请教:Freebsd + pf +poptop外网访问问题

本帖最后由 zzm183 于 2010-10-04 10:57 编辑

我用freebsd7做的 pptp pppoe服务器 pppoe能正常访问外网 pptp能拨上能分配地址,客户端ping服务器上的内网地址(172.16.100.100)和外网地址(比如说:10.201.20.2)都能ping通,但是外网上不去

pf.conf

wan_if="rl0"
int_if="rl1"
noroute="{127.0.0.1,255.255.255.255/32}"
routeip="172.16.100.100"
internal_net="172.16.0.0/16"
internal1_net="192.168.0.0/16"
wan_addr="X.X.X.X"
loop="lo0"
nat on $wan_if from !($wan_if) -> ($wan_if:0)
pass in all
pass out all

ipfw list

00050 divert 8668 ip4 from any to any via rl0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
65000 allow ip from any to any
65535 deny ip from any to any

cat /etc/ppp/ppp.conf


pppoe:
  set timeout 0
  set device PPPoE:rl1
  allow mode direct
  set mru 1492
  set mtu 1492
  set speed sync
  enable lqr
  set lqrperiod 60
  enable chap
  enable pap
  enable mppe
  enable MSChap
  enable MSChapv2
  enable proxy
  set cd 5
  accept dns
#  set radius /etc/radius.conf
  set ifaddr 192.168.1.1 192.168.1.2-192.168.1.100


loop:

  set timeout 0
  set log phase chat connect lcp ipcp command
  set device localhost:pptp
  set dial
  set login
  # Server (local) IP address, Range for Clients, and Netmask
  # if you want to use NAT use private IP addresses
  set ifaddr 172.16.100.100 192.168.0.2-192.168.0.254 255.255.255.0
  add default HISADDR
  set server /tmp/loop "" 0177

loop-in:

  set timeout 0
  set log phase lcp ipcp command
  allow mode direct

pptp:

  load loop
  disable pap
  # Authenticate against /etc/passwd
  enable passwdauth
  disable ipv6cp
  enable proxy
  accept dns
  enable MSChapV2
  enable mppe
  disable deflate pred1
  deny deflate pred1
  set dns 202.101.172.35
  set device !/etc/ppp/secure

cat /usr/local/etc/pptpd.conf
speed 115200
pidfile /var/run/pptpd.pid

# debug
nobsdcomp
proxyarp
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
lock
name pptp
auth
listen X.X.X.X
localip 172.16.100.100
remoteip 192.168.0.1-192.168.0.254

请帮忙看下,谢了~

问题已解决~~