[FUG-BR] RES: Firewall com pf no freeBSD 7
Ricardo Augusto de Souza
ricardo.souza em cmtsp.com.br
Terça Novembro 4 08:15:57 BRST 2008
Certo. Vou usar no rc.conf mesmo. Enviei o dmesg errado. Mandei antes de reiniciar a maquina.
+ e a respeito do meu problema.
Do servidor eu consigo acessar a rede 10.100.0.0/24 e pq nao consigo acessa-la dos clientes que usam o FreeBSD como geteway.
Dmesg correto:
FW2# cat dmesg.ok
Copyright (c) 1992-2008 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.0-RELEASE #1: Mon Nov 3 13:25:30 BRST 2008
root em FW2.CMT:/usr/obj/usr/src/sys/CMT
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Xeon(R) CPU E5405 @ 2.00GHz (1995.01-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x10676 Stepping = 6
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=0xce33d<SSE3,RSVD2,MON,DS_CPL,VMX,TM2,SSSE3,CX16,xTPR,PDCM,DCA,<b19>>
AMD Features=0x20000000<LM>
AMD Features2=0x1<LAHF>
Cores per package: 4
real memory = 3220992000 (3071 MB)
avail memory = 3146506240 (3000 MB)
ACPI APIC Table: <IBM SERDEFNT>
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
cpu0 (BSP): APIC ID: 0
cpu1 (AP): APIC ID: 1
cpu2 (AP): APIC ID: 2
cpu3 (AP): APIC ID: 3
ioapic0 <Version 2.0> irqs 0-23 on motherboard
kbd1 at kbdmux0
ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
hptrr: HPT RocketRAID controller driver v1.1 (Nov 3 2008 13:25:15)
acpi0: <IBM SERDEFNT> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x588-0x58b on acpi0
acpi_hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 900
cpu0: <ACPI CPU> on acpi0
p4tcc0: <CPU Frequency Thermal Control> on cpu0
cpu1: <ACPI CPU> on acpi0
p4tcc1: <CPU Frequency Thermal Control> on cpu1
cpu2: <ACPI CPU> on acpi0
p4tcc2: <CPU Frequency Thermal Control> on cpu2
cpu3: <ACPI CPU> on acpi0
p4tcc3: <CPU Frequency Thermal Control> on cpu3
pcib0: <ACPI Host-PCI bridge> on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 2.0 on pci0
pci16: <ACPI PCI bus> on pcib1
pcib2: <ACPI PCI-PCI bridge> at device 0.0 on pci16
pci17: <ACPI PCI bus> on pcib2
pcib3: <ACPI PCI-PCI bridge> at device 0.0 on pci17
pci19: <ACPI PCI bus> on pcib3
pcib4: <ACPI PCI-PCI bridge> at device 1.0 on pci17
pci18: <ACPI PCI bus> on pcib4
pcib5: <ACPI PCI-PCI bridge> at device 0.3 on pci16
pci20: <ACPI PCI bus> on pcib5
pcib6: <PCI-PCI bridge> at device 3.0 on pci0
pci35: <PCI bus> on pcib6
pcib7: <ACPI PCI-PCI bridge> at device 4.0 on pci0
pci7: <ACPI PCI bus> on pcib7
pcib8: <PCI-PCI bridge> at device 5.0 on pci0
pci34: <PCI bus> on pcib8
pcib9: <ACPI PCI-PCI bridge> at device 6.0 on pci0
pci3: <ACPI PCI bus> on pcib9
pcib10: <PCI-PCI bridge> at device 0.0 on pci3
pci4: <PCI bus> on pcib10
bce0: <Broadcom NetXtreme II BCM5708 1000Base-T (B2)> mem 0xc8000000-0xc9ffffff irq 18 at device 0.0 on pci4
miibus0: <MII bus> on bce0
brgphy0: <BCM5708C 10/100/1000baseTX PHY> PHY 1 on miibus0
brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
bce0: Ethernet address: 00:1a:64:79:f1:58
bce0: [ITHREAD]
bce0: ASIC (0x57081020); Rev (B2); Bus (PCI-X, 64-bit, 133MHz); F/W (0x04000305); Flags( MFW MSI )
pcib11: <ACPI PCI-PCI bridge> at device 7.0 on pci0
pci2: <ACPI PCI bus> on pcib11
aac0: <IBM ServeRAID-8k> port 0x4000-0x40ff mem 0xcce00000-0xccffffff,0xcafe0000-0xcaffffff irq 17 at device 0.0 on pci2
aac0: New comm. interface enabled
aac0: [ITHREAD]
aac0: ServeRAID 8k-l , aac driver 2.0.0-1
pci0: <base peripheral> at device 8.0 (no driver attached)
pcib12: <ACPI PCI-PCI bridge> irq 16 at device 28.0 on pci0
pci5: <ACPI PCI bus> on pcib12
pcib13: <PCI-PCI bridge> at device 0.0 on pci5
pci6: <PCI bus> on pcib13
bce1: <Broadcom NetXtreme II BCM5708 1000Base-T (B2)> mem 0xce000000-0xcfffffff irq 16 at device 0.0 on pci6
miibus1: <MII bus> on bce1
brgphy1: <BCM5708C 10/100/1000baseTX PHY> PHY 1 on miibus1
brgphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
bce1: Ethernet address: 00:1a:64:79:f1:5a
bce1: [ITHREAD]
bce1: ASIC (0x57081020); Rev (B2); Bus (PCI-X, 64-bit, 133MHz); F/W (0x04000305); Flags( MFW MSI )
uhci0: <Intel 631XESB/632XESB/3100 USB controller USB-1> port 0x2200-0x221f irq 23 at device 29.0 on pci0
uhci0: [GIANT-LOCKED]
uhci0: [ITHREAD]
usb0: <Intel 631XESB/632XESB/3100 USB controller USB-1> on uhci0
usb0: USB revision 1.0
uhub0: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb0
uhub0: 2 ports with 2 removable, self powered
