[Résolu] [DNS] ping: sendto: Permission denied

[titi_Nas4free]

Bonjour,

Je suis sur N4F depuis peu, et je rencontre un problème de droit pour utiliser le DNS.

Mon système
Version 9.3.0.2 - Nayla (revision 1480)
Plateforme OS FreeBSD Revision: 199506 FreeBSD 9.3-RELEASE-p13 #0 r282692M: Sun May 10 00:58:09 CEST 2015
Plateforme x64-full sur AMD Athlon(tm) Dual Core Processor 4450e
Système MSI MS-7369
Le système BIOSAmerican Megatrends Inc. version: V2.9 03/17/2009

Erreur rencontrée

Code: Select all

[titiN4F@nas4free ~]$ ping google.com
PING google.com (74.125.206.100): 56 data bytes
ping: sendto: Permission denied

Log du démarrage

• Oct 28 16:14:49 nas4free lighttpd[2283]: (log.c.164) server started
  Oct 28 16:14:48 nas4free mDNSResponderPosix: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 0000000800C30180 18.0.168.192.in-addr.arpa. (PTR) that's already in the list
  Oct 28 16:14:48 nas4free mDNSResponderPosix: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 0000000800C2FD60 nas4free.local. (Addr) that's already in the list
  Oct 28 16:14:48 nas4free kernel: pid 2065 (pdbedit), uid 0: exited on signal 11
  Oct 28 16:14:48 nas4free kernel: pid 2049 (pdbedit), uid 0: exited on signal 11
  Oct 28 16:14:47 nas4free proftpd[1997]: 192.168.0.18 - ProFTPD 1.3.5 (stable) (built Sun May 10 2015 09:33:36 CEST) standalone mode STARTUP
  Oct 28 16:14:45 nas4free kernel: Trying to mount root from ufs:/dev/ufsid/5560ee0913e4ae63 [rw]...
  Oct 28 16:14:45 nas4free kernel: SMP: AP CPU #1 Launched!
  Oct 28 16:14:45 nas4free kernel: ada0: Previously was known as ad6
  Oct 28 16:14:45 nas4free kernel: ada0: 238475MB (488397168 512 byte sectors: 16H 63S/T 16383C)
  Oct 28 16:14:45 nas4free kernel: ada0: Command Queueing enabled
  Oct 28 16:14:45 nas4free kernel: ada0: 300.000MB/s transfers (SATA 2.x, UDMA6, PIO 8192bytes)
  Oct 28 16:14:45 nas4free kernel: ada0: Serial Number 9VMMNMGG
  Oct 28 16:14:45 nas4free kernel: cd0: Attempt to query device size failed: NOT READY, Medium not present - tray closed
  Oct 28 16:14:45 nas4free kernel: cd0: 33.300MB/s transfers (UDMA2, ATAPI 12bytes, PIO 65534bytes)
  Oct 28 16:14:45 nas4free kernel: cd0: <TSSTcorp CD/DVDW SH-W162C TS12> Removable CD-ROM SCSI-0 device
  Oct 28 16:14:45 nas4free kernel: cd0 at ata0 bus 0 scbus0 target 1 lun 0
  Oct 28 16:14:45 nas4free kernel: ada0: <ST3250318AS CC38> ATA-8 SATA 2.x device
  Oct 28 16:14:45 nas4free kernel: ada0 at ahcich1 bus 0 scbus3 target 0 lun 0
  Oct 28 16:14:45 nas4free kernel: uhub1: 10 ports with 10 removable, self powered
  Oct 28 16:14:45 nas4free kernel: uhub0: 10 ports with 10 removable, self powered
  Oct 28 16:14:45 nas4free kernel: uhub1: <nVidia EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
  Oct 28 16:14:45 nas4free kernel: ugen1.1: <nVidia> at usbus1
  Oct 28 16:14:45 nas4free kernel: uhub0: <nVidia OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
  Oct 28 16:14:45 nas4free kernel: ugen0.1: <nVidia> at usbus0
  Oct 28 16:14:45 nas4free kernel: usbus1: 480Mbps High Speed USB v2.0
