Все привет. И заранее спасибо за ответы.
Имею следующую проблему:1. У меня настроен редирект порта 1723 на сервер винды, она исполняет роль ВПН сервера. При таком конфиге клиенты дозваниваются до сервера, начинает происходить аунтификация клиента, но потом скидывает и пишет ошибку: мол время истекло и бла,бла.
2. У меня есть два региона. С ними связь через openvpn. Шлюзы одинаковы. Но пакеты пинга (icmp) не ходят - хотя связь есть, т.е. на сервера попасть можно по РДП.
с данной системой на "ВЫ" только начал обслуживать...Спасибо
____________
############
# Macros #
############
ext_if="re0"
int_if="re1"
vpn_if="tun0"
localnet = "192.168.5.0/24"
icmp_types = "{ echoreq, unreach, redir, timex }"
SSHport="55522"
############
# Tables #
############
table <VIPusers> persist file "/root/VIPusers.conf"
#############
# Options #
#############
set timeout udp.first 120
set timeout udp.single 60
set timeout udp.multiple 120
#
set block-policy drop
set skip on lo
set skip on tun0
##########################
# Normalization: #
# reassemble fragments #
# and resolve/reduce #
# traffic ambiguities. #
##########################
scrub in all
#################
# Translation #
#################
no nat on $ext_if proto gre all
no nat on $ext_if proto tcp from any to any port = pptp
no nat on $ext_if proto tcp from any port = pptp to any
nat on $ext_if from !($ext_if) -> ($ext_if:0)
rdr pass on $ext_if inet proto tcp to ($ext_if:0) port { imap, pop3, smtp } -> 192.168.5.15
rdr pass on $ext_if inet proto tcp from ***.***.***.*** to ($ext_if:0) port rdp -> 192.168.5.24 port rdp
rdr pass on $ext_if inet proto tcp from ***.***.***.*** to ($ext_if:0) port rdp -> 192.168.5.26 port rdp
rdr pass on $ext_if proto tcp to any port 1723 -> 192.168.5.3 port 1723
rdr pass on $ext_if proto gre -> 192.168.5.3
no rdr on $int_if from <VIPusers> to any
rdr pass on $int_if inet proto tcp from !($int_if) to any port www -> ($int_if:0) port 3129
###############
# Filtering #
###############
#anchor "ftp-proxy/*"
block in all
block out all
pass quick on $ext_if inet proto tcp from any to any port 1723
pass quick on $ext_if inet proto tcp from any port 1723 to any
pass quick on $ext_if inet proto gre from any to any
#############
#out traffic#
#############
pass in on $int_if proto tcp from 192.168.5.24 to any
#my iphone#
pass in on $int_if proto tcp from 192.168.5.143 to any
#
pass in on $int_if proto {tcp,udp} from 192.168.5.17 to any port 53
pass in on $int_if proto {tcp,udp} from 192.168.5.3 to any port 53
#pass in on $int_if proto tcp from $localnet to any port 443
pass in on $int_if proto tcp from $localnet to any port 5938
pass in on $int_if proto tcp from $localnet to any port 5190
pass in on $int_if proto tcp from 192.168.5.15 to any port 25
############
#in traffic#
############
#pass in on $ext_if proto tcp from any to 192.168.5.15 port 25 flags S/SA synproxy state
#############
#192.168.5.1#
#############
pass out on $ext_if proto tcp from any to any
pass out on $ext_if proto udp from any to any keep state
pass out on $int_if proto tcp from any to any
pass out on $int_if proto udp from any to any keep state
#pass in on $int_if
#pass out inet
#
# Incoming Internet traffic
#
# ICMP
pass in on $ext_if inet proto icmp to ($ext_if:0) icmp-type $icmp_types
# VPN
pass in quick on $ext_if proto udp to ($ext_if:0) port openvpn
# SSH
pass in on $ext_if proto tcp to ($ext_if:0) port $SSHport
anchor "openvpn"
______________________
Вариант для распечатки
(ok) on 12-Июл-13, 12:48 
