做了Nat后，外网ping不通，内网可以ping通。但是上不了网

Ymir

uaspx# ifconfig
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>; mtu 1500
        options=3<rxcsum,txcsum>;
        inet 192.168.0.253 netmask 0xffffff00 broadcast 192.168.0.255
        ether 00:01:02:56:83:6d
        media: Ethernet autoselect (100baseTX <full-duplex>
        status: active
xl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>; mtu 1500
        options=3<rxcsum,txcsum>;
        inet 222.82.248.134 netmask 0xffffff00 broadcast 222.82.248.255
        ether 00:01:02:56:83:8e
        media: Ethernet autoselect (none)
        status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST>; mtu 16384
        inet 127.0.0.1 netmask 0xff000000

说明一下：因为要正常工作，不通的时候代理我用的是2k的
xl0的ip也就只能改成192.168.0.253，route也改成192168.0.1



uaspx# ipnat -l
List of active MAP/Redirect filters:
map xl1 192.168.0.0/24 ->; 222.82.248.134/32 proxy port ftp ftp/tcp
map xl1 192.168.0.0/24 ->; 222.82.248.134/32 portmap tcp/udp auto
map xl1 192.168.0.0/24 ->; 222.82.248.134/32

List of active sessions:

uaspx# ipfstat -io
empty list for ipfilter(out)
empty list for ipfilter(in)


我在编译内核的时候

#options        IPFIREWALL
#options        IPFIREWALL_VERBOSE
#options        IPFIREWALL_VERBOSE_LIMIT=90
#options        IPFIREWALL_DEFAULT_TO_ACCEPT
#options        IPDIVERT

Ymir

我的内核

#
# GENERIC -- Generic kernel configuration file for FreeBSD/i386
#
# For more information on this file, please read the handbook section on
# Kernel Configuration Files:
#
#    http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the
# latest information.
#
# An exhaustive list of options and more detailed explanations of the
# device lines is also present in the ./LINT configuration file. If you are
# in doubt as to the purpose or necessity of a line, check first in LINT.
#
# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246.2.54 2003/04/28 03:41:46 simokawa Exp $

machine                i386
cpu                I686_CPU
ident                UASPX
maxusers        0

options         INET                        #InterNETworking
options         FFS                        #Berkeley Fast Filesystem
options         FFS_ROOT                #FFS usable as root device [keep this!]
options         SOFTUPDATES                #Enable FFS soft updates support
options         UFS_DIRHASH                #Improve performance on big directories

options         PROCFS                        #Process filesystem
options         COMPAT_43                #Compatible with BSD 4.3 [KEEP THIS!]
options         SCSI_DELAY=5000        #Delay (in ms) before probing SCSI

options         SYSVSHM                        #SYSV-style shared memory
options         SYSVMSG                        #SYSV-style message queues
options         SYSVSEM                        #SYSV-style semaphores
options         P1003_1B                #Posix P1003_1B real-time extensions
options         _KPOSIX_PRIORITY_SCHEDULING
options         ICMP_BANDLIM                #Rate limit bad replies
options CPU_ENABLE_SSE
options AUTO_EOI_1

#NETWORK#
#IPF
#options        IPFIREWALL
#options        IPFIREWALL_VERBOSE
#options        IPFIREWALL_VERBOSE_LIMIT=90
#options        IPFIREWALL_DEFAULT_TO_ACCEPT
#options        IPDIVERT


device                isa
device                eisa
device                pci

# ATA and ATAPI devices
device                ata
device                atadisk                        # ATA disk drives

# atkbdc0 controls both the keyboard and the PS/2 mouse
device                atkbdc0        at isa? port IO_KBD
device                atkbd0        at atkbdc? irq 1 flags 0x1

device                vga0        at isa?
options VGA_NO_FONT_LOADING
options VGA_NO_MODE_CHANGE

# syscons is the default console driver, resembling an SCO console
device                sc0        at isa? flags 0x100
options MAXCONS=4
options SC_DISABLE_REBOOT

options SC_NO_CUTPASTE
options SC_NO_FONT_LOADING
options SC_NO_SYSMOUSE

# Floating point support - do not disable.
device                npx0        at nexus? port IO_NPX irq 13

device                txp             # 3Com 3cR990 (``Typhoon'')
device                vx                # 3Com 3c590, 3c595 (``Vortex'')

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device                miibus                # MII bus support
device                xl                # 3Com 3c90x (``Boomerang'', ``Cyclone'')

# Pseudo devices - the number indicates how many units to allocate.
pseudo-device        loop                # Network loopback
pseudo-device        ether                # Ethernet support
pseudo-device        pty                # Pseudo-ttys (telnet etc)

# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device        bpf                #Berkeley packet filter

snow123456

你用ipnat -l看看，若不可以那是因为你的nat错误，我过去也做过FreeBSD代理，但是它有个缺点是QQ聊天有问题，后来我用换了linux做代理了

Ymir

uaspx# ipnat -l
List of active MAP/Redirect filters:
map xl1 192.168.0.0/24 ->; 222.82.248.134/32 proxy port ftp ftp/tcp
map xl1 192.168.0.0/24 ->; 222.82.248.134/32 portmap tcp/udp auto
map xl1 192.168.0.0/24 ->; 222.82.248.134/32

List of active sessions:

LD

defaultrouter="192.168.0.1"

应该是外网那块网卡的网关。

eliumao

你用的内核的配置文件是针对IPFW的

而你的服务的配置文件rc.conf针对的是IPFILTER。

这个笑话有点大了。

加油！！！

Ymir

找到原因了，交换机用的是dlink的

网卡是3com的，不兼容

NND

llzqq

原帖由 "Ymir" 发表：
找到原因了，交换机用的是dlink的

网卡是3com的，不兼容

NND

不会吧，我也用过没问题啊。

eliumao

原帖由 "Ymir" 发表：
找到原因了，交换机用的是dlink的

网卡是3com的，不兼容

NND

哇！又一个神话！！！

你真行！！！