From nikolay.kostirya at i11.co Wed May 6 16:02:29 2020 From: nikolay.kostirya at i11.co (Nick Kostirya) Date: Wed, 6 May 2020 16:02:29 +0300 Subject: [freebsd] =?utf-8?b?0JfQsNCy0LXRgNC90YPRgtGMINC30LDQv9GA0L7RgdGL?= =?utf-8?b?INC/0L4g0L3QvtC80LXRgNGDINC/0L7RgNGC0LAg0LIg0YLRg9C90L3QtdC7?= =?utf-8?q?=2E?= Message-ID: <20200506160229.529eefa3@i11.co> ??????. ???????? ???? ???????. ???? ???????, ?? ??????? ????? ?? ??? ???????. ?? ???? ????? ?????? ?? ??????, ?? ?????? ?????? ????? ???????. ????? ???????? ? ??????? ?? ?????? ?????. ??? ipfw ????????. port="9898" ${fwcmd} nat 1 config if tap0 reset same_ports ${fwcmd} add nat 1 ip from any ${port} to me via tap0 ${fwcmd} add nat 1 ip from me to any ${port} via tap0 ${fwcmd} add fwd 10.1.4.1 all from me to any ${port} 10.1.4.1 - ??? tap0: inet 10.1.4.6 netmask 0xffffff00 broadcast 10.1.4.255 sysctl net.inet.ip.forwarding=1 sysctl net.inet.ip.fw.one_pass=1 ? /etc/rc.conf ???? firewall_enable="YES" firewall_nat_enable="YES" firewall_script="/etc/ipfw.rules" ?? ???????? ???-?? ????? ???. ????? ???-?? ?? ??? ????????? From adsh at univ.kiev.ua Wed May 6 16:25:46 2020 From: adsh at univ.kiev.ua (Alexander Sheiko) Date: Wed, 6 May 2020 16:25:46 +0300 (EEST) Subject: [freebsd] =?utf-8?b?0JfQsNCy0LXRgNC90YPRgtGMINC30LDQv9GA0L7RgdGL?= =?utf-8?b?INC/0L4g0L3QvtC80LXRgNGDINC/0L7RgNGC0LAg0LIg0YLRg9C90L3QtdC7?= =?utf-8?q?=2E?= In-Reply-To: <20200506160229.529eefa3@i11.co> References: <20200506160229.529eefa3@i11.co> Message-ID: ? ?????? ?? ???, 06 ??? 2020, 16:02 Nick Kostirya ?????: > ${fwcmd} nat 1 config if tap0 reset same_ports > ${fwcmd} add nat 1 ip from any ${port} to me via tap0 > ${fwcmd} add nat 1 ip from me to any ${port} via tap0 > ${fwcmd} add fwd 10.1.4.1 all from me to any ${port} IP ? port - ?????-?? ?????? ?????????. ?????? ?????????? - TCP, UDP. -- Alexander Sheiko From i at levsha.me Wed May 6 18:21:16 2020 From: i at levsha.me (Mykola Dzham) Date: Wed, 6 May 2020 17:21:16 +0200 Subject: [freebsd] =?utf-8?b?0JfQsNCy0LXRgNC90YPRgtGMINC30LDQv9GA0L7RgdGL?= =?utf-8?b?INC/0L4g0L3QvtC80LXRgNGDINC/0L7RgNGC0LAg0LIg0YLRg9C90L3QtdC7?= =?utf-8?q?=2E?= In-Reply-To: <20200506160229.529eefa3@i11.co> References: <20200506160229.529eefa3@i11.co> Message-ID: <6D7BE409-0A64-485F-B413-66648370D52D@levsha.me> > 6 ????. 2020 ?. ? 15:02 Nick Kostirya ???????(??): > > ??????. > > ???????? ???? ???????. > ???? ???????, ?? ??????? ????? ?? ??? ???????. > ?? ???? ????? ?????? ?? ??????, ?? ?????? ?????? ????? ???????. > ????? ???????? ? ??????? ?? ?????? ?????. > > ??? ipfw ????????. > port="9898" > ${fwcmd} nat 1 config if tap0 reset same_ports > ${fwcmd} add nat 1 ip from any ${port} to me via tap0 C?????? ?????? ????????? in/out ? ????????, ????? ????????, ??? ? ?????? ???????? ??????? ????? ??????????? ??????. ??????? ??? ??????? ????? ???????? ??? ${fwcmd} add nat 1 ip from any ${port} to me in recv tap0 > ${fwcmd} add nat 1 ip from me to any ${port} via tap0 ??? ??????? ???? ????? ????????? ?????? ? ????? ???????????. ? ????????, ??? ???? ?? ?? ????????? fwd ???????, ????????? ????????? ????? ???, ???? ????????? ???????, ? ??? ?? ??????????? tap0. ??????? ${fwcmd} add nat 1 ip from me to any ${port} out > ${fwcmd} add fwd 10.1.4.1 all from me to any ${port} ? ??? ???? ???????????: ${fwcmd} add fwd 10.1.4.1 all from me to any ${port} out > > > 10.1.4.1 - ??? tap0: > inet 10.1.4.6 netmask 0xffffff00 broadcast 10.1.4.255 > > > sysctl net.inet.ip.forwarding=1 > sysctl net.inet.ip.fw.one_pass=1 ? ????? fwd ??????? ????????? ????? nat ??????? ??? ??? ??????? ????, one_pass ????? ?????????. > ? /etc/rc.conf ???? > firewall_enable="YES" > firewall_nat_enable="YES" > firewall_script="/etc/ipfw.rules" > > ?? ???????? ???-?? ????? ???. ?????????? ??? ???????? ??? ?????????? ???????, ?? ?? ???????? ? ?????? ???????? ?????? ??? ?????????? ?????? ???????? ????? ??? ??????? ??? ????. > ????? ???