Тема: Трансляция реальных IP адресов через 2 роутера
Доброго времени суток.
Помогите пожалуйста понять в чем проблема.
Есть роутер (R3) на FreeBSD через который работают интернет пользователи и частные предприятия с реальными IP.
Задача - разгрузить сеть на 2 роутера + Firewall
Router (1)
Собран ядерный PF
device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_PRIQ
options ALTQ_NOPCC
rc.conf
defaultrouter="194.***.160.69"
gateway_enable="YES"
pf_enable="YES"
pf_program="/sbin/pfctl"
pf_flags=""
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pf.log"
pflog_program="/sbin/pflogd"
pflog_flags=""
named_enable="YES"
named_flags="-u bind"
squid_enable="YES"
hostname="Aden.localhost"
ifconfig_sk0="inet 194.***.160.70 netmask 255.255.255.0"
ifconfig_sk1="inet 192.168.251.1 netmask 255.255.225.0"
inetd_enable="YES"
sshd_enable="YES"
pf.conf
#pf.conf
wan="sk0"
lan="sk1"
wanip="194.***.160.70/32"
lanip="192.168.251.0/24"
aden="192.168.251.1/32"
giran="192.168.251.2/32"
dion="192.168.251.3/32"
dion_tcp="{ 5060 }"
dion_udp="{ 2727, 4520, 4569, 5036, 5060, 10000:20000 }"
web="194.***.160.54/32"
icmp_types="{ echoreq, unreach }"
client_ports="{ 21, 22, 25, 110, 123, 80,443, 3128, 3129,3389,80,80, >=49151 }"
set block-policy return
set loginterface $wan
set skip on lo0
scrub in all
nat on $wan inet from $lanip to any -> $wanip
rdr on $lan proto tcp from $lanip to any port www -> 127.0.0.1 port 3129
rdr on $wan proto tcp from any to $wanip port 33330 -> $giran
rdr on $wan proto tcp from any to $wanip port 33331 -> $dion
antispoof quick for {lo0, $lan, $wan }
block log all
pass log inet proto icmp all icmp-type $icmp_types
pass out on $wan from $lanip to any keep state
pass in on $lan proto udp from $lanip to $aden port domain
pass in on $lan proto udp from $lanip to $aden port ntp
pass in on $lan from $lanip to any
pass in on $lan from $dion to any
pass in on $lan proto tcp from $lanip to any port $client_ports #dozvil portiv
pass out on $wan proto tcp from any to any
pass out on $wan proto udp from any to any keep state
pass out on $lan proto tcp from any to any
pass out on $lan proto udp from any to any keep state
pass in log on $wan proto tcp from any to $wanip port 33339 flags S/SA synproxy state
pass in log on $wan proto tcp from any to $dion port 22 flags S/SA synproxy state
pass in log on $wan proto tcp from any to $dion port 22 flags S/SA synproxy state
pass in on $wan proto tcp from any to $wanip port www flags S/SA synproxy state
pass in on $wan proto tcp from any to $dion port $dion_tcp flags S/SA
pass in on $wan proto udp from any to $dion port $dion_udp keep state
squid.conf
Router(2)
Будет обслуживать только клиентов локальной сети и там все работает.
Router(3)
rc.conf
defaultrouter="192.168.251.1"
gateway_enable="YES"
hostname="router.local"
ifconfig_em0="inet 192.168.251.3 netmask 255.255.255.252"
ifconfig_em1="inet 194.***.160.50/29"
ifconfig_em1_alias0="inet 194.***.202.193/29"
keymap="ua.koi8-u.shift.alt"
sshd_enable="YES"
mysql_enable="YES"
apache22_enable="YES"
firewall_enable="YES"
fsck_y_enable="YES"
background_fsck="NO"
ipcad_enable="YES"
nol2auth_enable="YES"
noserver_enable="YES"
nodeny_dir="/usr/local/nodeny"
bsnmpd_enable="YES"
named_enable="YES"
Проблема в том что реальные IP не работают как положено.
Помогите молодому (не оч. опытному) понять где трабл.
Отредактировано stalkerson (16-05-2012 17:50:04)
