Хм... Вы не поверите. Вся фишка в ipfw. Вот скрипт с правилами:
Код:
#!/bin/sh
ipfw -q add 1 allow tcp from any to any 80,113 in
ipfw -q add 2 reset tcp from any to any 20,21 in
ipfw -q add 3 reset tcp from any to any 22 in
ipfw -q add 4 allow udp from any to any 22 in
ipfw -q add 50 deny tcp from any to any 1-1024 in
ipfw -q add 51 reset tcp from any to any 6000 in
ipfw -q add 52 drop udp from any to any 1-1024,6000 in
ipfw -q add 100 allow ip from any to any via lo0
ipfw -q add 200 deny ip from any to 127.0.0.0/8
ipfw -q add 300 deny ip from 127.0.0.0/8 to any
---
Знаете сообщение которое Гном выдаёт на старте, "мол, не могу найти такой то адресс, можно то-то исправить добавив то-то в /etc/hosts"??? Ну вот, он пытается видимо подключиться или просканить hostname. А файрвол не даёт данное сделать. =( Блин, но ppp тоже почему из-за файрвола не пашет. (Когда тот отключен - всё шикарно). Може т у меня глюки и надо просто систему переустановить, ведь раньше всё было нормлаьно??? =(
---
На всякий случай привожу тексты:
rc.conf
Код:
# -- sysinstall generated deltas -- # Thu Jan 5 23:51:47 2006
# Created: Thu Jan 5 23:51:47 2006
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
font8x16="koi8-rc-8x16"
allscreens_flags="VGA_80x30"
vidcontrol lightwhite black
vidcontrol -c destructive
linux_enable="YES"
mousechar_start="3"
moused_enable="YES"
moused_port="/dev/psm0"
moused_type="auto"
usbd_enable="YES"
inetd_enable="NO"
sendmail_enable="none"
firewall_enable="YES"
firewall_type="OPEN"
firewall_quiet="YES"
firewall_logging="NO"
firewall_script="/etc/ipfw_rules"
Моё ядро:
Код:
#SantaXP's KERNEL (Modification of YOHOHO for FreeBSD 6.0)
#05.01.2006
machine i386
cpu I686_CPU
maxusers 0
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
ident SANTAXPKERNEL
options PREEMPTION
options MAXDSIZ="(256*1024*1024)"
options MAXSSIZ="(256*1024*1024)"
options DFLDSIZ="(256*1024*1024)"
# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.
#options SCHED_ULE # ULE scheduler
options SCHED_4BSD # 4BSD scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
options INET6 # IPv6 communications protocols
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options MD_ROOT # MD is a potential root device
options NFSCLIENT # Network Filesystem Client
options NFSSERVER # Network Filesystem Server
options NFS_ROOT # NFS usable as /, requires NFSCLIENT
options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
options ADAPTIVE_GIANT # Giant mutex is adaptive.
device apic # I/O APIC
# Bus support.
device isa
device eisa
device pci
# Floppy drives
device fdc
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID # Static device numbering
# SCSI peripherals
device scbus # SCSI bus (required for SCSI)
device cd # CD
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device vga # VGA video card driver
device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
# Enable this for the pcvt (VT220 compatible) console driver
#device vt
#options XSERVER # support for X server on a vt console
#options FAT_CURSOR # start with block cursor
device agp # support several AGP chipsets
#device radeondrm # ATI Radeon - Fuck! Can't make kernel with
#this option!!!! =(
# Serial (COM) ports
device sio # 8250, 16[45]50 based serial ports
# Parallel port
device ppc
device ppbus # Parallel port bus (required)
device lpt # Printer
device plip # TCP/IP over parallel
device ppi # Parallel port interface device
#device vpo # Requires scbus and da
# If you've got a "dumb" serial or parallel PCI card that is
# supported by the puc(4) glue driver, uncomment the following
# line to enable it (connects to the sio and/or ppc drivers):
#device puc
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support - Without this kernel can't be maked!!!!!!
# ISA devices that use the old ISA shims
#device le
# Wireless NIC cards
device wlan # 802.11 support
# Pseudo devices.
device loop # Network loopback
device random # Entropy device
device ether # Ethernet support
device sl # Kernel SLIP
device ppp # Kernel PPP
device tun # Packet tunnel.
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
# USB support
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device ehci # EHCI PCI->USB interface (USB 2.0)
device usb # USB Bus (required)
#device udbp # USB Double Bulk Pipe devices
device ugen # Generic
device uhid # "Human Interface Devices"
device ukbd # Keyboard
device ulpt # Printer
device umass # Disks/Mass storage - Requires scbus and da
device ums # Mouse
#Firewall
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_DEFAULT_TO_ACCEPT
А вот sysctl.conf. С заштрихованными параметрами Гном тоже фурычить отказывается... =(
Код:
# $FreeBSD: src/etc/sysctl.conf,v 1.8 2003/03/13 18:43:50 mux Exp $
#
# This file is read when going to multi-user and its contents piped thru
# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details.
#
# Uncomment this to prevent users from seeing information about processes that
# are being run under another UID.
#security.bsd.see_other_uids=0
hw.snd.pcm0.vchans=4 #дМС РПДДЕТЦЛЙ НОПЗПЛБОБМШОПУФЙ ЪЧХЛБ
hw.snd.maxautovchans=4 #дМС РПДДЕТЦЛЙ НОПЗПЛБОБМШОПУФЙ ЪЧХЛБ
#net.inet.tcp.blackhole=1 #оЕ РПУЩМБЕФУППВЭЕОЙЕ ПВ ПЫЙВЛЕ РТЙ РПРЩФЛЕ
#РПДЛМАЮЕОЙС Л ЪБЛТЩФПНХ РПТФХ. ъБНЕДМСЕФ УЛБОЙТПЧБОЙЕ
#РПТФПЧ.
#net.inet.udp.blackhole=1 #фБЦЕ ФЕНБ ФПМШЛП У udp.
