Возникла проблема с программой клиент-банк которая не умеет работать через прокси, а работает только на прямую.
Суть проблемы следующая:
Имеется на входе маршрутизатор который сам подключается к интернету и раздает его дальше в две локальные сети в одной из которых стоит прокси-сервер squid+pf на FreeBSD - данная машина является шлюзом для своей локальной сети.
NAT настроен через pf для программ которые не умеют работать с прокси следующим образом:
rl0 - внешний интерфейс FreeBSD (в сторону маршрутизатора),
vr0 - внутренний интерфейс FreeBSD (в сторону локалки),
nat on rl0 from vr0:network to any -> (rl0)
net.inet.ip.forwarding=1 в /etc/sysctl.conf присутствует.
Запрещающие правила в pf.conf отсутствуют.
tpcdump при попытке подключиться клиент-банком выводит следующее:
192.168.2.12 - адрес пк с клиент-банком,
Спойлер (Отобразить)
# tcpdump -i vr0 host 192.168.2.12
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vr0, link-type EN10MB (Ethernet), capture size 96 bytes
10:52:34.574552 ARP, Request who-has 192.168.2.12 tell 192.168.2.12, length 46
10:52:34.575357 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25
0
10:52:34.844426 ARP, Request who-has 192.168.2.12 tell 192.168.2.12, length 46
10:52:35.360069 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25 0
10:52:35.844433 ARP, Request who-has 192.168.2.12 tell 192.168.2.12, length 46
10:52:36.360071 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25 0
10:52:36.859945 ARP, Request who-has 192.168.2.12 tell 192.168.2.12, length 46
10:52:36.862173 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25 0
10:52:37.844424 ARP, Request who-has 192.168.2.12 tell 192.168.2.12, length 46
10:52:37.860065 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25 0
10:52:38.844434 ARP, Request who-has 192.168.2.12 tell 192.168.2.12, length 46
10:52:38.860057 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25 0
10:52:39.855108 IP 192.168.2.12 > all-routers.mcast.net: igmp leave 239.255.255. 250
10:52:39.855996 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25 0
10:52:39.922858 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:40.360088 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25 0
10:52:40.672603 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:41.360082 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25 0
10:52:41.422576 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:42.172603 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:42.922754 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:43.672628 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:44.422600 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:45.172603 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:45.922816 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:45.922950 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:46.672601 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:46.672634 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:47.422611 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:47.422647 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:48.172610 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:48.172645 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:48.923140 IP 192.168.2.12.netbios-dgm > 192.168.2.255.netbios-dgm: NBT UDP PACKET(138)
10:52:58.007521 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): QUERY; REQUEST; BROADCAST
10:52:58.750716 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): QUERY; REQUEST; BROADCAST
10:52:59.500712 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): QUERY; REQUEST; BROADCAST
# tcpdump -i vr0 host 192.168.2.12
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vr0, link-type EN10MB (Ethernet), capture size 96 bytes
10:52:34.574552 ARP, Request who-has 192.168.2.12 tell 192.168.2.12, length 46
10:52:34.575357 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25
0
10:52:34.844426 ARP, Request who-has 192.168.2.12 tell 192.168.2.12, length 46
10:52:35.360069 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25 0
10:52:35.844433 ARP, Request who-has 192.168.2.12 tell 192.168.2.12, length 46
10:52:36.360071 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25 0
10:52:36.859945 ARP, Request who-has 192.168.2.12 tell 192.168.2.12, length 46
10:52:36.862173 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25 0
10:52:37.844424 ARP, Request who-has 192.168.2.12 tell 192.168.2.12, length 46
10:52:37.860065 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25 0
10:52:38.844434 ARP, Request who-has 192.168.2.12 tell 192.168.2.12, length 46
10:52:38.860057 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25 0
10:52:39.855108 IP 192.168.2.12 > all-routers.mcast.net: igmp leave 239.255.255. 250
10:52:39.855996 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25 0
10:52:39.922858 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:40.360088 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25 0
10:52:40.672603 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:41.360082 IP 192.168.2.12 > 239.255.255.250 : igmp v2 report 239.255.255.25 0
10:52:41.422576 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:42.172603 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:42.922754 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:43.672628 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:44.422600 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:45.172603 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:45.922816 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:45.922950 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:46.672601 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:46.672634 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:47.422611 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:47.422647 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:48.172610 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:48.172645 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): REGISTRATION; REQUEST; BROADCAST
10:52:48.923140 IP 192.168.2.12.netbios-dgm > 192.168.2.255.netbios-dgm: NBT UDP PACKET(138)
10:52:58.007521 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): QUERY; REQUEST; BROADCAST
10:52:58.750716 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): QUERY; REQUEST; BROADCAST
10:52:59.500712 IP 192.168.2.12.netbios-ns > 192.168.2.255.netbios-ns: NBT UDP P ACKET(137): QUERY; REQUEST; BROADCAST
Подскажите что делаю не так?
Буду признателен за любые ответы.