  Oct 28 16:14:45 nas4free kernel: usbus0: 12Mbps Full Speed USB v1.0
  Oct 28 16:14:45 nas4free kernel: xmd: default blocklen 32KB, compression LZ4/LZ4HC, level 6
  Oct 28 16:14:45 nas4free kernel: xmd version 0.4.4 by NAS4Free Project (experimental)
  Oct 28 16:14:45 nas4free kernel: pcm6: <NVIDIA GT21x (HDMI/DP 8ch)> at nid 5 on hdaa4
  Oct 28 16:14:45 nas4free kernel: hdaa4: <NVIDIA GT21x Audio Function Group> at nid 1 on hdacc4
  Oct 28 16:14:45 nas4free kernel: hdacc4: <NVIDIA GT21x HDA CODEC> at cad 3 on hdac1
  Oct 28 16:14:45 nas4free kernel: pcm5: <NVIDIA GT21x (HDMI/DP 8ch)> at nid 5 on hdaa3
  Oct 28 16:14:45 nas4free kernel: hdaa3: <NVIDIA GT21x Audio Function Group> at nid 1 on hdacc3
  Oct 28 16:14:45 nas4free kernel: hdacc3: <NVIDIA GT21x HDA CODEC> at cad 2 on hdac1
  Oct 28 16:14:45 nas4free kernel: pcm4: <NVIDIA GT21x (HDMI/DP 8ch)> at nid 5 on hdaa2
  Oct 28 16:14:45 nas4free kernel: hdaa2: <NVIDIA GT21x Audio Function Group> at nid 1 on hdacc2
  Oct 28 16:14:45 nas4free kernel: hdacc2: <NVIDIA GT21x HDA CODEC> at cad 1 on hdac1
  Oct 28 16:14:45 nas4free kernel: pcm3: <NVIDIA GT21x (HDMI/DP 8ch)> at nid 5 on hdaa1
  Oct 28 16:14:45 nas4free kernel: hdaa1: <NVIDIA GT21x Audio Function Group> at nid 1 on hdacc1
  Oct 28 16:14:45 nas4free kernel: hdacc1: <NVIDIA GT21x HDA CODEC> at cad 0 on hdac1
  Oct 28 16:14:45 nas4free kernel: pcm2: <Realtek ALC888 (Rear Digital)> at nid 30 on hdaa0
  Oct 28 16:14:45 nas4free kernel: pcm1: <Realtek ALC888 (Front Analog)> at nid 27 and 25 on hdaa0
  Oct 28 16:14:45 nas4free kernel: pcm0: <Realtek ALC888 (Rear Analog 7.1/2.0)> at nid 20,22,21,23 and 24,26 on hdaa0
  Oct 28 16:14:45 nas4free kernel: hdaa0: <Realtek ALC888 Audio Function Group> at nid 1 on hdacc0
  Oct 28 16:14:45 nas4free kernel: hdacc0: <Realtek ALC888 HDA CODEC> at cad 0 on hdac0
  Oct 28 16:14:45 nas4free kernel: iSCSI boot driver version 0.2.8
  Oct 28 16:14:45 nas4free kernel: ipfw2 (+ipv6) initialized, divert loadable, nat loadable, default to accept, logging disabled
  Oct 28 16:14:45 nas4free kernel: Timecounters tick every 1.000 msec
  Oct 28 16:14:45 nas4free kernel: ZFS storage pool version: features support (5000)
  Oct 28 16:14:45 nas4free kernel: ZFS filesystem version: 5
  Oct 28 16:14:45 nas4free kernel: device_attach: powernow1 attach returned 6
  Oct 28 16:14:45 nas4free kernel: powernow1: <PowerNow! K8> on cpu1
  Oct 28 16:14:45 nas4free kernel: device_attach: powernow0 attach returned 6
  Oct 28 16:14:45 nas4free kernel: powernow0: <PowerNow! K8> on cpu0
  Oct 28 16:14:45 nas4free kernel: ppc0: cannot reserve I/O port range
  Oct 28 16:14:45 nas4free kernel: vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
  Oct 28 16:14:45 nas4free kernel: sc0: VGA <16 virtual consoles, flags=0x300>
  Oct 28 16:14:45 nas4free kernel: sc0: <System console> at flags 0x100 on isa0
  Oct 28 16:14:45 nas4free kernel: orm0: <ISA Option ROM> at iomem 0xc0000-0xcdfff on isa0
  Oct 28 16:14:45 nas4free kernel: atkbd0: [GIANT-LOCKED]
