Frozen Fido : RU.UNIX.BSD : Re: ipfw and keep-state

ru.unix.bsd

 
 - RU.UNIX.BSD ------------------------------------------------------------------
 From : Kirill Nuzhdin                       2:5020/400     19 Jul 2007  13:04:22
 To : Victor Sudakov
 Subject : Re: ipfw and keep-state
 --------------------------------------------------------------------------------

 Victor Sudakov wrote:
 
 > Kirill Nuzhdin wrote:
 >>> Есть набор правил:
 >>>
 >>> 00050 divert 8668 ip from any to any via rl0
 >>> 00220 allow ip from x.x.x.x/27 to y.y.y.y keep-state
 >>> 00300 deny log logamount 100 ip from x.x.x.x/27 to any out via rl0
 >>> 00400 deny log logamount 100 ip from any to x.x.x.x/27 in via rl0
 >>> 65535 allow ip from any to any
 >>>
 >>> Почему может такое происходить, что при попытке установить tcp сессию с
 >>> x.x.x.x на y.y.y.y динамическое правило не создаётся и обратные пакеты
 >>> режутся 400-м правилом? Это как-то связано с 50-м правилом: если его
 >>> убрать, динамическое правило будет создаваться.
 >>>
 >>> Где я торможу? И что можно проделать, кроме явного разрешения обратного
 >>> трафика с y.y.y.y ?
 > 
 >> а что нат с этими пакетами делает? (x.x.x.x->y.y.y.y)
 > 
 > natd настроен транслировать любые RFC1918 адреса в некий публичный
 > адрес (не в y.y.y.y).
 
 очевидно, что
 
 1. правило 50 (именно нат) модифицирует пакеты вида x.x.x.x->y.y.y.y так, что
 они перестают попадать под правило from x.x.x.x/27 to y.y.y.y
 
 2. после модификации пакетов, они таки доходят до некоего адресата, ответы
 которого попадают под правило 400 from any to x.x.x.x/27 in via rl0
 
 было бы проще ответить на вопрос, если представлять где адреса хххх уууу, из
 какой подсети адрес у rl0, как идет интересующий пакет, пришедший на rl0 пакет,
 что из хххх и уууу из рфц1918, а что нет
 
 -- 
 Best regards,
 Kirill Nuzhdin
 --- ifmail v.2.15dev5.3
  * Origin: MSU (2:5020/400)

Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор

Тема:	Автор:	Дата:
ipfw and keep-state	Victor Sudakov	19 Jul 2007 11:11:35
Re: ipfw and keep-state	Kirill Nuzhdin	19 Jul 2007 11:36:24
Re: ipfw and keep-state	Victor Sudakov	19 Jul 2007 12:40:38
Re: ipfw and keep-state	Kirill Nuzhdin	19 Jul 2007 13:04:22
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 06:33:16
ipfw and keep-state	Vadim Guchenko	19 Jul 2007 11:41:58
Re: ipfw and keep-state	Kirill Nuzhdin	19 Jul 2007 11:48:36
Re: ipfw and keep-state	Victor Sudakov	19 Jul 2007 12:48:41
ipfw and keep-state	Vadim Guchenko	19 Jul 2007 13:12:56
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 06:37:17
Re: ipfw and keep-state	Alex Bakhtin	20 Jul 2007 12:14:39
Re: ipfw and keep-state	Victor Sudakov	23 Jul 2007 09:05:40
Re: ipfw and keep-state	Vadim Goncharov	23 Jul 2007 10:26:49
Re: ipfw and keep-state	Victor Sudakov	24 Jul 2007 10:31:35
Re: ipfw and keep-state	Andrew Filonov	24 Jul 2007 15:19:44
ipfw and keep-state	Andrew Alcheyev	24 Jul 2007 18:21:00
Re: ipfw and keep-state	Victor Sudakov	24 Jul 2007 18:53:55
Re: ipfw and keep-state	Vadim Goncharov	24 Jul 2007 20:27:52
Re: ipfw and keep-state	Victor Sudakov	25 Jul 2007 05:48:22
ipfw and keep-state	Andrew Alcheyev	25 Jul 2007 10:26:00
Re: ipfw and keep-state	Andrew Filonov	25 Jul 2007 09:07:35
ipfw and keep-state	Andrew Alcheyev	25 Jul 2007 12:12:00
Re: ipfw and keep-state	Andrew Filonov	26 Jul 2007 09:25:57
ipfw and keep-state	Andrew Alcheyev	27 Jul 2007 13:12:01
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 12:18:11
Re: ipfw and keep-state	Vadim Goncharov	25 Jul 2007 15:42:35
Re: ipfw and keep-state	Andrew Filonov	26 Jul 2007 09:30:59
Re: ipfw and keep-state	Vadim Goncharov	26 Jul 2007 16:33:40
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 09:08:52
ipfw and keep-state	Max Khon	31 Jul 2007 13:03:50
Re: ipfw and keep-state	Andrew Filonov	31 Jul 2007 11:53:51
Re: ipfw and keep-state	Vadim Goncharov	25 Jul 2007 15:41:35
ipfw and keep-state	Andrew Alcheyev	27 Jul 2007 12:53:00
Re: ipfw and keep-state	Vadim Goncharov	28 Jul 2007 21:08:04
Re: ipfw and keep-state	Vadim Goncharov	25 Jul 2007 15:32:56
Re: ipfw and keep-state	Alexey Kouznetsov	25 Jul 2007 12:12:40
Re: ipfw and keep-state	Vadim Goncharov	25 Jul 2007 15:39:29
Re: ipfw and keep-state	Alexey Kouznetsov	26 Jul 2007 11:36:20
Re: ipfw and keep-state	Vadim Goncharov	26 Jul 2007 16:26:06
Re: ipfw and keep-state	Andrew Filonov	26 Jul 2007 16:47:45
ipfw and keep-state	Vadim Guchenko	23 Jul 2007 12:54:04
Re: ipfw and keep-state	Alex Bakhtin	23 Jul 2007 13:49:07
ipfw and keep-state	Vadim Guchenko	20 Jul 2007 14:00:51
Re: ipfw and keep-state	Vadim Goncharov	21 Jul 2007 16:15:44
ipfw and keep-state	Vadim Guchenko	23 Jul 2007 12:54:34
Re: ipfw and keep-state	Vadim Guchenko	28 Jul 2007 01:05:07
Re: ipfw and keep-state	Vadim Goncharov	28 Jul 2007 21:20:06
Re: ipfw and keep-state	Vadim Guchenko	28 Jul 2007 23:26:38
Re: ipfw and keep-state	Vadim Goncharov	02 Aug 2007 22:26:12
Re: ipfw and keep-state	Vadim Goncharov	19 Jul 2007 19:43:14
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 06:38:17
Re: ipfw and keep-state	Vadim Goncharov	20 Jul 2007 11:36:26
Re: ipfw and keep-state	Valentin Davydov	20 Jul 2007 12:32:43
Re: ipfw and keep-state	Vadim Goncharov	21 Jul 2007 16:57:52
Re: ipfw and keep-state	Vadim Goncharov	19 Jul 2007 19:56:47
ipfw and keep-state	Serge V.Panchenko	26 Jul 2007 17:13:27
Re: ipfw and keep-state	Victor Sudakov	27 Jul 2007 09:08:21
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 09:18:57
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 10:57:45
Re: ipfw and keep-state	Victor Sudakov	27 Jul 2007 12:11:09
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 12:24:45
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 13:03:00
Re: ipfw and keep-state	Victor Sudakov	27 Jul 2007 12:10:38
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 12:23:44
ipfw and keep-state	Alex Semenyaka	30 Jul 2007 04:00:12