-?? ?? ??? ????????? > _______________________________________________ > freebsd mailing list > freebsd at uafug.org.ua > http://mailman.uafug.org.ua/mailman/listinfo/freebsd From eugen at grosbein.net Wed May 6 18:37:48 2020 From: eugen at grosbein.net (Eugene Grosbein) Date: Wed, 6 May 2020 22:37:48 +0700 Subject: [freebsd] =?utf-8?b?0JfQsNCy0LXRgNC90YPRgtGMINC30LDQv9GA0L7RgdGL?= =?utf-8?b?INC/0L4g0L3QvtC80LXRgNGDINC/0L7RgNGC0LAg0LIg0YLRg9C90L3QtdC7?= =?utf-8?q?=2E?= In-Reply-To: <20200506160229.529eefa3@i11.co> References: <20200506160229.529eefa3@i11.co> Message-ID: 06.05.2020 20:02, Nick Kostirya ?????: > ??????. > > ???????? ???? ???????. > ???? ???????, ?? ??????? ????? ?? ??? ???????. > ?? ???? ????? ?????? ?? ??????, ?? ?????? ?????? ????? ???????. > ????? ???????? ? ??????? ?? ?????? ?????. > > ??? ipfw ????????. > port="9898" > ${fwcmd} nat 1 config if tap0 reset same_ports > ${fwcmd} add nat 1 ip from any ${port} to me via tap0 > ${fwcmd} add nat 1 ip from me to any ${port} via tap0 > ${fwcmd} add fwd 10.1.4.1 all from me to any ${port} > > > 10.1.4.1 - ??? tap0: > inet 10.1.4.6 netmask 0xffffff00 broadcast 10.1.4.255 > > > sysctl net.inet.ip.forwarding=1 > sysctl net.inet.ip.fw.one_pass=1 > > > ? /etc/rc.conf ???? > firewall_enable="YES" > firewall_nat_enable="YES" > firewall_script="/etc/ipfw.rules" > > ?? ???????? ???-?? ????? ???. > > ????? ???-?? ?? ??? ????????? ??, ????? ?????? ????????????. ??-??????, ??? ipfw ? ???????? ??? ipfw nat ????? ??????? ????????? ??????? ????????? ? ? ??????????? ??? ????? ??? one_pass=1, ??????? ?????? ?????????? ?? ????-????????? ??????????? ??????, ?????? ???? ??????????? ?????? ?????? ? ${fwcmd} add. ?????, ipfw ????? ????? ???????? ??????? ? ???????? ?????. ??-??????, ????? ???????? ??????: ???? ??? ????????? ???????? ? ???? ?????? ? ???????, ?????????? ????? ???????? ???? ??, ?? ????? ?? ??????? ipfw fwd, ? ??????? ?? ??????? ????? ???????. ??? one_pass=1 ????? ???????????? ?????????? ????? ?????? ?? ???????? ?? ???????? ipfw ? ?? ???????? ? ipfw fwd. ??? ????? ??????? ?? ?????? ipfw show, ??? ???????????? ???????? ???????????? ??????. ???? ?? ???? ??? ???????? ???????? ?? ??? ??????, ?? ??????? ??? ????? ???????. From nikolay.kostirya at i11.co Thu May 7 07:15:38 2020 From: nikolay.kostirya at i11.co (Nick Kostirya) Date: Thu, 7 May 2020 07:15:38 +0300 Subject: [freebsd] =?utf-8?b?0JfQsNCy0LXRgNC90YPRgtGMINC30LDQv9GA0L7RgdGL?= =?utf-8?b?INC/0L4g0L3QvtC80LXRgNGDINC/0L7RgNGC0LAg0LIg0YLRg9C90L3QtdC7?= =?utf-8?q?=2E?= In-Reply-To: References: <20200506160229.529eefa3@i11.co> Message-ID: <20200507071538.0567fbad@i11.co> On Wed, 6 May 2020 22:37:48 +0700 Eugene Grosbein wrote: > 06.05.2020 20:02, Nick Kostirya ?????: > > ??????. > > > > ???????? ???? ???????. > > ???? ???????, ?? ??????? ????? ?? ??? ???????. > > ?? ???? ????? ?????? ?? ??????, ?? ?????? ?????? ????? ???????. > > ????? ???????? ? ??????? ?? ?????? ?????. .... > ??-??????, ????? ???????? ??????: ???? ??? ????????? ???????? ? ???? ?????? > ? ???????, ?????????? ????? ???????? ???? ??, ?? ????? ?? ??????? ipfw fwd, > ? ??????? ?? ??????? ????? ???????. ??? one_pass=1 ????? ???????????? > ?????????? ????? ?????? ?? ???????? ?? ???????? ipfw ? ?? ???????? ? ipfw fwd. > ??? ????? ??????? ?? ?????? ipfw show, ??? ???????????? ???????? ???????????? ??????. ??, ???? ???? ?? ???? ????????. ??????? ????????? ???????? ??????? (N). ???? ?????? (S), ?? ??????? ???????? ??? ???????: P1 ?? ????? ????? ? P2 ?? ?????? ?????. ???? ?????? (T) ? ???????? ? ????? ?????? ??????. ? ???????? ??????? ?? ??????? N - S:P1 ????????. ?????? ? S:P2 ???????? ??????, ?? ???????? ????? ?????? (T). ? ???? ? ???? ?? ????? (N) ? ???????? ?????????, ??? ?????? ?? S ????? ?????? T. ??? ????????, ?? ????????. ????????? ?????? ????? ?????? ??? S:P2, ????? ?????????? ????????? "????????" ?? ?????? ????? ?? N, ????? ?????? ?? S:P1 ????????. ??????????, ??? ipfw fwd ?????? ???????????? ??? ?????????? ???????, ? ?????? ??? ?????????? ? ????? ??? ??????? ??? ?????? netgraph? ??? ????? ??????? jain c vnet ? ????? ???????? ????????????? ? ?? ???? ?????????? ? S:P2? From nikolay.kostirya at i11.co Thu May 7 07:19:28 2020 From: nikolay.kostirya at i11.co (Nick Kostirya) Date: Thu, 7 May 2020 07:19:28 +0300 Subject: [freebsd] =?utf-8?b?0JfQsNCy0LXRgNC90YPRgtGMINC30LDQv9GA0L7RgdGL?