uhci1: <Intel 631XESB/632XESB/3100 USB controller USB-2> port 0x2600-0x261f irq 22 at device 29.1 on pci0
uhci1: [GIANT-LOCKED]
uhci1: [ITHREAD]
usb1: <Intel 631XESB/632XESB/3100 USB controller USB-2> on uhci1
usb1: USB revision 1.0
uhub1: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb1
uhub1: 2 ports with 2 removable, self powered
uhci2: <Intel 631XESB/632XESB/3100 USB controller USB-3> port 0x2a00-0x2a1f irq 23 at device 29.2 on pci0
uhci2: [GIANT-LOCKED]
uhci2: [ITHREAD]
usb2: <Intel 631XESB/632XESB/3100 USB controller USB-3> on uhci2
usb2: USB revision 1.0
uhub2: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb2
uhub2: 2 ports with 2 removable, self powered
ehci0: <Intel 63XXESB USB 2.0 controller> mem 0xf9000000-0xf90003ff irq 23 at device 29.7 on pci0
ehci0: [GIANT-LOCKED]
ehci0: [ITHREAD]
usb3: EHCI version 1.0
usb3: companion controllers, 2 ports each: usb0 usb1 usb2
usb3: <Intel 63XXESB USB 2.0 controller> on ehci0
usb3: USB revision 2.0
uhub3: <Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1> on usb3
uhub3: 6 ports with 6 removable, self powered
pcib14: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci1: <ACPI PCI bus> on pcib14
vgapci0: <VGA-compatible display> port 0x3000-0x30ff mem 0xd0000000-0xd7ffffff,0xdfff0000-0xdfffffff irq 22 at device 1.0 on pci1
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel 63XXESB2 UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x480-0x48f at device 31.1 on pci0
ata0: <ATA channel 0> on atapci0
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci0
ata1: [ITHREAD]
pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A
sio0: [FILTER]
pmtimer0 on isa0
orm0: <ISA Option ROMs> at iomem 0xc0000-0xcafff,0xcb000-0xcc7ff,0xcc800-0xcdfff,0xce000-0xd2fff pnpid ORM0000 on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
ppc0: parallel port not found.
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounters tick every 1.000 msec
hptrr: no controller detected.
acd0: CDRW <HL-DT-STCD-RW/DVD DRIVE GCC-T10N/1.00> at ata0-master UDMA33
aacd0: <RAID 0 (Stripe)> on aac0
aacd0: 279788MB (573005824 sectors)
SMP: AP CPU #1 Launched!
SMP: AP CPU #3 Launched!
SMP: AP CPU #2 Launched!
Trying to mount root from ufs:/dev/aacd0s1a
bce0: link state changed to UP
bce1: link state changed to UP
arp: 10.10.0.2 is on bce1 but got reply from 00:11:0a:a0:a8:c4 on bce0
arp: 10.10.20.100 is on bce1 but got reply from 00:1e:37:4b:08:96 on bce0
arp: 10.10.0.2 is on bce1 but got reply from 00:11:0a:a0:a8:c4 on bce0
arp: 10.10.100.254 is on bce1 but got reply from 00:0a:5e:63:7e:2e on bce0
arp: 10.10.0.2 is on bce1 but got reply from 00:11:0a:a0:a8:c4 on bce0
arp: 10.10.0.2 is on bce1 but got reply from 00:11:0a:a0:a8:c4 on bce0
arp: 10.10.0.2 is on bce1 but got reply from 00:11:0a:a0:a8:c4 on bce0
FW2#
-----Mensagem original-----
De: freebsd-bounces em fug.com.br em nome de Márcio Luciano Donada
Enviada: seg 3/11/2008 18:07
Para: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)"
Assunto: Re: [FUG-BR] Firewall com pf no freeBSD 7
Ricardo Augusto de Souza escreveu:
> FW2# cat rc.conf
>
> # -- sysinstall generated deltas -- # Fri Oct 31 08:57:07 2008
> # Created: Fri Oct 31 08:57:07 2008
> # Enable network daemons for user convenience.
> # Please make all changes to this file, not to /etc/defaults/rc.conf.
> # This file now contains just the overrides from /etc/defaults/rc.conf.
> ken_securelevel="1"
> kern_securelevel_enable="YES"
> pf_enable="YES"
> defaultrouter="189.xxx.xxx.xxx"
> gateway_enable="YES"
> hostname="FW2.CMT"
> ifconfig_bce0="inet 189.xxx.xxx.3 netmask 255.255.255.248"
> ifconfig_bce1="inet 10.10.100.252 netmask 255.255.0.0"
> inetd_enable="YES"
> keymap="br275.cp850"
> linux_enable="YES"
> sshd_enable="YES"
> FW2#
>
>
> FW2# cat rc.local
> #alias
> ifconfig bce1 alias 10.100.1.4 netmask 255.255.255.192 up
> #rotas
> route add 10.100.0.0/24 10.100.1.1
> FW2#
>
>
Você pode colocar os alias de interface tudo no rc.conf, veja no [1].
Você falou que recompilou seu kernel mas seu dmesg traz o kernel GENERIC:
FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008
root em logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
[1].
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-virtual-hosts.html
Abraço,
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Mais detalhes sobre a lista de discussão freebsd