  Oct 28 16:14:45 nas4free kernel: kbd0 at atkbd0
  Oct 28 16:14:45 nas4free kernel: atkbd0: <AT Keyboard> irq 1 on atkbdc0
  Oct 28 16:14:45 nas4free kernel: atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
  Oct 28 16:14:45 nas4free kernel: fdc0: <floppy drive controller (FDE)> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
  Oct 28 16:14:45 nas4free kernel: uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
  Oct 28 16:14:45 nas4free kernel: acpi_button0: <Power Button> on acpi0
  Oct 28 16:14:45 nas4free kernel: amdtemp0: <AMD CPU On-Die Thermal Sensors> on hostb3
  Oct 28 16:14:45 nas4free kernel: pci5: <ACPI PCI bus> on pcib5
  Oct 28 16:14:45 nas4free kernel: pcib5: <ACPI PCI-PCI bridge> at device 14.0 on pci0
  Oct 28 16:14:45 nas4free kernel: hdac1: <NVIDIA (0x0be3) HDA Controller> mem 0xfeb7c000-0xfeb7ffff irq 18 at device 0.1 on pci4
  Oct 28 16:14:45 nas4free kernel: vgapci0: Boot video device
  Oct 28 16:14:45 nas4free kernel: vgapci0: <VGA-compatible display> port 0xec00-0xec7f mem 0xfd000000-0xfdffffff,0xd0000000-0xdfffffff,0xce000000-0xcfffffff irq 19 at device 0.0 on pci4
  Oct 28 16:14:45 nas4free kernel: pci4: <ACPI PCI bus> on pcib4
  Oct 28 16:14:45 nas4free kernel: pcib4: <ACPI PCI-PCI bridge> at device 13.0 on pci0
  Oct 28 16:14:45 nas4free kernel: re1: Ethernet address: 00:21:85:09:18:c6
  Oct 28 16:14:45 nas4free kernel: rgephy1: none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
  Oct 28 16:14:45 nas4free kernel: rgephy1: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on miibus1
  Oct 28 16:14:45 nas4free kernel: miibus1: <MII bus> on re1
  Oct 28 16:14:45 nas4free kernel: re1: MAC rev. 0x00000000
  Oct 28 16:14:45 nas4free kernel: re1: Chip rev. 0x38000000
  Oct 28 16:14:45 nas4free kernel: re1: Using 1 MSI message
  Oct 28 16:14:45 nas4free kernel: re1: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet> port 0xd800-0xd8ff mem 0xfcfff000-0xfcffffff irq 18 at device 0.0 on pci3
  Oct 28 16:14:45 nas4free kernel: pci3: <ACPI PCI bus> on pcib3
  Oct 28 16:14:45 nas4free kernel: pcib3: <ACPI PCI-PCI bridge> at device 12.0 on pci0
  Oct 28 16:14:45 nas4free kernel: pci2: <ACPI PCI bus> on pcib2
  Oct 28 16:14:45 nas4free kernel: pcib2: <ACPI PCI-PCI bridge> at device 11.0 on pci0
  Oct 28 16:14:45 nas4free kernel: ahcich3: <AHCI channel> at channel 3 on ahci0
  Oct 28 16:14:45 nas4free kernel: ahcich2: <AHCI channel> at channel 2 on ahci0
  Oct 28 16:14:45 nas4free kernel: ahcich1: <AHCI channel> at channel 1 on ahci0
  Oct 28 16:14:45 nas4free kernel: ahcich0: <AHCI channel> at channel 0 on ahci0
  Oct 28 16:14:45 nas4free kernel: ahci0: quirks=0x200<NOAA>
  Oct 28 16:14:45 nas4free kernel: ahci0: AHCI v1.10 with 4 3Gbps ports, Port Multiplier supported
  Oct 28 16:14:45 nas4free kernel: ahci0: <NVIDIA MCP65 AHCI SATA controller> port 0xf80-0xf87,0xf00-0xf03,0xe80-0xe87,0xe00-0xe03,0xa800-0xa80f mem 0xfcdfc000-0xfcdfdfff irq 20 at device 10.0 on pci0
