Re: [KFUG] ip °øA`?¸? A`§C,N~ nat ¼¼ÆA~¿¡ ±A~±Y'C,N~A'¡

["Lee, JaeHoon" <dreamfinder@xxxxxxxx>]

저도 초보라 잘은 모르겠지만,
커널 컴파일 하실때 아래 옵션을 추가 하셨었나요?

options IPFIREWALL
options IPDIVERT



정인철 wrote:

>안녕하세요 집에서 freebsd 머쉰을 라우터용으로 잘 써 보려고 이것저것 해보고 있습니다.
>인터넷선은 지방 유선 케이블입니다. dhcp로 주소를 받아서 쓰고 있습니다.
>
>조금 이상한 상황이 벌어져서 질문을 드립니다.
>
>예상 구성도
>
>케이블 -- freebsd -- 내부 컴퓨터 (192.168.1.10)
>
>위와 같이 구성해서 성공하면 허브로 연결을 할 생각입니다.
>
>
>우선 시스템 사양은
>uname -aFreeBSD Hmmm.Hmmm.net 4.9-RELEASE FreeBSD 4.9-RELEASE #6: Wed Dec 31 20:47:44 KS
>T 2003     root@xxxxxxxxxxxxx:/usr/src/sys/compile/MYKERNEL  i386
>
>그리고 dhcp로 받는 것을 nat로 하려고 해서 다음과 같이 세팅을 했습니다.
>
>Hmmm# cat /etc/rc.conf hostname="Hmmm.Hmmm.net"
>ifconfig_ed0="DHCP"
>ifconfig_rl0="inet 192.168.1.1 netmask 255.255.255.0" 
>firewall_enable="YES"
>gateway_enable="YES"
>firewall_type="open" ===> 이부분을 지우면 아예 네트워크가 불가능하더군요
>natd_enable="YES"
>natd_interface="ed0"
>natd_flags="-f /etc/natd.conf"
>
>kern_securelevel_enable="NO"
>linux_enable="YES"
>nfs_reserved_port_only="YES"
>sendmail_enable="YES"
>sshd_enable="YES"
>usbd_enable="YES"
>
>
>그리고 natd.conf 를 다음과 같이 세팅을 했구요
>Hmmm# cat /etc/rc.nanatd.conf dynamic
>interface ed0
>proxy_only
>reverse
>
>
>방화벽 세팅은 필터 없이 모두 통과하기로
>Hmmm# cat /etc/rc.firewall
>/sbin/ipfw -f flush
>/sbin/ipfw add divert natd all from any to any via ed0
>/sbin/ipfw add pass all from any to any
>
>윈도우즈 머쉰을 세팅해서(192.168.1.10) ping을 날려 각 구간 까지는 당연히 ping 성공 했습니다.
>
>또한 dhcp를 통해서 받은 공인주소 211.xxx.xxx.xxx 로도 역시 ping 은 성공했습니다.
>
>그런데 외부 인터넷을 쓸수가 없더군요. dns 쿼리는 물론이고 단순한 직접(예를 들면 야후의 주소)로 하면 안되는 군요.
>포워딩이 안되는 것 같은데.. 왜 그런지 모르겠네요.
>
>
>혹시나 해서 dmesg를 해보면 다음과 같은데요 마지막 부분이 조금 이상하긴 합니다.
>
>ip_fw_ctl: invalid command
>
>라는 에러가 나는 군요
>
>너무 길게 썼나요? 긴글 읽어 주셔서 감사합니다.
>
>Hmmm# dmesg Copyright (c) 1992-2003 The FreeBSD Project.
>Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
>The Regents of the University of California. All rights reserved.
>FreeBSD 4.9-RELEASE #6: Wed Dec 31 20:47:44 KST 2003
>    root@xxxxxxxxxxxxx:/usr/src/sys/compile/MYKERNEL
>Timecounter "i8254"  frequency 1193182 Hz
>CPU: Cyrix 6x86MX (187.18-MHz 686-class CPU)
>  Origin = "CyrixInstead"  Id = 0x600  Stepping = 0  DIR=0x0652
>  Features=0x80a135<FPU,DE,TSC,MSR,CX8,PGE,CMOV,MMX>
>real memory  = 201326592 (196608K bytes)
>avail memory = 190566400 (186100K bytes)
>Preloaded elf kernel "kernel" at 0xc0515000.
>md0: Malloc disk
>Using $PIR table, 8 entries at 0xc00fdf10
>npx0: <math processor> on motherboard
>npx0: INT 16 interface
>pcib0: <Host to PCI bridge> on motherboard
>pci0: <PCI bus> on pcib0
>agp0: <VIA 82C597 (Apollo VP3) host to PCI bridge> mem 0xe0000000-0xe3ffffff at 
>device 0.0 on pci0
>pcib2: <VIA 82C598MVP (Apollo MVP3) PCI-PCI (AGP) bridge> at device 1.0 on pci0
>pci1: <PCI bus> on pcib2
