Freebsd : при подключении второго провайдера падает интернет
Форум — Admin
Здравствуйте! Шлюз на FreeBSD, два провайдера.
Кратко : не запускается интернет при подключении второго провайдера. Задача : пустить весь интернет-трафик через этого провайдера изнутри сети. Внешние подключения будут падать на второго, это нас устраивает - там слушается пара портов и так. Если вообще возможно - просто весь трафик гнать на интерфейс igb5, а не на ip-адрес.
---------------------------------------------------------------
Подробно:
С одним провайдером какое-то время не работали, теперь вот снова. Но если раньше соединение с ним проходило по PPPoE, то теперь один по PPPoE, а второй просто должен все выдать по DHCP.
Итак. Пишу DHCP (или SYNCDHCP) в /etc/rc.conf Перезагружаю ... адрес получается, но интернета нет вообще. Меняю DHCP на UP - ну, все есть, правда по другому провайдеру.
#ifconfig_igb5="up"
ifconfig_igb5="SYNCDHCP"
Убираю туннель (рублю полностью поднятие PPPoE соединения первым провайдером = комментирую в файле ppp.conf
#pit:
# set device PPPoE:igb5
# set authname namename
# set authkey pa$$w0rd
rc.d conf
hostname=«gw.hostname.ru"
allscreens_flags="MODE_279"
sshd_enable="YES"
dumpdev="NO"
zfs_enable="YES"
# network
#ifconfig_igb0="SAT"
ifconfig_igb1="up"
ifconfig_igb2="up mtu 6000"
ifconfig_igb3="up mtu 6000"
ifconfig_igb4="up mtu 6000"
ifconfig_igb5="up"
#ifconfig_igb5="SYNCDHCP"
cloned_interfaces="lagg0"
ifconfig_lagg0="laggproto roundrobin laggport igb2 laggport igb3 laggport igb4 192.168.5.1/29 mtu 6000"
ppp_enable="YES"
ppp_mode="ddial"
#ppp_profile="pit ars"
ppp_profile="pit ars mts"
ppp_pit_unit="0"
ppp_pit_nat="YES"
ppp_ars_unit="1"
ppp_ars_nat="YES"
ppp_mts_unit="2"
ppp_mts_nat="YES"
# Routes
gateway_enable="YES"
# Time
ntpdate_enable="YES"
ntpdate_flags="192.168.5.4"
# IPFW
firewall_enable="YES"
firewall_nat_enable="YES"
firewall_script="/etc/rc.fwsgw"
# Sendmail
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
Текст ppp.linkup
pit:
! sh -c "/usr/local/bin/fwtab clear 1 && /usr/local/bin/fwtab add 1 /etc/ppp/pithl; /etc/ppp/pitfw delete;"
#! sh -c "/usr/local/bin/fwtab clear 1 && /usr/local/bin/fwtab add 1 /etc/ppp/pithl; /etc/ppp/pitfw delete; /etc/ppp/pitfw add; route add default 192.168.119.37"
ars:
#! sh -c "/usr/local/bin/fwtab clear 2 && /usr/local/bin/fwtab add 2 /etc/ppp/arshl; /etc/ppp/arsfw delete; /etc/ppp/arsfw add;"
! sh -c "/usr/local/bin/fwtab clear 2 && /usr/local/bin/fwtab add 2 /etc/ppp/arshl; /etc/ppp/arsfw delete; /etc/ppp/arsfw add; route add default x.x.x.x" Текст ppp.linkdown
pit:
! sh -c "/usr/local/bin/tunroutes del tun0 /etc/ppp/pithl; route del default; ipfw setfib 1 route del default"
ars:
! sh -c "/usr/local/bin/tunroutes del tun1 /etc/ppp/arshl; route del default; ipfw setfib 2 route del default" pitfw
тут пробовал поменять #pit_tun_if=«tun0» #pit_tun_ip=`/sbin/ifconfig ${pit_tun_if} | grep inet | cut -d ' ' -f2` #pit_tun_gw=`/sbin/ifconfig ${pit_tun_if} | grep inet | cut -d ' ' -f4` pit_tun_if=«igb5» pit_tun_ip=«192.168.119.38» pit_tun_gw=«192.168.119.37» Соответственно, раньше было то, что закоментировано. Скажем так, хотел «обмануть» ось, но ничего это не поменяло.