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 06:56:45
Re: ipfw and keep-state	Andrew Filonov	30 Jul 2007 09:38:31
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 11:31:33
Re: ipfw and keep-state	Andrew Filonov	30 Jul 2007 11:47:12
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 13:06:02
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 13:03:00
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 07:02:51
Re: ipfw and keep-state	Vadim Goncharov	28 Jul 2007 20:32:18
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 06:37:10
ipfw and keep-state	Serge V.Panchenko	30 Jul 2007 13:18:38
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 14:34:52
ipfw and keep-state	Leizer A. Karabin	31 Jul 2007 08:43:49
Re: ipfw and keep-state	Eugene Grosbein	31 Jul 2007 09:53:10
ipfw and keep-state	Alex Semenyaka	31 Jul 2007 16:39:12
Re: ipfw and keep-state	Eugene Grosbein	01 Aug 2007 00:51:10
ipfw and keep-state	Alex Semenyaka	31 Jul 2007 21:05:30
Re: ipfw and keep-state	Eugene Grosbein	01 Aug 2007 09:56:16
Re: ipfw and keep-state	Eugene Grosbein	01 Aug 2007 09:58:18
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 09:45:02
Re: ipfw and keep-state	Eugene Grosbein	01 Aug 2007 14:47:26
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 20:34:54
Re: ipfw and keep-state	Eugene Grosbein	02 Aug 2007 11:27:21
ipfw and keep-state	Alex Semenyaka	07 Aug 2007 02:12:40
ipfw and keep-state	Ilya Kulagin	01 Aug 2007 08:40:54
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 10:25:26
Re: ipfw and keep-state	Valentin Davydov	01 Aug 2007 12:06:28
Re: ipfw and keep-state	alexander lunyov	01 Aug 2007 14:38:04
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 20:35:22
Re: ipfw and keep-state	Valentin Davydov	02 Aug 2007 13:27:27
Re: ipfw and keep-state	alexander lunyov	02 Aug 2007 14:08:47
ipfw and keep-state	Ilya Kulagin	01 Aug 2007 14:09:10
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 20:37:56
Re: ipfw and keep-state	Valentin Davydov	01 Aug 2007 11:53:22
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 20:26:42
Re: ipfw and keep-state	Valentin Nechayev	02 Aug 2007 12:20:39
Re: ipfw and keep-state	alexander lunyov	02 Aug 2007 14:08:47
ipfw and keep-state	Alex Semenyaka	07 Aug 2007 02:13:38
ipfw and keep-state	Leizer A. Karabin	08 Aug 2007 15:33:43
Re: ipfw and keep-state	Valentin Davydov	02 Aug 2007 13:27:27
ipfw and keep-state	Alex Semenyaka	07 Aug 2007 02:15:26
ipfw and keep-state	Serge V.Panchenko	02 Aug 2007 17:07:08
Re: ipfw and keep-state	Eugene Grosbein	02 Aug 2007 20:51:54
Re: ipfw and keep-state	Vadim Goncharov	02 Aug 2007 22:26:42
Re: ipfw and keep-state	Victor Sudakov	03 Aug 2007 05:51:46
Re: ipfw and keep-state	Vadim Goncharov	04 Aug 2007 21:50:13
Re: ipfw and keep-state	Victor Sudakov	05 Aug 2007 09:48:21
Re: ipfw and keep-state	Vadim Goncharov	05 Aug 2007 18:04:53
ipfw and keep-state	Andrew Kant	04 Aug 2007 10:01:23
Re: ipfw and keep-state	Vadim Goncharov	04 Aug 2007 21:52:15
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 10:57:45
Re: ipfw and keep-state	Victor Sudakov	27 Jul 2007 12:11:39
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 13:02:59
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 06:39:11
ipfw and keep-state	Alex Mogilnikov	30 Jul 2007 15:37:13
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 14:34:21
ipfw and keep-state	Serge V.Panchenko	30 Jul 2007 20:27:01
ipfw and keep-state	Alex Mogilnikov	19 Jul 2007 20:19:07
Re: ipfw and keep-state	Vadim Goncharov	19 Jul 2007 19:51:46
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 06:51:48
Re: ipfw and keep-state	Vadim Goncharov	20 Jul 2007 11:48:00
Re: ipfw and keep-state	Andrew Filonov	20 Jul 2007 09:34:09
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 09:43:45
Re: ipfw and keep-state	Andrew Filonov	20 Jul 2007 10:17:57
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 11:14:12

Архивное /ru.unix.bsd/6577e9d46030.html, оценка 2 из 5, голосов 10