openbsd做网关路由问题
本帖最后由 door10000 于 2013-05-07 10:48 编辑我这几天用openbsd替换下freebsd的网关路由,不过出现一个openbsd中能pppoe拨号上网但内网却不能连接外网,内网可以ping通openbsd机器的两张网卡。就是不能联入外网。 pf中究竟是配置实体网卡还是配置虚拟网卡tun0?做nat。 你打开转发功能没有啊?有没有做nat啊?
nat外网是tun0(如果是用户级ppp)
这是freebsd的经验,openbsd我没试过 http://www.openbsd.org/faq/pf/example1.html
Note: If the Internet connection required PPPoE, then filtering and NAT would have to take place on the pppoe0 interface and not on the egress interface (fxp0).
最好看看
http://www.openbsd.org/faq/pf/index.html
本帖最后由 door10000 于 2013-05-07 22:07 编辑
回复 3# kkkggg
转发功能开启了的,openbsd能ping通外网,pppoe也获取了ip,openbsd机器能ping通内网,但内网机器不能上外网却可以ping通openbsd。不清楚是不是和我在openbsd中设置了默认网关有关联?
# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use MtuPrio Iface
default 222.243.248.1 UGS 0 65 - 8 tun0
10.10.12/24 link#1 UC 0 0 - 4 re0
127/8 127.0.0.1 UGRS 0 0 33196 8 lo0
127.0.0.1 127.0.0.1 UH 1 4 33196 4 lo0
192.168.1/24 link#2 UC 1 0 - 4 re1
192.168.1.3 00:11:25:bf:2d:73UHLc 1 246 - 4 re1
222.243.248.1 222.243.250.215 UH 1 01492 4 tun0
224/4 127.0.0.1 URS 0 0 33196 8 lo0 张贴
pf.conf
sysctl.conf
看看,否则无法沟通 # ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33196
priority: 0
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff000000
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:1d:0f:26:90:ec
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 10.10.12.100 netmask 0xffffff00 broadcast 10.10.12.255
inet6 fe80::21d:fff:fe26:90ec%re0 prefixlen 64 scopeid 0x1
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:21:27:a9:47:f4
priority: 0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::221:27ff:fea9:47f4%re1 prefixlen 64 scopeid 0x2
enc0: flags=0<>
priority: 0
groups: enc
status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33196
priority: 0
groups: pflog
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
priority: 0
groups: tun egress
status: active
inet 222.243.250.215 --> 222.243.248.1 netmask 0xffffffff # pfctl -s state
all icmp 192.168.1.1:8 <- 192.168.1.3:1 0:0
all tcp 192.168.1.1:22 <- 192.168.1.3:49374 ESTABLISHED:ESTABLISHED
all udp 122.225.83.67:80 <- 192.168.1.3:7915 NO_TRAFFIC:SINGLE
all udp 192.168.1.3:7915 -> 122.225.83.67:80 SINGLE:NO_TRAFFIC
all udp 60.55.34.178:8052 <- 192.168.1.3:63090 NO_TRAFFIC:SINGLE
all udp 192.168.1.3:63090 -> 60.55.34.178:8052 SINGLE:NO_TRAFFIC
all tcp 220.112.88.21:80 <- 192.168.1.3:49391 CLOSED:SYN_SENT
all tcp 192.168.1.3:49391 -> 220.112.88.21:80 SYN_SENT:CLOSED
all tcp 220.112.88.21:80 <- 192.168.1.3:49392 CLOSED:SYN_SENT
all tcp 192.168.1.3:49392 -> 220.112.88.21:80 SYN_SENT:CLOSED
all tcp 220.112.88.21:80 <- 192.168.1.3:49393 CLOSED:SYN_SENT
all tcp 192.168.1.3:49393 -> 220.112.88.21:80 SYN_SENT:CLOSED
all udp 192.168.1.1:1900 <- 192.168.1.3:50605 NO_TRAFFIC:SINGLE
all tcp 220.112.88.21:80 <- 192.168.1.3:49394 CLOSED:SYN_SENT
all tcp 192.168.1.3:49394 -> 220.112.88.21:80 SYN_SENT:CLOSED
all udp 8.8.8.8:53 <- 192.168.1.3:64300 NO_TRAFFIC:SINGLE
all udp 192.168.1.3:64300 -> 8.8.8.8:53 SINGLE:NO_TRAFFIC
all udp 222.246.129.81:53 <- 192.168.1.3:64300 NO_TRAFFIC:SINGLE
all udp 192.168.1.3:64300 -> 222.246.129.81:53 SINGLE:NO_TRAFFIC
all udp 8.8.8.8:53 <- 192.168.1.3:58827 NO_TRAFFIC:SINGLE
all udp 192.168.1.3:58827 -> 8.8.8.8:53 SINGLE:NO_TRAFFIC
all udp 222.246.129.81:53 <- 192.168.1.3:58827 NO_TRAFFIC:SINGLE
all udp 192.168.1.3:58827 -> 222.246.129.81:53 SINGLE:NO_TRAFFIC
all tcp 220.112.88.21:80 <- 192.168.1.3:49395 CLOSED:SYN_SENT
all tcp 192.168.1.3:49395 -> 220.112.88.21:80 SYN_SENT:CLOSED 本帖最后由 door10000 于 2013-05-07 22:20 编辑
大家帮帮忙看看呐,我配置了pppoe,包转发,以及nat服务。做子网路由是可以的,但我把它替换下freebsd的一级路由以后就出现这个问题了。
页:
[1]
2