#!/bin/sh -
# Usage pitfw <action>
# where: <action> = add or delete
#
fwc="/sbin/ipfw"
log_cmd="log logamount 1000"
sfib="/usr/sbin/setfib"
rt="/sbin/route"
lan5_if="lagg0"
lan5_ip="192.168.5.1"
lan5_net="192.168.5.0/29"
ns_ip="192.168.5.6"
mail_ip="192.168.5.3"
pit_if="igb5"
#pit_tun_if="tun0"
#pit_tun_ip=`/sbin/ifconfig ${pit_tun_if} | grep inet | cut -d ' ' -f2`
#pit_tun_gw=`/sbin/ifconfig ${pit_tun_if} | grep inet | cut -d ' ' -f4`
pit_tun_if="igb5"
pit_tun_ip="192.168.119.38"
pit_tun_gw="192.168.119.37"
fib_num="1"
ssh_port="1914"
# ======= MAIN ======
# Netbios (137=name, 138=datagram, 139=session)
${fwc} ${1} 523 deny ${log_cmd} tcp from any to any 137 in recv ${pit_tun_if}
${fwc} ${1} 524 deny ${log_cmd} tcp from any to any 138 in recv ${pit_tun_if}
${fwc} ${1} 525 deny ${log_cmd} tcp from any to any 139 in recv ${pit_tun_if}
# MS/Windows hosts2
${fwc} ${1} 541 deny ${log_cmd} tcp from any to any 81 in recv ${pit_tun_if}
# Block any dalayed packets
${fwc} ${1} 551 deny ${log_cmd} all from any to any frag via ${pit_tun_if}
# ===== Admin =======
${fwc} ${1} 755 deny ${log_cmd} all from any to me ${ssh_port} via ${pit_tun_if}
# ===== NAT ==========
#${fwc} nat 2 config if ${pit_tun_if} reset same_ports redirect_port tcp ${mail_ip}:25 25
#${fwc} ${1} 200 setfib ${fib_num} ip from ${mail_ip} 25 to any in recv ${lan5_if}
${fwc} ${1} 201 setfib ${fib_num} ip from ${lan5_net} to "table(1)" recv ${lan5_if}
#${fwc} ${1} 401 nat 2 ip from any to any via ${pit_tun_if}
# -- ns rules
${fwc} ${1} 1936 allow ip from ${ns_ip} to any 53 out xmit ${pit_tun_if}
${fwc} ${1} 1937 allow ip from any 53 to ${ns_ip} in recv ${pit_tun_if}
# ====== ROUTE ========
if [ "${1}" == "add" ]; then
${sfib} ${fib_num} ${rt} add default ${pit_tun_gw}
else
${sfib} ${fib_num} ${rt} del default
fi
arsfw
oot@smegw:/etc/ppp # cat arsfw
#!/bin/sh -
#
# Usage arsfw <action>
# where: <action> = add or delete
#
fwc="/sbin/ipfw"
log_cmd="log logamount 1000"
sfib="/usr/sbin/setfib"
rt="/sbin/route"
lan5_if="lagg0"
lan5_ip="192.168.5.1"
lan5_net="192.168.5.0/29"
gw_ip="192.168.5.4"
ns_ip="192.168.5.6"
mail_ip="192.168.5.3"
ars_if="igb1"
ars_tun_if="tun1"
ars_tun_ip=`/sbin/ifconfig $ars_tun_if | grep inet | cut -d ' ' -f2`
ars_tun_gw=`/sbin/ifconfig $ars_tun_if | grep inet | cut -d ' ' -f4`
fib_num="2"
ssh_port=«8888»
vpn_port=«99999»
chem_ip=«222.222.222.222»
gen_ip=«111.111.111.111»
