Frozen Fido : RU.UNIX.BSD : Re: ipfw and keep-state

ru.unix.bsd

 
 - RU.UNIX.BSD ------------------------------------------------------------------
 From : Vadim Goncharov                      2:5020/400     19 Jul 2007  19:51:46
 To : Victor Sudakov
 Subject : Re: ipfw and keep-state
 --------------------------------------------------------------------------------

 Hi Victor Sudakov! 
 
 On Thu, 19 Jul 2007 07:11:35 +0000 (UTC); Victor Sudakov wrote about 'ipfw and
 keep-state':
 
  VS> Есть набор правил:
 
  VS> 00050 divert 8668 ip from any to any via rl0
  VS> 00220 allow ip from x.x.x.x/27 to y.y.y.y keep-state
  VS> 00300 deny log logamount 100 ip from x.x.x.x/27 to any out via rl0
  VS> 00400 deny log logamount 100 ip from any to x.x.x.x/27 in via rl0
  VS> 65535 allow ip from any to any
  VS> Почему может такое происходить, что при попытке установить tcp сессию с
  VS> x.x.x.x на y.y.y.y динамическое правило не создаётся и обратные пакеты
  VS> режутся 400-м правилом? Это как-то связано с 50-м правилом: если его
  VS> убрать, динамическое правило будет создаваться.
  VS> Где я торможу?
 
 В порядке прохождения пакетов через ipfw. В данном рулесете каждый пакет
 "наружу" попадет в divert 4 раза, правило проверки стоит уже после
 диверта, на прохождении в out через него пойдет пакет с уже
 оттранслированным адресом. Следует разделить диверты на входе и выходе
 и соответственно расположить динамические правила.
 
 У меня это делается примерно вот так:
 ipfw add divert natd ip from $graynet to any out xmit $extiface recv $intiface
 ipfw add divert natd ip from any to $ext_nat_address in recv $extiface
 -- 
 WBR, Vadim Goncharov. ICQ#166852181       mailto:vadim_nuclight@mail.ru
 [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]
 --- slrn/0.9.8.1 on FreeBSD 4.11/i386
  * Origin: Nuclear Lightning @ Tomsk, TPU AVTF Hostel (2:5020/400@fidonet)

Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор

Тема:	Автор:	Дата:
ipfw and keep-state	Victor Sudakov	19 Jul 2007 11:11:35
Re: ipfw and keep-state	Kirill Nuzhdin	19 Jul 2007 11:36:24
Re: ipfw and keep-state	Victor Sudakov	19 Jul 2007 12:40:38
Re: ipfw and keep-state	Kirill Nuzhdin	19 Jul 2007 13:04:22
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 06:33:16
ipfw and keep-state	Vadim Guchenko	19 Jul 2007 11:41:58
Re: ipfw and keep-state	Kirill Nuzhdin	19 Jul 2007 11:48:36
Re: ipfw and keep-state	Victor Sudakov	19 Jul 2007 12:48:41
ipfw and keep-state	Vadim Guchenko	19 Jul 2007 13:12:56
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 06:37:17
Re: ipfw and keep-state	Alex Bakhtin	20 Jul 2007 12:14:39
Re: ipfw and keep-state	Victor Sudakov	23 Jul 2007 09:05:40
Re: ipfw and keep-state	Vadim Goncharov	23 Jul 2007 10:26:49
Re: ipfw and keep-state	Victor Sudakov	24 Jul 2007 10:31:35
Re: ipfw and keep-state	Andrew Filonov	24 Jul 2007 15:19:44
ipfw and keep-state	Andrew Alcheyev	24 Jul 2007 18:21:00
Re: ipfw and keep-state	Victor Sudakov	24 Jul 2007 18:53:55
Re: ipfw and keep-state	Vadim Goncharov	24 Jul 2007 20:27:52
Re: ipfw and keep-state	Victor Sudakov	25 Jul 2007 05:48:22
ipfw and keep-state	Andrew Alcheyev	25 Jul 2007 10:26:00
Re: ipfw and keep-state	Andrew Filonov	25 Jul 2007 09:07:35
ipfw and keep-state	Andrew Alcheyev	25 Jul 2007 12:12:00
Re: ipfw and keep-state	Andrew Filonov	26 Jul 2007 09:25:57
ipfw and keep-state	Andrew Alcheyev	27 Jul 2007 13:12:01
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 12:18:11
Re: ipfw and keep-state	Vadim Goncharov	25 Jul 2007 15:42:35
Re: ipfw and keep-state	Andrew Filonov	26 Jul 2007 09:30:59
Re: ipfw and keep-state	Vadim Goncharov	26 Jul 2007 16:33:40
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 09:08:52
ipfw and keep-state	Max Khon	31 Jul 2007 13:03:50
Re: ipfw and keep-state	Andrew Filonov	31 Jul 2007 11:53:51
Re: ipfw and keep-state	Vadim Goncharov	25 Jul 2007 15:41:35
ipfw and keep-state	Andrew Alcheyev	27 Jul 2007 12:53:00
Re: ipfw and keep-state	Vadim Goncharov	28 Jul 2007 21:08:04
Re: ipfw and keep-state	Vadim Goncharov	25 Jul 2007 15:32:56
Re: ipfw and keep-state	Alexey Kouznetsov	25 Jul 2007 12:12:40
Re: ipfw and keep-state	Vadim Goncharov	25 Jul 2007 15:39:29
Re: ipfw and keep-state	Alexey Kouznetsov	26 Jul 2007 11:36:20
Re: ipfw and keep-state	Vadim Goncharov	26 Jul 2007 16:26:06
Re: ipfw and keep-state	Andrew Filonov	26 Jul 2007 16:47:45
ipfw and keep-state	Vadim Guchenko	23 Jul 2007 12:54:04
Re: ipfw and keep-state	Alex Bakhtin	23 Jul 2007 13:49:07
ipfw and keep-state	Vadim Guchenko	20 Jul 2007 14:00:51
Re: ipfw and keep-state	Vadim Goncharov	21 Jul 2007 16:15:44
ipfw and keep-state	Vadim Guchenko	23 Jul 2007 12:54:34
Re: ipfw and keep-state	Vadim Guchenko	28 Jul 2007 01:05:07
Re: ipfw and keep-state	Vadim Goncharov	28 Jul 2007 21:20:06
Re: ipfw and keep-state	Vadim Guchenko	28 Jul 2007 23:26:38
Re: ipfw and keep-state	Vadim Goncharov	02 Aug 2007 22:26:12
Re: ipfw and keep-state	Vadim Goncharov	19 Jul 2007 19:43:14
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 06:38:17
Re: ipfw and keep-state	Vadim Goncharov	20 Jul 2007 11:36:26
Re: ipfw and keep-state	Valentin Davydov	20 Jul 2007 12:32:43
Re: ipfw and keep-state	Vadim Goncharov	21 Jul 2007 16:57:52
Re: ipfw and keep-state	Vadim Goncharov	19 Jul 2007 19:56:47
ipfw and keep-state	Serge V.Panchenko	26 Jul 2007 17:13:27
Re: ipfw and keep-state	Victor Sudakov	27 Jul 2007 09:08:21
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 09:18:57
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 10:57:45
Re: ipfw and keep-state	Victor Sudakov	27 Jul 2007 12:11:09
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 12:24:45
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 13:03:00
Re: ipfw and keep-state	Victor Sudakov	27 Jul 2007 12:10:38
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 12:23:44
ipfw and keep-state	Alex Semenyaka	30 Jul 2007 04:00:12