= =?utf-8?b?INC/0L4g0L3QvtC80LXRgNGDINC/0L7RgNGC0LAg0LIg0YLRg9C90L3QtdC7?= =?utf-8?q?=2E?= In-Reply-To: <6D7BE409-0A64-485F-B413-66648370D52D@levsha.me> References: <20200506160229.529eefa3@i11.co> <6D7BE409-0A64-485F-B413-66648370D52D@levsha.me> Message-ID: <20200507071928.6a136698@i11.co> On Wed, 6 May 2020 17:21:16 +0200 Mykola Dzham wrote: > > 6 ????. 2020 ?. ? 15:02 Nick Kostirya ???????(??): > > > > ??????. > > > > ???????? ???? ???????. > > ???? ???????, ?? ??????? ????? ?? ??? ???????. > > ?? ???? ????? ?????? ?? ??????, ?? ?????? ?????? ????? ???????. > > ????? ???????? ? ??????? ?? ?????? ?????. > > > > ??? ipfw ????????. > > port="9898" > > ${fwcmd} nat 1 config if tap0 reset same_ports > > ${fwcmd} add nat 1 ip from any ${port} to me via tap0 > > C?????? ?????? ????????? in/out ? ????????, ????? ????????, ??? ? ?????? ???????? ??????? ????? ??????????? ??????. > ??????? ??? ??????? ????? ???????? ??? > > ${fwcmd} add nat 1 ip from any ${port} to me in recv tap0 > > > ${fwcmd} add nat 1 ip from me to any ${port} via tap0 > > ??? ??????? ???? ????? ????????? ?????? ? ????? ???????????. ? ????????, ??? ???? ?? ?? ????????? fwd ???????, ????????? ????????? ????? ???, ???? ????????? ???????, ? ??? ?? ??????????? tap0. ??????? > > ${fwcmd} add nat 1 ip from me to any ${port} out > > > ${fwcmd} add fwd 10.1.4.1 all from me to any ${port} > > ? ??? ???? ???????????: > > ${fwcmd} add fwd 10.1.4.1 all from me to any ${port} out > > > > > > 10.1.4.1 - ??? tap0: > > inet 10.1.4.6 netmask 0xffffff00 broadcast 10.1.4.255 > > > > > > sysctl net.inet.ip.forwarding=1 > > sysctl net.inet.ip.fw.one_pass=1 > > ? ????? fwd ??????? ????????? ????? nat ??????? ??? ??? ??????? ????, one_pass ????? ?????????. > > > ? /etc/rc.conf ???? > > firewall_enable="YES" > > firewall_nat_enable="YES" > > firewall_script="/etc/ipfw.rules" > > > > ?? ???????? ???-?? ????? ???. > > ?????????? ??? ???????? ??? ?????????? ???????, ?? ?? ???????? ? ?????? ???????? > ?????? ??? ?????????? ?????? ???????? ????? ??? ??????? ??? ????. one_pass ?????, ??????? ????????. ?? ???????? ???-?? ???????. ????? ????? ???????? ipfw, ????? ???????: # ipfw show 00200 0 0 nat 1 ip from any 9874 to me in via tap0 00300 4 240 nat 1 ip from me to any 9874 out 00400 4 240 fwd 10.1.4.1 tcp from me to any 9874 out 65500 115 43055 allow ip from any to any ?? ???????? ? ????? ?????? ? ??????? ?????????. ????? ?????: #ipfw show 00200 5 654 nat 1 ip from any 9874 to me in via tap0 00300 10 685 nat 1 ip from me to any 9874 00400 10 685 fwd 10.1.4.1 tcp from me to any 9874 out 65500 212 26630 allow ip from any to any ????????????. ?? ???????? ??? ??????. ?????? ?????, ? ?????? ? ??????? ?????????. From eugen at grosbein.net Thu May 7 09:16:54 2020 From: eugen at grosbein.net (Eugene Grosbein) Date: Thu, 7 May 2020 13:16:54 +0700 Subject: [freebsd] =?utf-8?b?0JfQsNCy0LXRgNC90YPRgtGMINC30LDQv9GA0L7RgdGL?= =?utf-8?b?INC/0L4g0L3QvtC80LXRgNGDINC/0L7RgNGC0LAg0LIg0YLRg9C90L3QtdC7?= =?utf-8?q?=2E?= In-Reply-To: <20200507071538.0567fbad@i11.co> References: <20200506160229.529eefa3@i11.co> <20200507071538.0567fbad@i11.co> Message-ID: <19c8c2ed-0a87-916c-d6ae-4c32be27d25e@grosbein.net> 07.05.2020 11:15, Nick Kostirya ?????: > On Wed, 6 May 2020 22:37:48 +0700 > Eugene Grosbein wrote: > >> 06.05.2020 20:02, Nick Kostirya ?????: >>> ??????. >>> >>> ???????? ???? ???????. >>> ???? ???????, ?? ??????? ????? ?? ??? ???????. >>> ?? ???? ????? ?????? ?? ??????, ?? ?????? ?????? ????? ???????. >>> ????? ???????? ? ??????? ?? ?????? ?????. > .... >> ??