- 论坛徽章:
- 0
|
我重新编译了内核,其中加了
options IPFIREWALL
options IPDIVERT
选项
同时也配置了rc.conf
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="/etc/ipfw.conf"
firewall_quiet="NO"
firewall_logging_enable="YES"
ipfw.conf的内容如下
add 00400 divert natd ip from any to any via xl0
add 00001 deny log ip from any to any ipopt rr
add 00002 deny log ip from any to any ipopt ts
add 00003 deny log ip from any to any ipopt ssrr
add 00004 deny log ip from any to any ipopt lsrr
add 00005 deny tcp from any to any in tcpflags syn,fin
add 30000 allow icmp from any to any icmptypes 3
add 30001 allow icmp from any to any icmptypes 4
add 30002 allow icmp from any to any icmptypes 8 out
add 30003 allow icmp from any to any icmptypes 0 in
add 30004 allow icmp from any to any icmptypes 11 in
######lan#####
add 50000 allow all from 10.41.17.46 to any
add 50001 allow all from any to 10.41.17.46
add 50002 allow all from 10.41.17.1 to any
add 50003 allow all from any to 10.41.17.1
其中10。41。17。1是FreeBSD所在的机器IP,另外一个是WIN2K3的机器IP
。在系统启动后显示ipfw2加载正常
但是就是不能相互ping通,也不能联结
只有使用了动态规则
#ipfw add 50004 allow all from any to any
后才可以进行连接。
请教各位大侠,这个静态规则不加载是什么原因?? |
|
免费注册
发表于 2003-10-25 09:31
