3. правила ipfw

00100 divert 8668 ip from any to any via rl0
65535 allow ip from any to any

пробывал более точно -

divert natd ip from 192.168.0.0/24 to not 192.168.0.0/24 out via rl0
divert natd ip from any to 193.---.---.153 in via rl0
allow all from any to any

natd в памяти висит, порт 8668 используется.

но запросы из внутренней сети в мир не идут.

tcpdump пишет:

tcpdump -xX -i rl0 port 110
tcpdump: listening on ed0
17:36:11.789698 192.168.0.9.3522 > 192.168.0.99.pop3: S 120948933:120948933(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
0x0000   4500 0030 67b8 4000 8006 1153 c0a8 0009        E..0g.@....S....
0x0010   c0a8 0063 0dc2 006e 0735 88c5 0000 0000        ...c...n.5......
0x0020   7002 4000 2338 0000 0204 05b4 0101 0402        p.@.#8..........
17:36:11.789802 192.168.0.99.pop3 > 192.168.0.9.3522: R 0:0(0) ack 120948934 win 0
0x0000   4500 0028 80e7 0000 4006 782c c0a8 0063        E..(....@.x,...c
0x0010   c0a8 0009 006e 0dc2 0000 0000 0735 88c6        .....n.......5..
0x0020   5014 0000 8fe8 0000                            P.......
17:36:12.285654 192.168.0.9.3522 > 192.168.0.99.pop3: S 120948933:120948933(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
0x0000   4500 0030 67b9 4000 8006 1152 c0a8 0009        E..0g.@....R....
0x0010   c0a8 0063 0dc2 006e 0735 88c5 0000 0000        ...c...n.5......
0x0020   7002 4000 2338 0000 0204 05b4 0101 0402        p.@.#8..........
17:36:12.285773 192.168.0.99.pop3 > 192.168.0.9.3522: R 0:0(0) ack 1 win 0
0x0000   4500 0028 80fc 0000 4006 7817 c0a8 0063        E..(....@.x....c
0x0010   c0a8 0009 006e 0dc2 0000 0000 0735 88c6        .....n.......5..
0x0020   5014 0000 8fe8 0000                            P.......
17:36:12.832629 192.168.0.9.3522 > 192.168.0.99.pop3: S 120948933:120948933(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
0x0000   4500 0030 67ba 4000 8006 1151 c0a8 0009        E..0g.@....Q....
0x0010   c0a8 0063 0dc2 006e 0735 88c5 0000 0000        ...c...n.5......
0x0020   7002 4000 2338 0000 0204 05b4 0101 0402        p.@.#8..........
17:36:12.832759 192.168.0.99.pop3 > 192.168.0.9.3522: R 0:0(0) ack 1 win 0
0x0000   4500 0028 80ff 0000 4006 7814 c0a8 0063        E..(....@.x....c
0x0010   c0a8 0009 006e 0dc2 0000 0000 0735 88c6        .....n.......5..
0x0020   5014 0000 8fe8 0000                            P.......

tcpdump -xX -i rl0 port 110
tcpdump: listening on rl0

здесь глухо. т.е. - пакеты попадают на ed0, а дальше - нет.

подскажите, что не так.

  Рекомендовать в FAQ | Cообщить модератору | Наверх

 Оглавление

Индекс форумов | Темы | Пред. тема | След. тема
Сообщения по теме

1. "проблемы с nat"
Сообщение от victor emailИскать по авторуВ закладки on 09-Дек-03, 21:18  (MSK)
up
  Рекомендовать в FAQ | Cообщить модератору | Наверх

2. "проблемы с nat"
Сообщение от dev emailИскать по авторуВ закладки on 09-Дек-03, 22:05  (MSK)
1. С сервера можешь в инет выйти? Это от nat-а не зависит.
2. Попробуй для начала без строчки
natd_flags="-f /etc/natd.conf"

  Рекомендовать в FAQ | Cообщить модератору | Наверх

3. "проблемы с nat"
Сообщение от victor emailИскать по авторуВ закладки on 09-Дек-03, 22:39  (MSK)
>1. С сервера можешь в инет выйти? Это от nat-а не зависит.