>pci1: <ATI Mach64-GZ graphics accelerator> at 0.0
>isab0: <VIA 82C596B PCI-ISA bridge> at device 7.0 on pci0
>isa0: <ISA bus> on isab0
>atapci0: <VIA 82C596 ATA33 controller> port 0xe000-0xe00f at device 7.1 on pci0
>ata0: at 0x1f0 irq 14 on atapci0
>ata1: at 0x170 irq 15 on atapci0
>uhci0: <VIA 83C572 USB controller> port 0xe400-0xe41f irq 11 at device 7.2 on pc
>i0
>usb0: <VIA 83C572 USB controller> on uhci0
>usb0: USB revision 1.0
>uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
>uhub0: 2 ports with 2 removable, self powered
>pci0: <unknown card> (vendor=0x1106, dev=0x3050) at 7.3
>ed0: <NE2000 PCI Ethernet (RealTek 8029)> port 0xe800-0xe81f irq 10 at device 9.
>0 on pci0
>ed0: address 00:00:b4:b9:32:b4, type NE2000 (16 bit) 
>rl0: <RealTek 8139 10/100BaseTX> port 0xec00-0xecff mem 0xe7000000-0xe70000ff ir
>q 12 at device 10.0 on pci0
>rl0: Ethernet address: 00:e0:4c:f0:12:90
>miibus0: <MII bus> on rl0
>rlphy0: <RealTek internal media interface> on miibus0
>rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
>pcib1: <Host to PCI bridge> on motherboard
>pci2: <PCI bus> on pcib1
>orm0: <Option ROM> at iomem 0xc0000-0xc7fff on isa0
>pmtimer0 on isa0
>fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
>fdc0: FIFO enabled, 8 bytes threshold
>fd0: <1440-KB 3.5" drive> on fdc0 drive 0
>atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
>atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
>kbd0 at atkbd0
>vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
>sc0: <System console> at flags 0x100 on isa0
>sc0: VGA <16 virtual consoles, flags=0x300>
>sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
>sio0: type 16550A
>sio1 at port 0x2f8-0x2ff irq 3 on isa0
>sio1: type 16550A
>ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
>ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
>ppc0: FIFO with 16/16/16 bytes threshold
>plip0: <PLIP network interface> on ppbus0
>lpt0: <Printer> on ppbus0
>lpt0: Interrupt-driven port
>ppi0: <Parallel I/O> on ppbus0
>IP Filter: v3.4.31 initialized.  Default = pass all, Logging = disabled
>ad0: 6149MB <QUANTUM FIREBALL CR6.4A> [13328/15/63] at ata0-master UDMA33
>acd0: CDROM <GCD-R520B> at ata1-master PIO2
>Mounting root from ufs:/dev/ad0s1a
>IP packet filtering initialized, divert disabled, rule-based forwarding enabled,
> default to deny, logging disabled
>ip_fw_ctl: invalid command
>ip_fw_ctl: invalid command
>
>  
>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>한국 FreeBSD 사용자 그룹(KFUG) questions 메일링 리스트
>questions at kr.FreeBSD.org
>http://www.kr.FreeBSD.org/mailman/listinfo/questions
>


_______________________________________________
한국 FreeBSD 사용자 그룹(KFUG) questions 메일링 리스트
questions at kr.FreeBSD.org
http://www.kr.FreeBSD.org/mailman/listinfo/questions