  Oct 28 16:14:45 nas4free kernel: ata1: <ATA channel> at channel 1 on atapci0
  Oct 28 16:14:45 nas4free kernel: ata0: <ATA channel> at channel 0 on atapci0
  Oct 28 16:14:45 nas4free kernel: atapci0: <nVidia nForce MCP65 UDMA133 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 9.0 on pci0
  Oct 28 16:14:45 nas4free kernel: re0: Ethernet address: 70:62:b8:a5:2f:1b
  Oct 28 16:14:45 nas4free kernel: rgephy0: none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
  Oct 28 16:14:45 nas4free kernel: rgephy0: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on miibus0
  Oct 28 16:14:45 nas4free kernel: miibus0: <MII bus> on re0
  Oct 28 16:14:45 nas4free kernel: re0: MAC rev. 0x00000000
  Oct 28 16:14:45 nas4free kernel: re0: Chip rev. 0x10000000
  Oct 28 16:14:45 nas4free kernel: re0: <D-Link DGE-528(T) Gigabit Ethernet Adapter> port 0xc800-0xc8ff mem 0xfceff400-0xfceff4ff irq 17 at device 10.0 on pci1
  Oct 28 16:14:45 nas4free kernel: pci1: <multimedia> at device 9.0 (no driver attached)
  Oct 28 16:14:45 nas4free kernel: pci1: <ACPI PCI bus> on pcib1
  Oct 28 16:14:45 nas4free kernel: pcib1: <ACPI PCI-PCI bridge> at device 8.0 on pci0
  Oct 28 16:14:45 nas4free kernel: hdac0: <NVIDIA MCP65 HDA Controller> mem 0xfcdf8000-0xfcdfbfff irq 23 at device 7.0 on pci0
  Oct 28 16:14:45 nas4free kernel: usbus1 on ehci0
  Oct 28 16:14:45 nas4free kernel: usbus1: EHCI version 1.0
  Oct 28 16:14:45 nas4free kernel: ehci0: <EHCI (generic) USB 2.0 controller> mem 0xfcdfec00-0xfcdfecff irq 22 at device 2.1 on pci0
  Oct 28 16:14:45 nas4free kernel: usbus0 on ohci0
  Oct 28 16:14:45 nas4free kernel: ohci0: <OHCI (generic) USB controller> mem 0xfcdff000-0xfcdfffff irq 21 at device 2.0 on pci0
  Oct 28 16:14:45 nas4free kernel: pci0: <memory, RAM> at device 1.2 (no driver attached)
  Oct 28 16:14:45 nas4free kernel: isa0: <ISA bus> on isab0
  Oct 28 16:14:45 nas4free kernel: isab0: <PCI-ISA bridge> port 0x2f00-0x2fff at device 1.0 on pci0
  Oct 28 16:14:45 nas4free kernel: pci0: <memory, RAM> at device 0.0 (no driver attached)
  Oct 28 16:14:45 nas4free kernel: pci0: <ACPI PCI bus> on pcib0
  Oct 28 16:14:45 nas4free kernel: pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
  Oct 28 16:14:45 nas4free kernel: acpi_timer0: <24-bit timer at 3.579545MHz> port 0x2008-0x200b on acpi0
  Oct 28 16:14:45 nas4free kernel: Timecounter "ACPI-safe" frequency 3579545 Hz quality 850
  Oct 28 16:14:45 nas4free kernel: Event timer "RTC" frequency 32768 Hz quality 0
  Oct 28 16:14:45 nas4free kernel: atrtc0: <AT realtime clock> port 0x70-0x71 irq 8 on acpi0
  Oct 28 16:14:45 nas4free kernel: Event timer "i8254" frequency 1193182 Hz quality 100
  Oct 28 16:14:45 nas4free kernel: Timecounter "i8254" frequency 1193182 Hz quality 0
  Oct 28 16:14:45 nas4free kernel: attimer0: <AT timer> port 0x40-0x43 irq 0 on acpi0
  Oct 28 16:14:45 nas4free kernel: cpu1: <ACPI CPU> on acpi0
  Oct 28 16:14:45 nas4free kernel: cpu0: <ACPI CPU> on acpi0
  Oct 28 16:14:45 nas4free kernel: acpi0: reservation of 100000, cdf00000 (3) failed