можно.

>2. Попробуй для начала без строчки
>natd_flags="-f /etc/natd.conf"

пробовал. много раз убивал natd и запускал руками - и natd -i rl0 и natd -a 193.---.---.154 и с/без ключами -s -u

никак.

  Рекомендовать в FAQ | Cообщить модератору | Наверх

4. "проблемы с nat"
Сообщение от dev emailИскать по авторуВ закладки on 09-Дек-03, 23:01  (MSK)
1. С какими ключами собирал ядро и мир? Покажи /etc/make.conf
2. Попробуй посмотреть, доходят ли пакеты до natd (ipfw show)
  Рекомендовать в FAQ | Cообщить модератору | Наверх

5. "проблемы с nat"
Сообщение от victor emailИскать по авторуВ закладки on 09-Дек-03, 23:35  (MSK)
>1. С какими ключами собирал ядро и мир? Покажи /etc/make.conf

ядро собирал - cd /usr/src; make buildkernel KERNCONF=VILLY

>2. Попробуй посмотреть, доходят ли пакеты до natd (ipfw show)

ipfw s
00400  85450 39550581 divert 8668 ip from any to any via rl0
00500 147659 73996754 allow ip from any to any
65535      0        0 allow ip from any to any

  Рекомендовать в FAQ | Cообщить модератору | Наверх

7. "проблемы с nat"
Сообщение от dev emailИскать по авторуВ закладки on 10-Дек-03, 01:00  (MSK)
>>1. С какими ключами собирал ядро и мир? Покажи /etc/make.conf
>
>ядро собирал - cd /usr/src; make buildkernel KERNCONF=VILLY

-O2 или -O3 в /etc/make.conf случаем нету? были такие грабли на 5.1

>>2. Попробуй посмотреть, доходят ли пакеты до natd (ipfw show)
>
>ipfw s
>00400  85450 39550581 divert 8668 ip from any to any via
>rl0
>00500 147659 73996754 allow ip from any to any
>65535      0      
>  0 allow ip from any to any

можно еще запускать natd -verbose и смотреть, получает ли natd пакеты

  Рекомендовать в FAQ | Cообщить модератору | Наверх

8. "проблемы с nat"
Сообщение от villy emailИскать по авторуВ закладки on 10-Дек-03, 09:25  (MSK)
>>>1. С какими ключами собирал ядро и мир? Покажи /etc/make.conf
>>
>>ядро собирал - cd /usr/src; make buildkernel KERNCONF=VILLY
>
>-O2 или -O3 в /etc/make.conf случаем нету? были такие грабли на 5.1
>
>

make.conf дефолтовый - не трогал его вообще. установка freebsd - бинарная, с диска.

>>>2. Попробуй посмотреть, доходят ли пакеты до natd (ipfw show)
>>
>>ipfw s
>>00400  85450 39550581 divert 8668 ip from any to any via
>>rl0
>>00500 147659 73996754 allow ip from any to any
>>65535      0      
>>  0 allow ip from any to any
>
>можно еще запускать natd -verbose и смотреть, получает ли natd пакеты

попробую

  Рекомендовать в FAQ | Cообщить модератору | Наверх

9. "проблемы с nat"
Сообщение от Aliv Искать по авторуВ закладки on 10-Дек-03, 11:21  (MSK)
Конечно маловероятно, но проверь ping  из локалки в мир по ip адресу.
Может с dns проблемма на виндовой машине?
  Рекомендовать в FAQ | Cообщить модератору | Наверх

10. "проблемы с nat"
Сообщение от victor emailИскать по авторуВ закладки on 13-Дек-03, 11:36  (MSK)
>Конечно маловероятно, но проверь ping  из локалки в мир по ip
>адресу.
>Может с dns проблемма на виндовой машине?


да, обнаружилась проблема с ДНС.

когда пускаю пинг на ip-адресс - идет... на доменное имя - нет.

по малому обошелся ip-адресами, но сама проблема крылась в ДНС.

Всем спасибо за советы и подсказки.

