PPP NAT + IPFW

[Vladimír Benc]

Dobry den,

> Patrne jsem musel byt v nejake efourii, pac po vsech tech krocich,
> uprave rc.conf a ppp.conf, precteni man ppp
> /usr/src/usr.sbin/ppp/README.nat nejsem o moc chytrejsi.
>
> Tohle mi ukazuje tcpdump -i tun0:
>
> 20:21:03.430416 192.168.100.2.50855 > pop3.seznam.cz.pop3: . ack 7436
> win 33304
> <nop,nop,timestamp 4596592 550672889> (DF)
> 20:21:03.654302 pop3.seznam.cz.pop3 > 192.168.100.2.50855: .
> 7436:8884(1448) ack
>  46 win 5792 <nop,nop,timestamp 550672889 4596314> (DF)
>
>  Takze je evidentni, ze tam k zadnemu nat prekladu nedochazi. Poradi mi
>  nekdo kdo pouziva ppp nat?
>
>
>
> Zbynek

a tohle ukazuje me:
192.168.1.1 (GW 4.8REL) 192.168.1.3 (Desktop 4.10REL)

##
02:55:43.049341 192.168.1.1.domain > 195.250.128.38.domain:  62134+ [1au] 
AAAA? pop3.volny.cz. (42)
02:55:43.198323 195.250.128.38.domain > 192.168.1.1.domain:  62134 0/1/1 
(104)
02:55:43.202257 192.168.1.3.1851 > 212.20.96.146.pop3: S 
219204061:219204061(0) win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp 
6189167 0> (DF) [tos 0x10]
02:55:43.358446 212.20.96.146.pop3 > 192.168.1.3.1851: S 
1769079284:1769079284(0) ack 219204062 win 57344 <mss 1460,nop,wscale 
0,nop,nop,timestamp 115498085 6189167> (DF)
02:55:43.359080 192.168.1.3.1851 > 212.20.96.146.pop3: . ack 1 win 57920 
<nop,nop,timestamp 6189183 115498085> (DF) [tos 0x10]
02:55:43.498463 212.20.96.146.pop3 > 192.168.1.3.1851: P 1:24(23) ack 1 
win 57920 <nop,nop,timestamp 115498100 6189183> (DF)
02:55:43.594369 192.168.1.3.1851 > 212.20.96.146.pop3: . ack 24 win 57920 
<nop,nop,timestamp 6189207 115498100> (DF) [tos 0x10]
##

je mi ten vystup taky divny, kazdopadne ale k prekladu u me dochazi. Jen 
tcpdump nalinkovanej na tun0 vypada, ze mu to neni jasny a nebo chyta 
pakety na prichozim na tun0 ale ppp je tam odsad teprve sosa a preklada a 
posila tun->out (jinak si to nedokazu vysvetlit)

k tomu konfiguraku - muzete smele pridat jeste:
nat deny_incoming yes

Vladimir Benc