  Oct 28 16:14:45 nas4free kernel: acpi0: reservation of 0, a0000 (3) failed
  Oct 28 16:14:45 nas4free kernel: acpi0: reservation of fec00000, fed40000 (3) failed
  Oct 28 16:14:45 nas4free kernel: acpi0: Power Button (fixed)
  Oct 28 16:14:45 nas4free kernel: acpi0: <031709 RSDT0823> on motherboard
  Oct 28 16:14:45 nas4free kernel: cryptosoft0: <software crypto> on motherboard
  Oct 28 16:14:45 nas4free kernel: kbd1 at kbdmux0
  Oct 28 16:14:45 nas4free kernel: ioapic0 <Version 1.1> irqs 0-23 on motherboard
  Oct 28 16:14:45 nas4free kernel: WARNING: VIMAGE (virtualized network stack) is a highly experimental feature.
  Oct 28 16:14:45 nas4free kernel: cpu1 (AP): APIC ID: 1
  Oct 28 16:14:45 nas4free kernel: cpu0 (BSP): APIC ID: 0
  Oct 28 16:14:45 nas4free kernel: FreeBSD/SMP: 1 package(s) x 2 core(s)
  Oct 28 16:14:45 nas4free kernel: FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
  Oct 28 16:14:45 nas4free kernel: ACPI APIC Table: <031709 APIC0823>
  Oct 28 16:14:45 nas4free kernel: Event timer "LAPIC" quality 400
  Oct 28 16:14:45 nas4free kernel: avail memory = 5121990656 (4884 MB)
  Oct 28 16:14:45 nas4free kernel: real memory = 5368709120 (5120 MB)
  Oct 28 16:14:45 nas4free kernel: AMD Features2=0x11f<LAHF,CMP,SVM,ExtAPIC,CR8,Prefetch>
  Oct 28 16:14:45 nas4free kernel: AMD Features=0xea500800<SYSCALL,NX,MMX+,FFXSR,RDTSCP,LM,3DNow!+,3DNow!>
  Oct 28 16:14:45 nas4free kernel: Features2=0x2001<SSE3,CX16>
  Oct 28 16:14:45 nas4free kernel: Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
  Oct 28 16:14:45 nas4free kernel: Origin = "AuthenticAMD" Id = 0x60fb2 Family = 0xf Model = 0x6b Stepping = 2
  Oct 28 16:14:45 nas4free kernel: CPU: AMD Athlon(tm) Dual Core Processor 4450e (2288.40-MHz K8-class CPU)
  Oct 28 16:14:45 nas4free kernel: gcc version 4.2.1 20070831 patched [FreeBSD]
  Oct 28 16:14:45 nas4free kernel: root@dev.nas4free.org:/usr/obj/nas4free/usr/src/sys/NAS4FREE-amd64 amd64
  Oct 28 16:14:45 nas4free kernel: FreeBSD 9.3-RELEASE-p13 #0 r282692M: Sun May 10 00:58:09 CEST 2015
  Oct 28 16:14:45 nas4free kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
  Oct 28 16:14:45 nas4free kernel: The Regents of the University of California. All rights reserved.
  Oct 28 16:14:45 nas4free kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
  Oct 28 16:14:45 nas4free kernel: Copyright (c) 1992-2014 The FreeBSD Project.
  Oct 28 16:14:45 nas4free kernel: Uptime: 11m35s
  Oct 28 16:14:45 nas4free kernel: All buffers synced.
  Oct 28 16:14:45 nas4free kernel: Syncing disks, vnodes remaining...7 5 4 2 1 1 0 done
  Oct 28 16:14:45 nas4free kernel: Waiting (max 60 seconds) for system process `syncer' to stop...
  Oct 28 16:14:45 nas4free kernel: Waiting (max 60 seconds) for system process `bufdaemon' to stop...done
  Oct 28 16:14:45 nas4free kernel: Waiting (max 60 seconds) for system process `vnlru' to stop...done
  Oct 28 16:14:45 nas4free syslogd: kernel boot file is /boot/kernel/kernel
  Oct 28 16:12:34 nas4free syslogd: exiting on signal 15