  Рекомендовать в FAQ | Cообщить модератору | Наверх

6. "проблемы с nat"
Сообщение от Freeze Искать по авторуВ закладки on 10-Дек-03, 00:11  (MSK)
Та же фишка 4.9-release только у меня  interface tun0.
пакеты как ни странно летают туда-сюда только как то странно через 3-4, то есть пынги то не нет (пару раз даже удалось с другой машиной сконектиться ). Грешу на виндовую маршрутеризацию (что имхо зря)
Еще было сомнение на 4.9, но у корня тотже самый набор и собирал он её так же , все работает. У нас с ним одна разница - у него не стоит default to accept. и все!

мой make.conf


# $FreeBSD: src/etc/defaults/make.conf,v 1.97.2.74 2002/08/08 09:03:46 ru Exp $
#
# NOTE:  Please would any committer updating this file also update the
# make.conf(5) manual page, if necessary, which is located in
# src/share/man/man5/make.conf.5.
#
# This file, if present, will be read by make (see /usr/share/mk/sys.mk).
# It allows you to override macro definitions to make without changing
# your source tree, or anything the source tree installs.
#
# This file must be in valid Makefile syntax.
#
# You have to find the things you can put here in the Makefiles and
# documentation of the source tree.
#
#
# The CPUTYPE variable controls which processor should be targeted for
# generated code.  This controls processor-specific optimizations in
# certain code (currently only OpenSSL) as well as modifying the value
# of CFLAGS to contain the appropriate optimization directive to gcc.
# The automatic setting of CFLAGS may be overridden using the
# NO_CPU_CFLAGS variable below.
# Currently the following CPU types are recognized:
#   Intel x86 architecture:
#       (AMD CPUs) k7 k6-2 k6 k5
#       (Intel CPUs) p4 p3 p2 i686 i586/mmx i586 i486 i386
#   Alpha/AXP architecture: ev6 pca56 ev56 ev5 ev45 ev4
#
# If you experience any problems after setting this flag, please unset
# it again before submitting a bug report or attempting to modify code.
# It may be that certain types of software will become unstable after being
# compiled with processor-specific (or higher - see below) optimization flags.
# If in doubt, do not set CPUTYPE or CFLAGS to non-default values.
#
#CPUTYPE=i686
#NO_CPU_CFLAGS= true # Don't add -march=<cpu> to CFLAGS automatically
#NO_CPU_COPTFLAGS=true # Don't add -march=<cpu> to COPTFLAGS automatically
#
# CFLAGS controls the compiler settings used when compiling C code.
# Note that optimization settings above -O (-O2, ...) are not recommended
# or supported for compiling the world or the kernel - please revert any
# nonstandard optimization settings to "-O" before submitting bug reports
# to the developers.
# Note also that at this time the -O2 setting is known to produce BROKEN
# CODE on the Alpha platform.
#
#CFLAGS= -O -pipe
#
# CXXFLAGS controls the compiler settings used when compiling C++ code.
# Note that CXXFLAGS is initially set to the value of CFLAGS.  If you wish
# to add to CXXFLAGS value, "+=" must be used rather than "=".  Using "="
# alone will remove the often needed contents of CFLAGS from CXXFLAGS.
#
#CXXFLAGS+= -fmemoize-lookups -fsave-memoized
#
# BDECFLAGS are a set of gcc warning settings that Bruce Evans has suggested
# for use in developing FreeBSD and testing changes.  They can be used by
# putting "CFLAGS+=${BDECFLAGS}" in /etc/make.conf.  -Wconversion is not
# included here due to compiler bugs, e.g., mkdir()'s mode_t argument.
#
BDECFLAGS= -W -Wall -ansi -pedantic -Wbad-function-cast -Wcast-align \
-Wcast-qual -Wchar-subscripts -Winline \
-Wmissing-prototypes -Wnested-externs -Wpointer-arith \