# ======= MAIN ======
# Netbios (137=name, 138=datagram, 139=session)
${fwc} ${1} 526 deny ${log_cmd} tcp from any to any 137 in recv ${ars_tun_if}
${fwc} ${1} 527 deny ${log_cmd} tcp from any to any 138 in recv ${ars_tun_if}
${fwc} ${1} 528 deny ${log_cmd} tcp from any to any 139 in recv ${ars_tun_if}
# MS/Windows hosts2
${fwc} ${1} 542 deny ${log_cmd} tcp from any to any 81 in recv ${ars_tun_if}
# Block any dalayed packets
${fwc} ${1} 552 deny ${log_cmd} all from any to any frag via ${ars_tun_if}
# ===== Admin =======
${fwc} ${1} 757 deny ${log_cmd} all from any to me ${ssh_port} via ${ars_tun_if}
# ===== NAT ==========
${fwc} nat 2 config if ${ars_tun_if} reset same_ports redirect_port tcp ${mail_ip}:25 25
#${fwc} nat 2 ip from ${chem_ip}
${fwc} nat 3 config if ${ars_tun_if} reset same_ports deny_in redirect_port tcp ${gw_ip}:${vpn_port} ${ars_tun_ip}:${vpn_port} ${chem_ip} redirect_port tcp ${gw_ip}:${vpn_port} ${ars_tun_ip}:${vpn_port} ${gen_ip}
${fwc} ${1} 200 setfib ${fib_num} ip from ${mail_ip} 25 to any in recv ${lan5_if}
${fwc} ${1} 202 setfib ${fib_num} ip from ${lan5_net} to "table(2)" recv ${lan5_if}
${fwc} ${1} 398 skipto 402 ip from ${gen_ip} to any via ${ars_tun_if}
${fwc} ${1} 399 skipto 402 ip from ${chem_ip} to any via ${ars_tun_if}
${fwc} ${1} 401 nat 2 ip from any to any via ${ars_tun_if}
${fwc} ${1} 402 nat 3 ip from any to any via ${ars_tun_if}
# -- -- vpn
${fwc} ${1} 1912 allow ip from ${gw_ip} ${vpn_port} to ${chem_ip} in recv ${lan5_if}
${fwc} ${1} 1913 allow ip from ${chem_ip} to ${gw_ip} ${vpn_port} out xmit ${lan5_if}
${fwc} ${1} 1915 allow ip from ${gw_ip} to ${chem_ip} 44380 in recv ${lan5_if}
${fwc} ${1} 1916 allow ip from ${chem_ip} 44380 to ${gw_ip} out xmit ${lan5_if}
${fwc} ${1} 1917 allow ip from ${gw_ip} ${vpn_port} to ${gen_ip} in recv ${lan5_if}
${fwc} ${1} 1918 allow ip from ${gen_ip} to ${gw_ip} ${vpn_port} out xmit ${lan5_if}
${fwc} ${1} 1919 allow ip from ${gw_ip} to ${gen_ip} 44380 in recv ${lan5_if}
${fwc} ${1} 1920 allow ip from ${gen_ip} 44380 to ${gw_ip} out xmit ${lan5_if}
# -- ns rules
${fwc} ${1} 1934 allow ip from ${ns_ip} to any 53 out xmit ${ars_tun_if}
${fwc} ${1} 1935 allow ip from any 53 to ${ns_ip} in recv ${ars_tun_if}
# ===== ROUTE ========
if [ "${1}" == "add" ]; then
${sfib} ${fib_num} ${rt} add default ${ars_tun_gw}
else
${sfib} ${fib_num} ${rt} del default
fi ---------------------------------------------------------- Спасибо.