WAN ide a LAN nie

[Smita]

goose wrote:

>Zdravim,,
>
>mam tento problem:
>
>nemozem sa dostat so ssh na router a ani dalej z vnutornej siete..
>pingnem vnutorne aj vonkajsie rozhranie,ale to je tak vsetko.
>
>z vonku sa na router v pohode prihlasim cez ssh. takisto z roura sa
>dostanem do celeho internetu.
>
>rc.conf:
>
>hostname="www.blabla.sk"
>
>linux_enable="YES"
>sshd_enable="YES"
>inetd_enable="NO"
>sendmail_enable="NO"
>sendmail_submit_enable="NO"
>sendmail_outbound_enable="NO"
>sendmail_msp_queue_enable="NO"
>check_quotas="NO"
>
>ifconfig_xl0="inet 10.1.0.1 netmask 255.255.255.0"  #LAN
>ifconfig_vr0="inet 10.1.1.9 netmask 255.255.255.0"  #WAN
>
>ipfilter_enable="YES"
>ipfilter_flags=""
>ipfilter_rules=/etc/ipf.rules
>
>ipnat_enable="YES"
>ipnat_rules=/etc/ipnat.rules
>
>firewall_enable="YES"
>firewall_script="/etc/rc.dummynet"
>firewall_type="OPEN"
>firewall_logging="YES"
>KERN_SECURELEVEL_ENABLE="NO"
>KEYRATE="FAST"
>SAVER="LOGO"
>USBD_ENABLE="NO"
>dhcpd_enable="YES"
>named_enable="YES" 
>
>/etc/ipf.rules
>
>pass in all
>pass out all
>
>
>
>pass in quick on lo0 all
>pass out quick on lo0 all
>
>pass in quick on xl0 all
>pass out quick on xl0 all
>
>pass in quick on vr0 proto tcp all
>pass in quick on vr0 proto udp all
>
>pass in quick on vr0 all
>pass out quick on vr0 all 
>
>
>/etc/ipnat.rules :
>
>map xl0 10.1.0.0/24 -> 0.0.0.0/32 portmap tcp/udp 40000:65000
>map xl0 0/0 -> 0/32
>
>poradte prosim kde mam chybu...
>
>  
>
Dobry den.
Myslim, ze by melo stacit v /etc/ipnat.rules zmenit zarizeni z xl0 na vr0.
V dokumentaci k IPF se uvadi, ze NAT se ma provadet na vnejsim zarizeni.
Nashledanou.

                            -=<SmItA>=-