-??????, ????? ???????? ??????: ???? ??? ????????? ???????? ? ???? ?????? >> ? ???????, ?????????? ????? ???????? ???? ??, ?? ????? ?? ??????? ipfw fwd, >> ? ??????? ?? ??????? ????? ???????. ??? one_pass=1 ????? ???????????? >> ?????????? ????? ?????? ?? ???????? ?? ???????? ipfw ? ?? ???????? ? ipfw fwd. >> ??? ????? ??????? ?? ?????? ipfw show, ??? ???????????? ???????? ???????????? ??????. > > ??, ???? ???? ?? ???? ????????. > > ??????? ????????? ???????? ??????? (N). > ???? ?????? (S), ?? ??????? ???????? ??? ???????: P1 ?? ????? ????? ? P2 ?? ?????? ?????. > ???? ?????? (T) ? ???????? ? ????? ?????? ??????. > ? ???????? ??????? ?? ??????? N - S:P1 ????????. > ?????? ? S:P2 ???????? ??????, ?? ???????? ????? ?????? (T). > > ? ???? ? ???? ?? ????? (N) ? ???????? ?????????, ??? ?????? ?? S ????? ?????? T. > ??? ????????, ?? ????????. > > ????????? ?????? ????? ?????? ??? S:P2, ????? ?????????? ????????? "????????" ?? ?????? ????? ?? N, ????? ?????? ?? S:P1 ????????. > > > ??????????, ??? ipfw fwd ?????? ???????????? ??? ?????????? ???????, ? ?????? ??? ?????????? ?????, ????? ???? ????????? one_pass. ?? ????????????? ?????? ?? tap0 ??? ??????? ?????????????. ????????????? ????? ????? ?????? ?? T, ????? ???????, ?????????? ?? ???????, ??????? ?? S ? ??????????? ??????? ?????????. ???????? ?????? ????? ???????? ?????????? ????? ??????? ? ??????? ?????? ?? ????????. From eugen at grosbein.net Thu May 7 09:28:19 2020 From: eugen at grosbein.net (Eugene Grosbein) Date: Thu, 7 May 2020 13:28:19 +0700 Subject: [freebsd] =?utf-8?b?0JfQsNCy0LXRgNC90YPRgtGMINC30LDQv9GA0L7RgdGL?= =?utf-8?b?INC/0L4g0L3QvtC80LXRgNGDINC/0L7RgNGC0LAg0LIg0YLRg9C90L3QtdC7?= =?utf-8?q?=2E?= In-Reply-To: <19c8c2ed-0a87-916c-d6ae-4c32be27d25e@grosbein.net> References: <20200506160229.529eefa3@i11.co> <20200507071538.0567fbad@i11.co> <19c8c2ed-0a87-916c-d6ae-4c32be27d25e@grosbein.net> Message-ID: <92df4be1-533a-439b-8417-5276ef319949@grosbein.net> 07.05.2020 13:16, Eugene Grosbein ?????: >> ??????????, ??? ipfw fwd ?????? ???????????? ??? ?????????? ???????, ? ?????? ??? ?????????? > > ?????, ????? ???? ????????? one_pass. ?? ????????????? ?????? ?? tap0 ??? ??????? ?????????????. > ????????????? ????? ????? ?????? ?? T, ????? ???????, ?????????? ?? ???????, ??????? ?? S ? ??????????? ??????? ?????????. > ???????? ?????? ????? ???????? ?????????? ????? ??????? ? ??????? ?????? ?? ????????. ????, ? ???? ?????? ?????? ????? ????? ???????? ? ?????????? ??????? source IP ??? ????????? ???????? ? NAT, ?????????????, ??? ?? ?????? ??? ????????. ??????? ????? ?????: ipfw nat 1 config if tap0 ipfw add 60 nat 1 ip from any to any in recv tap0 ipfw add 50000 nat 1 tcp from any to $serverip $serverport out ipfw add 50010 fwd $tap0gw ip from $tap0ip to any out xmit $realif ??? $realif - ??? ??????????? (?????????) ??????????, ? ??????? ?????????? default route, ??? ??? ?? ???????????? ipfw fwd ????????? ?????? ????????? ? ???? ????????? ? ??????? ???????, ????? fwd, ????? ?? ??????, ??????? ??????? ?? ????? ?????? ???. $serverip ? $serverport ??? ?????????????? IP-????? ? ???? ??????????, ?????? ?? ??????? ????? ?????????? ? ???????. $tap0ip ??? ??????????? IP-????? ???????? ?? ???????, ? $tap0gw ??? ????? ??????? T, ????????? ??????? ???????. ?? ?????? ???????? gateway_enable="YES" ?? ???????? ? ????????? one_pass. From Alexander.Druzhin at raz.ru Mon May 18 15:21:14 2020 From: Alexander.Druzhin at raz.ru (=?koi8-r?B?5NLV1snOIOHMxcvTwc7E0iD3wdPJzNjF18ne?=) Date: Mon, 18 May 2020 12:21:14 +0000 Subject: [freebsd] =?koi8-r?b?0sXEydLFy9Qg1NLBztrJ1M7Px88g1NLBxsnLwQ==?= In-Reply-To: <0E7323CE3780DF4E9DF04E28097C101403F95F3CFA@CC-EX01.raz.corp> References: <0E7323CE3780DF4E9DF04E28097C101403F95F3CFA@CC-EX01.raz.corp> Message-ID: <0E7323CE3780DF4E9DF04E28097C101403F95F3D13@CC-EX01.raz.corp> ????????????! ???? ????????????? ??? FreeBSD 11.2, ??????, VPN-????????????. ??? ????? ??????? ???????? ????????? ?????????????????? ??????? ? ?????? ?? ?????? ????? ?????? ????????? ????. ?? ? ?????????? ???????? ?????????????? ??? ???????????????? ?????????? ???????. ??, ?.?. ????? ?????? nat redirect_port, ?? ??? ??????????? ???????. ? ??? ?????, ??? ????? ???????? ? ??????? ng_patch, ?? ??? ???? ???, ??????????, ??????????, ? ??? ???? ?? ????????? ?????? ??????. ???? ?????