-Wredundant-decls -Wshadow -Wstrict-prototypes -Wwrite-strings
#
# WARNS_WERROR causes -Werror to be added when WARNS is in effect.
#
#WARNS_WERROR= yes
#
# To compile just the kernel with special optimizations, you should use
# this instead of CFLAGS (which is not applicable to kernel builds anyway).
# There is very little to gain by using higher optimization levels, and doing
# so can cause problems.
#
#COPTFLAGS= -O -pipe
#
# Compare before install
#INSTALL=install -C
#
# To enable installing suidperl with the setuid bit turned on
#ENABLE_SUIDPERL= true
#
# To build ppp with normal permissions
#PPP_NOSUID= true
#
# To enable installing ssh(1) with the setuid bit turned on
#ENABLE_SUID_SSH= true
#
# To avoid building various parts of the base system:
NO_CVS= true # do not build CVS
NO_BIND= true # do not build BIND
NO_FORTRAN= true # do not build g77 and related libraries
NO_I4B= true # do not build isdn4bsd package
#NO_IPFILTER= true # do not build IP Filter package
NO_LPR= true # do not build lpr and related programs
NO_MAILWRAPPER=true # do not build the mailwrapper(8) MTA selector
#NO_MODULES= true # do not build modules with the kernel
NO_OBJC= true # do not build Objective C support
#NO_OPENSSH= true # do not build OpenSSH
#NO_OPENSSL= true # do not build OpenSSL (implies NO_OPENSSH)
NO_SENDMAIL= true # do not build sendmail and related programs
NO_SHAREDOCS= true # do not build the 4.4BSD legacy docs
#NO_TCSH= true # do not build and install /bin/csh (which is tcsh)
NO_X= true # do not compile in XWindows support (e.g. doscmd)
#NOCRYPT= true # do not build any crypto code
NOGAMES= true # do not build games (games/ subdir)
NOINFO= true # do not make or install info files
#NOLIBC_R= true # do not build libc_r (re-entrant version of libc)
#NOPERL= true # do not build perl. Disables OpenSSL optimizations
#NOPROFILE= true # Avoid compiling profiled libraries
#NOSECURE= true # do not build crypto code in secure/ subdir
#NOSHARE= true # do not go into the share subdir
NOUUCP= true # do not build uucp related programs
#
# To build the OpenSSL manpages, uncomment the following.  These are not
# built by default because they clobber a number of system manpages with
# manpages describing parts of the OpenSSL toolkit, including passwd(1),
# err(3), md5(3), and others.
#
#WANT_OPENSSL_MANPAGES= true
#
# To build sys/modules when building the world (our old way of doing things)
#MODULES_WITH_WORLD=true # do not build modules when building kernel
#
# The list of modules to build instead of all of them.
#MODULES_OVERRIDE= linux ipfw
#
# The following controls building optional IDEA code in libcrypto and
# certain ports.  Patents are involved - you must not use this unless
# you either have a license or fall within patent 'fair use'
# provisions.
#
# *** It is YOUR RESPONSIBILITY to determine if you can use this! ***
#
# IDEA is patented in the USA and many European countries - thought to
# be OK to use for any non-commercial use.  This is optional.
#MAKE_IDEA= YES # IDEA (128 bit symmetric encryption)
#
# To avoid running MAKEDEV all on /dev during install:
#NO_MAKEDEV= true
#
# If you do not want unformatted manual pages to be compressed
# when they are installed:
#
#NOMANCOMPRESS= true
#
#
# If you want the "compat" shared libraries installed as part of your normal
# builds, uncomment these:
#
#COMPAT1X= yes
#COMPAT20= yes
#COMPAT21= yes
#COMPAT22= yes
#COMPAT3X= yes
#COMPAT4X= yes
#
#
# If you do not want additional documentation (some of which are
# a few hundred KB's) for ports to be installed:
#
NOPORTDOCS= true