Ports du système

Code: Select all

[titiN4F@nas4free ~]$ sockstat -4 -l
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
root     fuppesd    2392  6  tcp4   192.168.0.18:49152    *:*
root     fuppesd    2392  7  udp4   *:1900                *:*
root     lighttpd   2283  4  tcp4   192.168.0.18:80       *:*
root     mDNSRespon 2193  3  udp4   *:60019               *:*
root     mDNSRespon 2193  5  udp4   *:5353                *:*
root     sshd       2100  5  tcp4   *:22                  *:*
nobody   proftpd    1997  0  tcp4 6 *:21                  *:*
transmission transmissi1885 7 udp4  *:*                   *:*
transmission transmissi1885 8 udp4  *:*                   *:*
transmission transmissi1885 9 tcp4  *:9091                *:*
transmission transmissi1885 10 tcp4 *:51413               *:*
transmission transmissi1885 12 udp4 *:51413               *:*

Règles du FW

• ${fwcmd} add allow all from 192.168.0.0/24 to 192.168.0.0/24 via re0
  ${fwcmd} add allow udp from any to any 53 out
  ${fwcmd} add allow all from any 53 to any in
  ${fwcmd} add allow log udp from any to any 1194 out
  ${fwcmd} add allow log udp from any to any 1195 out
  ${fwcmd} add allow log udp from any to any 1196 out
  ${fwcmd} add allow log udp from any to any 1197 out
  ${fwcmd} add allow log udp from any to any 1198 out
  ${fwcmd} add allow log udp from any to any 1199 out
  ${fwcmd} add allow log udp from any to any 1200 out
  ${fwcmd} add allow log udp from any to any 1201 out
  ${fwcmd} add allow log udp from any to any 1202 out
  ${fwcmd} add allow log udp from any to any 1203 out
  ${fwcmd} add allow log udp from any to any 1204 out
  ${fwcmd} add allow log udp from any to any 1205 out
  ${fwcmd} add allow log udp from any to any 1206 out
  ${fwcmd} add allow log udp from any to any 1207 out
  ${fwcmd} add allow log udp from any to any 1208 out
  ${fwcmd} add allow log udp from any to any 1209 out
  ${fwcmd} add allow all from any 1194 to any in
  ${fwcmd} add allow all from any 1195 to any in
  ${fwcmd} add allow all from any 1196 to any in
  ${fwcmd} add allow all from any 1197 to any in
  ${fwcmd} add allow all from any 1198 to any in
  ${fwcmd} add allow all from any 1199 to any in
  ${fwcmd} add allow all from any 1200 to any in
  ${fwcmd} add allow all from any 1201 to any in
  ${fwcmd} add allow all from any 1202 to any in
  ${fwcmd} add allow all from any 1203 to any in