-?? ???????? ???????? -- ????????? ?????? From eugen at grosbein.net Mon May 18 18:20:15 2020 From: eugen at grosbein.net (Eugene Grosbein) Date: Mon, 18 May 2020 22:20:15 +0700 Subject: [freebsd] =?utf-8?b?0YDQtdC00LjRgNC10LrRgiDRgtGA0LDQvdC30LjRgtC9?= =?utf-8?b?0L7Qs9C+INGC0YDQsNGE0LjQutCw?= In-Reply-To: <0E7323CE3780DF4E9DF04E28097C101403F95F3D13@CC-EX01.raz.corp> References: <0E7323CE3780DF4E9DF04E28097C101403F95F3CFA@CC-EX01.raz.corp> <0E7323CE3780DF4E9DF04E28097C101403F95F3D13@CC-EX01.raz.corp> Message-ID: <748aef0f-2448-f794-7bf3-f632a5706a3a@grosbein.net> 18.05.2020 19:21, ?????? ????????? ?????????? ?????: > ???? ????????????? ??? FreeBSD 11.2, ??????, VPN-????????????. > ??? ????? ??????? ???????? ????????? ?????????????????? ??????? ? ?????? ?? ?????? ????? ?????? ????????? ????. > ?? ? ?????????? ???????? ?????????????? ??? ???????????????? ?????????? ???????. > ??, ?.?. ????? ?????? nat redirect_port, ?? ??? ??????????? ???????. > ? ??? ?????, ??? ????? ???????? ? ??????? ng_patch, ?? ??? ???? ???, ??????????, ??????????, ? ??? ???? ?? ????????? ?????? ??????. > ???? ?????-?? ???????? ???????? ?????????? nat redirect_port ? ????, ?? ?????? ??????????? ?????? ??? ??????????? ???????. ? ? ???, ??????????, ????????? ????????? ipfw nat ????? ????????? ??????? ??????, ????????????? ?????? ipfw nat ????? ??? ????? IP-???????, ????????????? ??????????? ?????? ?????????????. ?? man ipfw: The nat configuration command is the following: nat nat_number config nat-configuration The following parameters can be configured: ip ip_address Define an ip address to use for aliasing. ??? ???: ipfw disable one_pass ipfw nat 100 config ip 1.1.1.1 redirect_port tcp 192.168.0.1:80 500 ipfw add 40 nat 100 tcp from any to 1.1.1.1 500 in recv $ext_if ipfw add 50010 nat 100 tcp from 192.168.0.1 80 to any out ??? ? ??? ??????, ???? VPN ?? IPSec, ? ?????? ? IPSec ?????????. From Alexander.Druzhin at raz.ru Mon May 18 18:46:17 2020 From: Alexander.Druzhin at raz.ru (=?koi8-r?B?5NLV1snOIOHMxcvTwc7E0iD3wdPJzNjF18ne?=) Date: Mon, 18 May 2020 15:46:17 +0000 Subject: [freebsd] =?koi8-r?b?0sXEydLFy9Qg1NLBztrJ1M7Px88g1NLBxsnLwQ==?= In-Reply-To: <748aef0f-2448-f794-7bf3-f632a5706a3a@grosbein.net> References: <0E7323CE3780DF4E9DF04E28097C101403F95F3CFA@CC-EX01.raz.corp> <0E7323CE3780DF4E9DF04E28097C101403F95F3D13@CC-EX01.raz.corp> <748aef0f-2448-f794-7bf3-f632a5706a3a@grosbein.net> Message-ID: <0E7323CE3780DF4E9DF04E28097C101403F95F4E56@CC-EX01.raz.corp> From: Eugene Grosbein [mailto:eugen at grosbein.net] Sent: Monday, May 18, 2020 6:20 PM >18.05.2020 19:21, ?????? ????????? ?????????? ?????: > >> ???? ????????????? ??? FreeBSD 11.2, ??????, VPN-????????????. >> ??? ????? ??????? ???????? ????????? ?????????????????? ??????? ? ?????? ?? ?????? ????? ?????? ????????? ????. >> ?? ? ?????????? ???????? ?????????????? ??? ???????????????? ?????????? ???????. >> ??, ?.?. ????? ?????? nat redirect_port, ?? ??? ??????????? ???????. >> ? ??? ?????, ??? ????? ???????? ? ??????? ng_patch, ?? ??? ???? ???, ??????????, ??????????, ? ??? ???? ?? ????????? ?????? ??????. >> ???? ?????-?? ???????? ???????? > > ?????????? nat redirect_port ? ????, ?? ?????? ??????????? ?????? ??? ??????????? ???????. > ? ? ???, ??????????, ????????? ????????? ipfw nat ????? ????????? ??????? ??????, ????????????? ?????? ipfw nat ????? ??? ????? IP-???????, ????????????? ??????????? ?????? ?????????????. ??????????, ? ? ??????????, ?????? ??? ??????, ???? ? ???????, ??? ?????????? ???????? ?????? ??? ??????? ?? nat-??????????. ?? ?????. ?? ??? ???, ??? ???????????. > ?? man ipfw: > > The nat configuration command is the following: > > nat nat_number config nat-configuration > > The following parameters can be configured: > > ip ip_address > Define an ip address to use for aliasing. > > ??? ???: > > ipfw disable one_pass > ipfw nat 100 config ip 1.1.1.1 redirect_port tcp 192.168.0.1:80 500 > ipfw add 40 nat 100 tcp from any to 1.1.1.1 500 in recv $ext_if > ipfw add 50010 nat 100 tcp from 192.168.0.1 80 to any out > > ??? ? ??? ??????, ???? VPN ?? IPSec, ? ?????? ? IPSec ?????????. ???????????? ipsec vti ? gre ?????? ipsec. ??? ????????? ???????? ?????? ?? gre. From eugen at grosbein.net Mon May 18 21:16:07 2020 From: eugen at grosbein.net (Eugene Grosbein) Date: Tue, 19 May 2020 01:16:07 +0700 Subject: [freebsd] =?utf-8?b?0YDQtdC00LjRgNC10LrRgiDRgtGA0LDQvdC30LjRgtC9?