#
#
# Default format for system documentation, depends on your printer.
# Set this to "ascii" for simple printers or screen
#
#PRINTERDEVICE= ps
#
#
# How long to wait for a console keypress before booting the default kernel.
# This value is approximately in milliseconds. Keypresses are accepted by the
# BIOS before booting from disk, making it possible to give custom boot
# parameters even when this is set to 0.
#
#BOOTWAIT=0
#BOOTWAIT=30000
#
# By default, the system will always use the keyboard/video card as system
# console.  However, the boot blocks may be dynamically configured to use a
# serial port in addition to or instead of the keyboard/video console.
#
# By default we use COM1 as our serial console port *if* we're going to use
# a serial port as our console at all.  Alter as necessary.
#
#   COM1: = 0x3F8, COM2: = 0x2F8, COM3: = 0x3E8, COM4: = 0x2E8
#
#BOOT_COMCONSOLE_PORT= 0x3F8
#
# The default serial console speed is 9600.  Set the speed to a larger value
# for better interactive response.
#
#BOOT_COMCONSOLE_SPEED= 115200
#
# By default the 'pxeboot' loader retrieves the kernel via NFS.  Defining
# this and recompiling /usr/src/sys/boot will cause it to retrieve the kernel
# via TFTP.  This allows pxeboot to load a custom BOOTP diskless kernel yet
# still mount the server's '/' (i.e. rather than load the server's kernel).
#
#LOADER_TFTP_SUPPORT= YES
#
# By default, the ports collection attempts to use XFree86 4.X.  If
# you are running XFree86 3.3.X, uncomment this line.
#
#XFREE86_VERSION= 3
#
# By default, this points to /usr/X11R6 for XFree86 releases 3.0 or earlier.
# If you have a XFree86 from before 3.0 that has the X distribution in
# /usr/X386, you want to uncomment this.
#
#X11BASE= /usr/X386
#
#
# If you have Motif on your system, uncomment this.
#
#HAVE_MOTIF= yes
#MOTIF_STATIC=  yes
#
# If the default location of the Motif library (specified below) is NOT
# appropriate for you, uncomment this and change it to the correct value.
# If your motif is in ${X11BASE}/lib, you don't need to touch this line.
#
#MOTIFLIB= -L${X11BASE}/lib -lXm
#
#
# If you're resident in the USA, this will help various ports to determine
# whether or not they should attempt to comply with the various U.S.
# export regulations on certain types of software which do not apply to
# anyone else in the world.
#
#USA_RESIDENT= YES
#
#
# Override "don't install a port that's already installed" behavior.
# One might wish to do this for ports debugging or to unconditionally
# reinstall a set of suspect/broken ports.
#
#FORCE_PKG_REGISTER=    YES
#
#
# If you're behind a firewall and need FTP or HTTP proxy services for
# ports collection fetching to work, the following examples give the
# necessary syntax.  See the fetch(3) man page for details.
#
#FETCH_ENV= FTP_PROXY=ftp://10.0.0.1:21
#FETCH_ENV= HTTP_PROXY=http://10.0.0.1:80
#
#
# Port master sites.
#
# If you want your port fetches to go somewhere else than the default
# (specified below) in case the distfile/patchfile was not found,
# uncomment this and change it to a location nearest you.  (Don't
# remove the "/${DIST_SUBDIR}/" part.)
#
#MASTER_SITE_BACKUP?= \
# ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/
#
# If you want your port fetches to check the above site first (before
# the MASTER_SITES specified in the port Makefiles), uncomment the
# line below.  You can also change the right side to point to wherever
# you want.
#
#MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP}
