kradenkov
Newbie | Редактировать | Профиль | Сообщение | ICQ | Цитировать | Сообщить модератору Две локалки: 192.168.0.0/24 192.168.2.0/24 на 192.168.0.100 L2TP Server с адресом микротик 192.168.2.101 подключен как 10.0.1.3/24 пинги из сетки в сетку идут. А вот к удаленному рабочему столу, например, подключается нестабильно или вовсе не подключает. Потери пакетов нет. Цитата: [admin@FreeBSD_1M_NEW] > ip firewall filter print Flags: X - disabled, I - invalid, D - dynamic 0 ;;; Drop invalid connection packets chain=input connection-state=invalid action=drop 1 ;;; Allow established connections chain=input connection-state=established action=accept 2 ;;; Allow established connections chain=forward connection-state=established action=accept 3 ;;; Allow related connections chain=input connection-state=related action=accept 4 ;;; Allow related connections chain=forward connection-state=related action=accept 5 ;;; Allow UDP chain=input protocol=udp action=accept 6 ;;; Allow UDP chain=forward protocol=udp action=accept 7 ;;; Allow ICMP Ping chain=input protocol=icmp action=accept 8 ;;; Allow ICMP Ping chain=forward protocol=icmp action=accept 9 ;;; Drop invalid connection packets chain=forward connection-state=invalid action=drop 10 chain=forward out-interface=LAN src-address=192.168.2.0/24 action=accept 11 chain=forward in-interface=LAN dst-address=192.168.2.0/24 action=accept 12 X ;;; MASQUERADE_ALL chain=forward src-address-list=MASQUERADE_ALL action=log log-prefix="MASQ_ALL" 13 ;;; MASQUERADE_ALL chain=forward src-address-list=MASQUERADE_ALL action=accept 14 ;;; Access to Miktotik by IP-address chain=input protocol=tcp dst-port=8291 action=accept 15 ;;; Allow DNS requests chain=input in-interface=LAN protocol=tcp dst-port=53 action=accept 16 ;;; Access ALL port forwarding to LOTUS chain=forward dst-address=192.168.0.250 action=accept 17 X chain=forward protocol=tcp dst-port=5222-5223 action=log log-prefix="JABBER" 18 ;;; WebProxy chain=input in-interface=LAN src-address=192.168.0.0/24 protocol=tcp dst-port=3128 action=accept 19 chain=input in-interface=!LAN protocol=tcp dst-port=3128 action=drop 20 ;;; Allow 5190 for ICQ chain=forward protocol=tcp dst-port=5190 src-address-list=!ICQ action=drop 21 ;;; Torrent for 0.61 chain=forward protocol=tcp dst-port=32000 action=accept 22 ;;; POP3 chain=forward protocol=tcp dst-port=110 action=accept 23 ;;; SMTP chain=forward protocol=tcp dst-port=25 action=accept 24 ;;; Client-banking chain=forward protocol=tcp dst-port=8804 action=accept 25 ;;; 443 port forwarding chain=forward protocol=tcp dst-port=443 action=accept 26 ;;; Log ALL dropped in FORWAD chain chain=forward action=log log-prefix="FORWARD_DENY" 27 ;;; All other inputs drop chain=forward action=drop 28 chain=input protocol=tcp dst-port=22-23 action=accept 29 X ;;; Log droped INPUT chain=input action=log log-prefix="DROP_INPUT" 30 ;;; All other inputs drop chain=input action=drop [admin@FreeBSD_1M_NEW] ip> route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf # DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE 0 ADC 10.0.1.2/32 10.0.1.1 l2tp-video 1 ADC 10.0.1.3/32 10.0.1.1 l2tp-dhz 2 ADC 192.168.0.0/24 192.168.0.100 LAN 3 A S 192.168.2.0/24 r 10.0.1.3 l2tp-dhz 4 A S 192.168.5.190/32 r 10.0.1.2 l2tp-video 5 A S 192.168.5.0/24 r 192.168.0.101 LAN 6 ADC 213.130.10.48/32 89.105.ффф.чч pppoe-1024 7 AD 0.0.0.0/0 r 213.130.10.48 1 pppoe-1024 [admin@FreeBSD_1M_NEW] > interface print Flags: X - disabled, D - dynamic, R - running # NAME TYPE RX-RATE TX-RATE MTU 0 R LAN ether 0 0 1500 1 R WAN ether 0 0 1500 2 R pppoe-1024 pppoe-out 0 0 1480 3 R l2tp-video l2tp-in 0 0 1460 4 R l2tp-dhz l2tp-in 0 0 1460 |
| Всего записей: 4 | Зарегистр. 05-02-2007 | Отправлено: 16:14 22-10-2007 | Исправлено: kradenkov, 16:15 22-10-2007 |
|