= =?utf-8?b?0L7Qs9C+INGC0YDQsNGE0LjQutCw?= In-Reply-To: <0E7323CE3780DF4E9DF04E28097C101403F95F4E56@CC-EX01.raz.corp> References: <0E7323CE3780DF4E9DF04E28097C101403F95F3CFA@CC-EX01.raz.corp> <0E7323CE3780DF4E9DF04E28097C101403F95F3D13@CC-EX01.raz.corp> <748aef0f-2448-f794-7bf3-f632a5706a3a@grosbein.net> <0E7323CE3780DF4E9DF04E28097C101403F95F4E56@CC-EX01.raz.corp> Message-ID: <2f8347ea-480a-6954-9f32-41d69add7a2d@grosbein.net> 18.05.2020 22:46, ?????? ????????? ?????????? ?????: >> ??? ? ??? ??????, ???? VPN ?? IPSec, ? ?????? ? IPSec ?????????. > > ???????????? ipsec vti ? gre ?????? ipsec. > ??? ????????? ??? ????????, ??: https://dadv.livejournal.com/202710.html ???? ???????? ??????, ?? ???????? ?????? ?? ??????. ? ??? ??? ???????? ????? ???? ?? ae at freebsd.org, ??????? ??? ??? ??? ?? ????????????, ?? ??? ? ?? ????????????. ? ??? ? ??? ??? ????????? ? ?????????? ????????, ????? ?? ????????? ??????????????: http://www.grosbein.net/freebsd/patches/nat_in_out.diff ???? ???? ??????????????? ??????? ??????? natd ? ipfw nat, ???????? ??????? ipfw nat-in ? ipfw nat-out ? ??????? ? ipfw nat. ? ???? ???????? ? ???????? ?????? ?????????: ipfw add 2020 nat-in 100 ip from any to any in recv $ext_if ipfw add 50100 nat-out 100 ip from any to not $lan in recv $lan_if From Alexander.Druzhin at raz.ru Mon May 18 21:31:35 2020 From: Alexander.Druzhin at raz.ru (=?koi8-r?B?5NLV1snOIOHMxcvTwc7E0iD3wdPJzNjF18ne?=) Date: Mon, 18 May 2020 18:31:35 +0000 Subject: [freebsd] =?koi8-r?b?0sXEydLFy9Qg1NLBztrJ1M7Px88g1NLBxsnLwQ==?= In-Reply-To: <2f8347ea-480a-6954-9f32-41d69add7a2d@grosbein.net> References: <0E7323CE3780DF4E9DF04E28097C101403F95F3CFA@CC-EX01.raz.corp> <0E7323CE3780DF4E9DF04E28097C101403F95F3D13@CC-EX01.raz.corp> <748aef0f-2448-f794-7bf3-f632a5706a3a@grosbein.net> <0E7323CE3780DF4E9DF04E28097C101403F95F4E56@CC-EX01.raz.corp> <2f8347ea-480a-6954-9f32-41d69add7a2d@grosbein.net> Message-ID: <0E7323CE3780DF4E9DF04E28097C101403F95F4EB1@CC-EX01.raz.corp> From: Eugene Grosbein [mailto:eugen at grosbein.net] Sent: Monday, May 18, 2020 9:16 PM >>> ??? ? ??? ??????, ???? VPN ?? IPSec, ? ?????? ? IPSec ?????????. >> >> ???????????? ipsec vti ? gre ?????? ipsec. >> ??? ????????? > > ??? ????????, ??: https://dadv.livejournal.com/202710.html > ???? ???????? ??????, ?? ???????? ?????? ?? ??????. > > ? ??? ??? ???????? ????? ???? ?? ae at freebsd.org, ??????? ??? ??? ??? ?? ????????????, ?? ??? ? ?? ????????????. > ? ??? ? ??? ??? ????????? ? ?????????? ????????, ????? ?? ????????? ??????????????: > > http://www.grosbein.net/freebsd/patches/nat_in_out.diff > > ???? ???? ??????????????? ??????? ??????? natd ? ipfw nat, ???????? ??????? ipfw nat-in ? ipfw nat-out ? ??????? ? ipfw nat. > > ? ???? ???????? ? ???????? ?????? ?????????: > > ipfw add 2020 nat-in 100 ip from any to any in recv $ext_if > ipfw add 50100 nat-out 100 ip from any to not $lan in recv $lan_if ????, ??????? ??????? ?? ??????????! From eugene at home.wdc.spb.ru Sun May 31 20:29:06 2020 From: eugene at home.wdc.spb.ru (Eugene V. Boontseff) Date: Sun, 31 May 2020 20:29:06 +0300 Subject: [freebsd] =?utf-8?b?aXBzZWMgZnJlZWJzZCA8LT4gbWlrcm90aWs6INC/0YA=?= =?utf-8?b?0L7Qv9Cw0LTQsNC10YIg0YHQvtC10LTQuNC90LXQvdC40LUu?= Message-ID: <4619435b-f065-1de6-54c1-dcff848ceadd@home.wdc.spb.ru> ????????????, ???????! ? ???? ???????? ipsec ????? ???????? ??????? ? freebsd 11.3 stable ? ??????????? (RO 6.46.6)? ????????? ????. ???????, ??? ???????????? ?????????? ??????, ? ?????? ? ????????? ??????? ????????????. ???? ????????, ? ??? ???????. ? ??????? ?????: ? SA ??????? 