#
# Some ports use a special variable to point to a collection of
# mirrors of well-known software archives.  If you have a mirror close
# to you, uncomment any of the following lines and change it to that
# address.  (Don't remove the "/%SUBDIR%/" part.)
#
# Note: the right hand sides of the following lines are only for your
# information.  For a full list of default sites, take a look at
# bsd.sites.mk.
#
#MASTER_SITE_AFTERSTEP= ftp://ftp.afterstep.org/%SUBDIR%/
#MASTER_SITE_COMP_SOURCES= ftp://gatekeeper.dec.com/pub/usenet/comp.sources.%SUBDIR%/
#MASTER_SITE_FREEBSD_ORG=      ftp://ftp.FreeBSD.org/pub/FreeBSD/%SUBDIR%/
#MASTER_SITE_GNOME= ftp://ftp.gnome.org/pub/GNOME/%SUBDIR%/
#MASTER_SITE_GNU= ftp://ftp.gnu.org/gnu/%SUBDIR%/
#MASTER_SITE_KDE= ftp://ftp.kde.org/pub/kde/%SUBDIR%/
#MASTER_SITE_LOCAL= ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
#MASTER_SITE_MOZILLA= ftp://ftp.mozilla.org/pub/%SUBDIR%/
#MASTER_SITE_NETBSD= ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles/%SUBDIR%/
#MASTER_SITE_PERL_CPAN= ftp://ftp.digital.com/pub/plan/perl/CPAN/modules/by-module/%SUBDIR%/
#MASTER_SITE_PORTS_JP= ftp://ports.jp.FreeBSD.org/pub/FreeBSD-jp/ports-jp/LOCAL_PORTS/%SUBDIR%/
#MASTER_SITE_RINGSERVER= ftp://ftp.dnsbalance.ring.gr.jp/pub/%SUBDIR%/
#MASTER_SITE_RUBY=     ftp://ftp.ruby-lang.org/pub/ruby/%SUBDIR%/
#MASTER_SITE_SOURCEFORGE= ftp://ftp2.sourceforge.net/pub/sourceforge/%SUBDIR%/
#MASTER_SITE_SOURCEWARE= ftp://ftp.freesoftware.com/pub/sourceware/%SUBDIR%/
#MASTER_SITE_SUNSITE= ftp://metalab.unc.edu/pub/Linux/%SUBDIR%/
#MASTER_SITE_TCLTK= ftp://ftp.scriptics.com/pub/tcl/%SUBDIR%/
#MASTER_SITE_TEX_CTAN= ftp://ftp.tex.ac.uk/tex-archive/%SUBDIR%/
#MASTER_SITE_THEMES= ftp://ftp.themes.org/pub/themes/%SUBDIR%/
#MASTER_SITE_WINDOWMAKER= ftp://ftp.windowmaker.org/pub/%SUBDIR%/
#MASTER_SITE_XCONTRIB= ftp://ftp.x.org/contrib/%SUBDIR%/
#MASTER_SITE_XEMACS= ftp://ftp.xemacs.org/pub/xemacs/%SUBDIR%/
#MASTER_SITE_XFREE= ftp://ftp.xfree86.org/pub/XFree86/%SUBDIR%/source/
#
# Also it is highly recommended that you configure MASTER_SORT_REGEX
# to choose better mirror sites for you.  List awk(1)-style regular
# expressions separated by space so MASTER_SITES will be sorted in
# that order.  The following example is for Japanese users; change
# "jp" part to your ccTLD ("de", "ru", "uk", etc.) or the domain names
# of your nearest/upstream networks to meet your needs.
#
#MASTER_SORT_REGEX?= ^file: ^ftp://ftp\.FreeBSD\.org/pub/FreeBSD/ports/local-distfiles/ ://[^/]*\.jp/ ://[^/]*\.jp\.
#
# Ports can place their working directories somewhere other than under
# /usr/ports.  
#WRKDIRPREFIX= /var/tmp
#
# Kerberos IV
# If you want KerberosIV (KTH eBones), define this:
#
#MAKE_KERBEROS4= yes
#
#
# Kerberos 5
# If you want Kerberos 5 (KTH Heimdal), define this:
#
#MAKE_KERBEROS5= yes
#
# Kerberos 5 su (k5su)
# If you want to use the k5su utility, define this to have it installed
# set-user-ID.
#ENABLE_SUID_K5SU= yes
#
#
# Kerberos5
# If you want to install MIT Kerberos5 port somewhere other than /usr/local,
# define this (this is also used to tell ssh1 that kerberos is needed):
#
#KRB5_HOME= /usr/local
#
#
# CVSup update flags.  Edit SUPFILE settings to reflect whichever distribution
# file(s) you use on your site (see /usr/share/examples/cvsup/README for more
# information on CVSup and these files).  To use, do "make update" in /usr/src.
#
#SUP_UPDATE=     yes
#
#SUP=            /usr/local/bin/cvsup
#SUPFLAGS=       -g -L 2
#SUPHOST=        cvsup.uk.FreeBSD.org
#SUPFILE=        /usr/share/examples/cvsup/stable-supfile
#PORTSSUPFILE=   /usr/share/examples/cvsup/ports-supfile
#DOCSUPFILE=     /usr/share/examples/cvsup/doc-supfile
