Люди добрый помогите настроить даную цепочку, на данный момент имею такую конфигурацию:
у провайдера знаю только адрес прокси, и адрес который он мне выделил. DNS только локальный на внутренней сетки под Win.
1) Ядро таким параметрами
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_DEFAULT_TO_ACCEPT
options TCP_DROP_SYNFIN
options DUMMYNET
options IPDIVERT
2) rc.conf
hostname="Internet.TK.local"
ifconfig_ed0="inet 10.10.x.x netmask 255.255.255.0"
ifconfig_xl0="inet 192.168.x.x netmask 255.255.255.0"
inetd_enable="YES"
rpcbind_enable="YES"
sshd_enable="YES"
tcp_extentions="NO"
tcp_drop_synfin="YES"
icmp_drop_redirect="YES"
icmp_log_redirect="YES"
natd_enable="YES"
natd_interface="ed0"
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="M"
firewall_logging="YES"
firewall_quiet="NO"
3) ipFW
где 10.10.x.x адрес сетки смотрящей в инет
192.168.x.x - внутреняя сеть
local="lo0"
lan="xl0"
inet="ed0"
setup_loopback
${fwcmd} add pass all from any to any via ${local}
${fwcmd} add deny ip from 192.168.0.0/16 to any in via ${inet}
${fwcmd} add deny ip from 172.16.0.0/12 to any in via ${inet}
${fwcmd} add fwd 127.0.0.1,3128 tcp from 192.168.x.0:255.255.255.0 to any http,https,ftp via ${lan}
${fwcmd} add divert natd ip from 192.168.x.x:255.255.255.0 to any out via ${inet}
${fwcmd} add divert natd ip from any to 10.10.x.x in via ${inet}
${fwcmd} add pass tcp from any to any established
${fwcmd} add pass ip from 10.10.x.x to any out xmit ${inet}
${fwcmd} add deny tcp from any to any 20,21,22,23,3128 in via ${inet}
${fwcmd} add deny tcp from any to any 20,21,22,23,80,443 in via ${lan}
${fwcmd} add deny tcp from any to any 8000-8104 in via ${lan}
${fwcmd} add pass tcp from any to any 25 out
${fwcmd} add pass tcp from any 25 to any out
${fwcmd} add pass udp from any to any 110
${fwcmd} add pass udp from any 110 to any
${fwcmd} add pass udp from any to any 53
${fwcmd} add pass udp from any 53 to any
${fwcmd} add pass all from any to any via ${lan}
${fwcmd} add allow icmp from any to 10.10.x.x in via inet icmptype 0,3,4,11,12
${fwcmd} add allow icmp from any to 192.168.x.0:255.255.255.0 in via ${inet} icmptype 0,3,4,11,12
${fwcmd} add allow icmp from 10.10.x.x to any out via ${inet} icmptype 3,8,12
${fwcmd} add allow icmp from 10.10.x.x to any out via ${inet} frag
${fwcmd} add deny log all from any to any via ${inet}
${fwcmd} add deny log ip from any to any
4) Squid установлен на 10.10.х.х на порт 3128
При попытки загрузить страницу он пишет
The requested URL could not be retrieved
While trying to retrieve the URL: http://www.izvestia.ru/
The following error was encountered:
Unable to determine IP address from host name for www.izvestia.ru
The dnsserver returned:
Name Error: The domain name does not exist.
This means that:
The cache was not able to resolve the hostname presented in the URL.
Check if the address is correct.
Что я делаю не так?
Вариант для распечатки
Информационная безопасность (Public)
(ok) on
16-Фев-05, 13:18 (MSK)
