NetBSD下使用pf作网关的奇怪问题

kswei · 发表于 2004-7-29 11:15:53

外网卡rtk0,内网卡rtk1,已正确配置，用pf作NAT，配置如下：
rc.conf:
---------------------------------------
hostname=kswei
defaultroute="aaa.bbb.ccc.ddd"
gateway=YES
lkm=YES
pf=YES
sshd=YES
wscons=YES
---------------------------------------
pf.conf:
---------------------------------------
# macros
ext_if = "rtk0"
int_if = "rtk1"

tcp_services = "{22,80}"
icmp_types = "echoreq"
priv_nets = "{127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8}"
comp2 = "192.168.5.2"

# options
set block-policy return
set loginterface $ext_if

# scrub
scrub in all

# nat/rdr
nat on $ext_if from $int_if:network to any -> ($ext_if)
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021

rdr on $ext_if proto tcp from any to any port 80 -> $comp2 port 80

# filter rules
block all
pass quick on lo0 all
pass quick on $int_if all

block drop in  quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets

pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state
pass in on $ext_if proto tcp from any to $comp2 port 80 flags S/SA synproxy state
pass in inet proto icmp all icmp-type $icmp_types keep state

pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto {udp, icmp} all keep state
----------------------------------------
lkm.conf:
----------------------------------------
# $NetBSD: lkm.conf,v 1.2 1997/07/14 11:55:46 drochner Exp $
#
# see lkm.conf(5) for details.  path will look in /lkm and /usr/lkm.
#
# path options entry postinstall output when
#/lkm/if_ipl.o - - - - -
/usr/pkg/lkm/pfmodule.o - - /usr/pkg/sbin/pfmkdev - AFTERMOUNT
----------------------------------------
重启后，通过 #pfctl -s state 查看，pf已经开始工作，这时能 ping 通外网的 IP ，也能 PING 通 www.163.com,
但是用 IE 浏览  www.163.com 或其他任意网站时，速度却极为缓慢，主页只显示了不到一半就 time out 了，
同样的配置方法在FreeBSD 的网关上却工作正常。
哪位老兄知道问题出在哪里？

		自动登录	找回密码
密码			注册

NetBSD下使用pf作网关的奇怪问题

浏览过的版块