60 ????? (48 soft). ?? ????????? 48 ?????, ????????? ????? SA. ?? ????????? ?????, ??? ? ????????? ??????? ??? ?????????? ????? ???????? ?????????????? ?????, ? ????? ??? ?????????. ?? ? ????????? ??????? ?????????? ?????????????? ??????. ??? ?????, ????? ????? ????? ?????? ????????, ?? ?? ????????? ????????? ?????? ??? SA, ? ?? freebsd ?????? ? ???????? ???????? ?????. ?????????? ?????? ?? ????????? ?????????. ????????? ?? ??? net.key.preferred_oldsa=0, ? ??????????, ??? ???????. ?? ???. ??????????? ????? ????, ?? ?????? ?? ????????????. ????? ???? ?????, ??? ? ???? ??????? PS. ????????? ?? ???? ???????? ??????, ?? ???? ???????, ??????, ??? ???????????. -- Eugene From eugen at grosbein.net Sun May 31 21:30:56 2020 From: eugen at grosbein.net (Eugene Grosbein) Date: Mon, 1 Jun 2020 01:30:56 +0700 Subject: [freebsd] =?utf-8?b?aXBzZWMgZnJlZWJzZCA8LT4gbWlrcm90aWs6INC/0YA=?= =?utf-8?b?0L7Qv9Cw0LTQsNC10YIg0YHQvtC10LTQuNC90LXQvdC40LUu?= In-Reply-To: <4619435b-f065-1de6-54c1-dcff848ceadd@home.wdc.spb.ru> References: <4619435b-f065-1de6-54c1-dcff848ceadd@home.wdc.spb.ru> Message-ID: <579fdee5-b2f6-74da-03bf-f41ecb55541c@grosbein.net> 01.06.2020 0:29, Eugene V. Boontseff wrote: > ????????????, ???????! > > ? ???? ???????? ipsec ????? ???????? ??????? ? freebsd 11.3 stable ? ?????????? (RO 6.46.6)? ????????? ????. > ???????, ??? ???????????? ?????????? ??????, ? ?????? ? ????????? ??????? ????????????. > ???? ????????, ? ??? ???????. ? ??????? ?????: > ? SA ??????? 60 ????? (48 soft). ?? ????????? 48 ?????, ????????? ????? SA. ?? ????????? ?????, ??? ? ????????? ??????? ??? ?????????? ????? ???????? ?????????????? ?????, ? ????? ??? ?????????. ?? ? ????????? ??????? ?????????? ?????????????? ??????. ??? ?????, ????? ????? ????? ?????? ????????, ?? ?? ????????? ????????? ?????? ??? SA, ? ?? freebsd ?????? ? ???????? ???????? ?????. ?????????? ?????? ?? ????????? ?????????. > ????????? ?? ??? net.key.preferred_oldsa=0, ? ??????????, ??? ???????. ?? ???. ??????????? ????? ????, ?? ?????? ?? ????????????. > ????? ???? ?????, ??? ? ???? ??????? > PS. ????????? ?? ???? ???????? ??????, ?? ???? ???????, ??????, ??? ???????????. 1. ???????? RouterOS ?? ????????? ?????????? ??????. 2. net.key.preferred_oldsa=0 ??? ?????????, ????? ?????? ??????????. 3. ????? ???????? Dead Peer Detection (DPD) ?????????? IKE, ?????????? ? ????? ??????. 4. 60 ????? ??? ????? ????. ? ?????? ?????? 12 ????? (??? ??????? 8 - ????? ???????? ???). ????? ???? ??? IKE ???????????? ?? FreeBSD ? ??? ?? ????? ?????? ?????????? From eugene at home.wdc.spb.ru Sun May 31 22:23:35 2020 From: eugene at home.wdc.spb.ru (Eugene V. Boontseff) Date: Sun, 31 May 2020 22:23:35 +0300 Subject: [freebsd] =?utf-8?b?aXBzZWMgZnJlZWJzZCA8LT4gbWlrcm90aWs6INC/0YA=?= =?utf-8?b?0L7Qv9Cw0LTQsNC10YIg0YHQvtC10LTQuNC90LXQvdC40LUu?= In-Reply-To: <579fdee5-b2f6-74da-03bf-f41ecb55541c@grosbein.net> References: <4619435b-f065-1de6-54c1-dcff848ceadd@home.wdc.spb.ru> <579fdee5-b2f6-74da-03bf-f41ecb55541c@grosbein.net> Message-ID: <1af3cbd0-690e-ada0-7f2c-45f228d2f064@home.wdc.spb.ru> On 31.05.2020 21:30, Eugene Grosbein wrote: > 01.06.2020 0:29, Eugene V. Boontseff wrote: > >> ????????????, ???????! >> >> ? ???? ???????? ipsec ????? ???????? ??????? ? freebsd 11.3 stable ? ?????????? (RO 6.46.6)? ????????? ????. >> ???????, ??? ???????????? ?????????? ??????, ? ?????? ? ????????? ??????? ????????????. >> ???? ????????, ? ??? ???????. ? ??????? ?????: >> ? SA ??????? 60 ????? (48 soft). ?? ????????? 48 ?????, ????????? ????? SA. ?? ????????? ?????, ??? ? ????????? ??????? ??? ?????????? ????? ???????? ?????????????? ?????, ? ????? ??? ?????????. ?? ? ????????? ??????? ?????????? ?????????????? ??????. ??? ?????, ????? ????? ????? ?????? ????????, ?? ?? ????????? ????????? ?????? ??? SA, ? ?? freebsd ?????? ? ???????? ???????? ?????. ?????????? ?????? ?? ????????? ?????????. >> ????????? ?? ??? net.key.preferred_oldsa=0, ? ??????????, ??? ???????. ?? ???. ??????????? ????? ????, ?? ?????? ?? ????????????. >> ????? ???? ?????, ??? ? ???? ??????? >> PS. ????????? ?? ???? ???????? ??????, ?? ???? ???????, ??????, ??? ???????????. > 1. ???????? RouterOS ?? ????????? ?????????? ??????. ??? ????????? ?????????? 