#
# top(1) uses a hash table for the user names.  The size of this hash
# can be tuned to match the number of local users.  The table size should
# be a prime number approximately twice as large as the number of lines in
# /etc/passwd.  The default number is 20011.
#
#TOP_TABLE_SIZE= 101
#
# Documentation
#
# The list of languages and encodings to build and install
#
#DOC_LANG= en_US.ISO8859-1 ru_RU.KOI8-R
#
#
# sendmail
#
# The following sets the default m4 configuration file to use at
# install time.  Use with caution as a make install will overwrite
# any existing /etc/mail/sendmail.cf.  Note that SENDMAIL_CF is now
# deprecated.  The value should be a fully qualified path name.
# Avoid using a value of /etc/mail/sendmail.mc as a buildworld will
# create /etc/mail/sendmail.cf before installworld installs an
# updated sendmail binary.
#
#SENDMAIL_MC=/etc/mail/myconfig.mc
#
# The following sets the default m4 configuration file for mail
# submission to use at install time.  Use with caution as a make
# install will overwrite any existing /etc/mail/submit.cf.  The
# value should be a fully qualified path name.
# Avoid using a value of /etc/mail/submit.mc as a buildworld will
# create /etc/mail/submit.cf before installworld installs an
# updated sendmail binary.
#
#SENDMAIL_SUBMIT_MC=/etc/mail/mysubmit.mc
#
# If you need to build additional .cf files during a make buildworld,
# include the full paths to the .mc files in SENDMAIL_ADDITIONAL_MC.
# Avoid using a value of /etc/mail/sendmail.mc as a buildworld will
# create /etc/mail/sendmail.cf before installworld installs an
# updated sendmail binary.
#
#SENDMAIL_ADDITIONAL_MC=/etc/mail/foo.mc /etc/mail/bar.mc
#
# Setting the following variable modifies the flags passed to m4 when
# building a .cf file from a .mc file.  It can be used to enable
# features disabled by default.
#
#SENDMAIL_M4_FLAGS=
#
# Setting the following variables modifies the build environment for
# sendmail and its related utilities. For example, SASL support can be
# added with settings such as:
#
# SENDMAIL_CFLAGS=-I/usr/local/include/sasl1 -DSASL
# SENDMAIL_LDFLAGS=-L/usr/local/lib
# SENDMAIL_LDADD=-lsasl
#
# Note: If you are using Cyrus SASL with other applications which require
# access to the sasldb file, you should add the following to your
# sendmail.mc file:
#
# define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')
#
#SENDMAIL_CFLAGS=
#SENDMAIL_LDFLAGS=
#SENDMAIL_LDADD=
#SENDMAIL_DPADD=
#
# Setting SENDMAIL_SET_USER_ID will install the sendmail binary as a
# set-user-ID root binary instead of a set-group-ID smmsp binary and will
# prevent the installation of /etc/mail/submit.cf.
# This is a deprecated mode of operation.  See etc/mail/README for more
# information.
#
#SENDMAIL_SET_USER_ID=
#
# The permissions to use on alias and map databases generated using
# /etc/mail/Makefile.  Defaults to 0640.
#
#SENDMAIL_MAP_PERMS=

ЗЫ грешу на ipfw1 :) надо с ipfw2 собирать!

  Рекомендовать в FAQ | Cообщить модератору | Наверх

11. "проблемы с nat"
Сообщение от dmik Искать по авторуВ закладки on 05-Янв-04, 14:23  (MSK)
надо разрешить форвард
в rc.conf прописать
gateway_enable="YES"

или
sysctl -w net.inet.ip.forwarding=1

  Рекомендовать в FAQ | Cообщить модератору | Наверх

12. "проблемы с nat"
Сообщение от dmik Искать по авторуВ закладки on 05-Янв-04, 14:29  (MSK)
сори, не внимательно читал...
  Рекомендовать в FAQ | Cообщить модератору | Наверх


Удалить

Индекс форумов | Темы | Пред. тема | След. тема
Пожалуйста, прежде чем написать сообщение, ознакомьтесь с данными рекомендациями.




Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру