- 论坛徽章:
- 0
|
网络环境:
小区宽带,IP 10.16.97.3/255.255.255.240 gateway 10.16.97.1 DNS 202.102.128.68
freebsd5.1 网卡 fxp0(内网:192.168.0.1/255.255.255.0) rl0(internet:10.16.97.3/255.255.255.240)
------------------------------------------------
ifconfig -a
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>; mtu 1500
inet6 fe80::2e0:4cff:fe22:2c1%rl0 prefixlen 64 scopeid 0x1
inet 10.16.97.3 netmask 0xfffffff0 broadcast 10.16.97.15
ether 00:e0:4c:22:02:c1
media: Ethernet autoselect (100baseTX <full-duplex>
status: active
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>; mtu 1500
inet6 fe80::290:27ff:feb2:5b0d%fxp0 prefixlen 64 scopeid 0x2
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:90:27:b2:5b:0d
media: Ethernet autoselect (100baseTX <full-duplex>
status: active
lp0: flags=8810< OINTOPOINT,SIMPLEX,MULTICAST>; mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST>; mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff000000
rc.conf
# -- sysinstall generated deltas -- # Wed Nov 12 23:38:15 2003
# Created: Wed Nov 12 23:38:15 2003
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="10.16.97.1"
gateway_enable="YES"
hostname="natserver"
ifconfig_rl0="inet 10.16.97.3 netmask 255.255.255.240"
ifconfig_fxp0="inet 192.168.0.1 netmask 255.255.255.0"
inetd_enable="YES"
kern_securelevel_enable="NO"
moused_enable="YES"
sendmail_enable="NO"
sshd_enable="YES"
usbd_enable="YES"
ipfilter_enable="YES"
ipnat_enable="YES"
ipf -F a
ipf -f /etc/ipf.rules
ipnat -C
ipnat -f /etc/ipnat.rules
hosts
127.0.0.1 localhost
10.16.97.3 natserver
10.16.97.3 natserver.
ipnat.rules
map rl0 192.168.0.0/24 ->; 10.16.97.3/28 portmap tcp/udp 10000:30000
map rl0 192.168.0.0/24 ->; 10.16.97.3/28
ipf.rules
block in log quick all with short
block in log quick all with ipopts
pass out on fxp0 all
pass in on fxp0 all
pass out quick on lo0 all
pass in quick on lo0 all
block in on rl0 all
block out on rl0 all
pass out log on rl0 proto tcp/udp from any to any keep state
pass out log on rl0 proto icmp all keep state
netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.16.97.1 UGSc 3 252 rl0
10.16.97/28 link#1 UC 1 0 rl0
10.16.97.1 00:e0:52:d5:5e:00 UHLW 4 0 rl0 1099
127.0.0.1 127.0.0.1 UH 0 375 lo0
192.168.0 link#2 UC 0 0 fxp0
Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UH lo0
fe80::%rl0/64 link#1 UC rl0
fe80::2e0:4cff:fe22:2c1%rl0 00:e0:4c:22:02:c1 UHL lo0
fe80::%fxp0/64 link#2 UC fxp0
fe80::290:27ff:feb2:5b0d%fxp0 00:90:27:b2:5b:0d UHL lo0
fe80::%lo0/64 fe80::1%lo0 Uc lo0
fe80::1%lo0 link#4 UHL lo0
ff01::/32 ::1 U lo0
ff02::%rl0/32 link#1 UC rl0
ff02::%fxp0/32 link#2 UC fxp0
ff02::%lo0/32 ::1 UC lo0
问题是内网用户无法访问internet。 |
|
免费注册
发表于 2003-11-13 11:19