6.46.6 > 2. net.key.preferred_oldsa=0 ??? ?????????, ????? ?????? ??????????. > 3. ????? ???????? Dead Peer Detection (DPD) ?????????? IKE, ?????????? ? ????? ??????. ?? ???????? ????? DPD interval 120 s, ? ?????? ?????? ???????? ????: dpd_delay 120; - ??? ?? ? remote { .. }? > 4. 60 ????? ??? ????? ????. ? ?????? ?????? 12 ????? (??? ??????? 8 - ????? ???????? ???). ? ???? ? ???? 12. ? ???????? ???, ????? ????? ? ??? ????????. > > ????? ???? ??? IKE ???????????? ?? FreeBSD ? ??? ?? ????? ?????? ?????????? > > racoon, freebsd ?????????, ?????? ??? ip ?? ??????????. > -- Eugene From eugen at grosbein.net Sun May 31 22:39:28 2020 From: eugen at grosbein.net (Eugene Grosbein) Date: Mon, 1 Jun 2020 02:39:28 +0700 Subject: [freebsd] =?utf-8?b?aXBzZWMgZnJlZWJzZCA8LT4gbWlrcm90aWs6INC/0YA=?= =?utf-8?b?0L7Qv9Cw0LTQsNC10YIg0YHQvtC10LTQuNC90LXQvdC40LUu?= In-Reply-To: <1af3cbd0-690e-ada0-7f2c-45f228d2f064@home.wdc.spb.ru> References: <4619435b-f065-1de6-54c1-dcff848ceadd@home.wdc.spb.ru> <579fdee5-b2f6-74da-03bf-f41ecb55541c@grosbein.net> <1af3cbd0-690e-ada0-7f2c-45f228d2f064@home.wdc.spb.ru> Message-ID: <847cfbba-e918-35ae-e494-0ba6f36cfe07@grosbein.net> 01.06.2020 2:23, Eugene V. Boontseff ?????: >> 3. ????? ???????? Dead Peer Detection (DPD) ?????????? IKE, ?????????? ? ????? ??????. > ?? ???????? ????? DPD interval 120 s, ? ?????? ?????? ???????? ????: dpd_delay 120; - ??? ?? ? remote { .. }? ??, ? ???? ???????? ???-?? ???? ??????: dpd_delay 5; dpd_retry 5; dpd_maxfail 12; >> 4. 60 ????? ??? ????? ????. ? ?????? ?????? 12 ????? (??? ??????? 8 - ????? ???????? ???). > ? ???? ? ???? 12. ? ???????? ???, ????? ????? ? ??? ????????. >> ????? ???? ??? IKE ???????????? ?? FreeBSD ? ??? ?? ????? ?????? ?????????? > racoon, freebsd ?????????, ?????? ??? ip ?? ??????????. ?? ? ??????, ?? ???? DPD ? ????? ??????? ????? ????? ?????? ????????????????? ? ???? ?????? IKE, ? ?? ???? 12 ????? ??? ????? ??????????? ????? ?????? ?????????. ? ?????? ???? ? ????????? RouterOS ?????? ? ??????????, ??? ?????? ????. From eugene at home.wdc.spb.ru Sun May 31 22:46:56 2020 From: eugene at home.wdc.spb.ru (Eugene V. Boontseff) Date: Sun, 31 May 2020 22:46:56 +0300 Subject: [freebsd] =?utf-8?b?aXBzZWMgZnJlZWJzZCA8LT4gbWlrcm90aWs6INC/0YA=?= =?utf-8?b?0L7Qv9Cw0LTQsNC10YIg0YHQvtC10LTQuNC90LXQvdC40LUu?= In-Reply-To: <847cfbba-e918-35ae-e494-0ba6f36cfe07@grosbein.net> References: <4619435b-f065-1de6-54c1-dcff848ceadd@home.wdc.spb.ru> <579fdee5-b2f6-74da-03bf-f41ecb55541c@grosbein.net> <1af3cbd0-690e-ada0-7f2c-45f228d2f064@home.wdc.spb.ru> <847cfbba-e918-35ae-e494-0ba6f36cfe07@grosbein.net> Message-ID: <5eee15b0-0aa0-2cb9-3c18-898b79a89461@home.wdc.spb.ru> On 31.05.2020 22:39, Eugene Grosbein wrote: > 01.06.2020 2:23, Eugene V. Boontseff ?????: > >>> 3. ????? ???????? Dead Peer Detection (DPD) ?????????? IKE, ?????????? ? ????? ??????. >> ?? ???????? ????? DPD interval 120 s, ? ?????? ?????? ???????? ????: dpd_delay 120; - ??? ?? ? remote { .. }? > ??, ? ???? ???????? ???-?? ???? ??????: > > dpd_delay 5; > dpd_retry 5; > dpd_maxfail 12; > >>> 4. 60 ????? ??? ????? ????. ? ?????? ?????? 12 ????? (??? ??????? 8 - ????? ???????? ???). >> ? ???? ? ???? 12. ? ???????? ???, ????? ????? ? ??? ????????. >>> ????? ???? ??? IKE ???????????? ?? FreeBSD ? ??? ?? ????? ?????? ?????????? >> racoon, freebsd ?????????, ?????? ??? ip ?? ??????????. > ?? ? ??????, ?? ???? DPD ? ????? ??????? ????? ????? ?????? ????????????????? ? ???? ?????? IKE, > ? ?? ???? 12 ????? ??? ????? ??????????? ????? ?????? ?????????. ?????? ???????! ??????????, ??? ????? ??????????? ? ?????????? ????? ?? 12 ?????. > > ? ?????? ???? ? ????????? RouterOS ?????? ? ??????????, ??? ?????? ???, ????? ??????! -- Eugene