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 06:56:45
Re: ipfw and keep-state	Andrew Filonov	30 Jul 2007 09:38:31
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 11:31:33
Re: ipfw and keep-state	Andrew Filonov	30 Jul 2007 11:47:12
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 13:06:02
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 13:03:00
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 07:02:51
Re: ipfw and keep-state	Vadim Goncharov	28 Jul 2007 20:32:18
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 06:37:10
ipfw and keep-state	Serge V.Panchenko	30 Jul 2007 13:18:38
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 14:34:52
ipfw and keep-state	Leizer A. Karabin	31 Jul 2007 08:43:49
Re: ipfw and keep-state	Eugene Grosbein	31 Jul 2007 09:53:10
ipfw and keep-state	Alex Semenyaka	31 Jul 2007 16:39:12
Re: ipfw and keep-state	Eugene Grosbein	01 Aug 2007 00:51:10
ipfw and keep-state	Alex Semenyaka	31 Jul 2007 21:05:30
Re: ipfw and keep-state	Eugene Grosbein	01 Aug 2007 09:56:16
Re: ipfw and keep-state	Eugene Grosbein	01 Aug 2007 09:58:18
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 09:45:02
Re: ipfw and keep-state	Eugene Grosbein	01 Aug 2007 14:47:26
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 20:34:54
Re: ipfw and keep-state	Eugene Grosbein	02 Aug 2007 11:27:21
ipfw and keep-state	Alex Semenyaka	07 Aug 2007 02:12:40
ipfw and keep-state	Ilya Kulagin	01 Aug 2007 08:40:54
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 10:25:26
Re: ipfw and keep-state	Valentin Davydov	01 Aug 2007 12:06:28
Re: ipfw and keep-state	alexander lunyov	01 Aug 2007 14:38:04
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 20:35:22
Re: ipfw and keep-state	Valentin Davydov	02 Aug 2007 13:27:27
Re: ipfw and keep-state	alexander lunyov	02 Aug 2007 14:08:47
ipfw and keep-state	Ilya Kulagin	01 Aug 2007 14:09:10
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 20:37:56
Re: ipfw and keep-state	Valentin Davydov	01 Aug 2007 11:53:22
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 20:26:42
Re: ipfw and keep-state	Valentin Nechayev	02 Aug 2007 12:20:39
Re: ipfw and keep-state	alexander lunyov	02 Aug 2007 14:08:47
ipfw and keep-state	Alex Semenyaka	07 Aug 2007 02:13:38
ipfw and keep-state	Leizer A. Karabin	08 Aug 2007 15:33:43
Re: ipfw and keep-state	Valentin Davydov	02 Aug 2007 13:27:27
ipfw and keep-state	Alex Semenyaka	07 Aug 2007 02:15:26
ipfw and keep-state	Serge V.Panchenko	02 Aug 2007 17:07:08
Re: ipfw and keep-state	Eugene Grosbein	02 Aug 2007 20:51:54
Re: ipfw and keep-state	Vadim Goncharov	02 Aug 2007 22:26:42
Re: ipfw and keep-state	Victor Sudakov	03 Aug 2007 05:51:46
Re: ipfw and keep-state	Vadim Goncharov	04 Aug 2007 21:50:13
Re: ipfw and keep-state	Victor Sudakov	05 Aug 2007 09:48:21
Re: ipfw and keep-state	Vadim Goncharov	05 Aug 2007 18:04:53
ipfw and keep-state	Andrew Kant	04 Aug 2007 10:01:23
Re: ipfw and keep-state	Vadim Goncharov	04 Aug 2007 21:52:15
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 10:57:45
Re: ipfw and keep-state	Victor Sudakov	27 Jul 2007 12:11:39
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 13:02:59
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 06:39:11
ipfw and keep-state	Alex Mogilnikov	30 Jul 2007 15:37:13
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 14:34:21
ipfw and keep-state	Serge V.Panchenko	30 Jul 2007 20:27:01
ipfw and keep-state	Alex Mogilnikov	19 Jul 2007 20:19:07
Re: ipfw and keep-state	Vadim Goncharov	19 Jul 2007 19:51:46
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 06:51:48
Re: ipfw and keep-state	Vadim Goncharov	20 Jul 2007 11:48:00
Re: ipfw and keep-state	Andrew Filonov	20 Jul 2007 09:34:09
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 09:43:45
Re: ipfw and keep-state	Andrew Filonov	20 Jul 2007 10:17:57
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 11:14:12

Архивное /ru.unix.bsd/1035954b2aa4a.html, оценка 2 из 5, голосов 10