  ${fwcmd} add allow all from any 1204 to any in
  ${fwcmd} add allow all from any 1205 to any in
  ${fwcmd} add allow all from any 1206 to any in
  ${fwcmd} add allow all from any 1207 to any in
  ${fwcmd} add allow all from any 1208 to any in
  ${fwcmd} add allow all from any 1209 to any in
  ${fwcmd} add allow all from 104.223.34.0/24,46.246.4.0/23,46.246.6.0/23,46.246.12.0/23,46.246.14.0/23,46.246.26.0/23,46.246.80.0/23,46.246.82.0/23,46.246.84.0/23,46.246.86.0/23,178.73.192.0/23,178.73.218.0/23,188.126.90.0/23,2a00:1a28:1550::/48,2a00:1a28:1551::/48,2a00:1a28:1552::/48,2a00:1a28:1553::/48,2a00:1a28:1554::/48,2a00:1a28:1555::/48,2a00:1a28:1556::/48,2a00:1a28:1557::/48,2a00:1a28:1558::/48,2a00:1a28:1559::/48,2a00:1a28:155a::/48,2a00:1a28:155b::/48,46.246.2.0/23,46.246.9.0/24,46.246.10.0/24,46.246.11.0/24,46.246.72.0/22,46.246.76.0/22,46.246.112.0/22,178.73.220.0/22,46.246.87.193/22,46.246.87.193/23,46.246.87.193/24,46.246.87.193/25,46.246.87.193/26,46.246.87.193/27,46.246.87.193/48,178.73.195.109/22,178.73.195.109/23,178.73.195.109/24,178.73.195.109/48,178.73.195.109/25,178.73.195.109/26,178.73.195.109/27 to any in
  ${fwcmd} add allow all from any to 104.223.34.0/24,46.246.4.0/23,46.246.6.0/23,46.246.12.0/23,46.246.14.0/23,46.246.26.0/23,46.246.80.0/23,46.246.82.0/23,46.246.84.0/23,46.246.86.0/23,178.73.192.0/23,178.73.218.0/23,188.126.90.0/23,2a00:1a28:1550::/48,2a00:1a28:1551::/48,2a00:1a28:1552::/48,2a00:1a28:1553::/48,2a00:1a28:1554::/48,2a00:1a28:1555::/48,2a00:1a28:1556::/48,2a00:1a28:1557::/48,2a00:1a28:1558::/48,2a00:1a28:1559::/48,2a00:1a28:155a::/48,2a00:1a28:155b::/48,46.246.2.0/23,46.246.9.0/24,46.246.10.0/24,46.246.11.0/24,46.246.72.0/22,46.246.76.0/22,46.246.112.0/22,178.73.220.0/22,46.246.87.193/22,46.246.87.193/23,46.246.87.193/24,46.246.87.193/25,46.246.87.193/26,46.246.87.193/27,46.246.87.193/48,178.73.195.109/22,178.73.195.109/23,178.73.195.109/24,178.73.195.109/48,178.73.195.109/25,178.73.195.109/26,178.73.195.109/27 in
  ${fwcmd} add allow all from 104.223.34.0/24,46.246.4.0/23,46.246.6.0/23,46.246.12.0/23,46.246.14.0/23,46.246.26.0/23,46.246.80.0/23,46.246.82.0/23,46.246.84.0/23,46.246.86.0/23,178.73.192.0/23,178.73.218.0/23,188.126.90.0/23,2a00:1a28:1550::/48,2a00:1a28:1551::/48,2a00:1a28:1552::/48,2a00:1a28:1553::/48,2a00:1a28:1554::/48,2a00:1a28:1555::/48,2a00:1a28:1556::/48,2a00:1a28:1557::/48,2a00:1a28:1558::/48,2a00:1a28:1559::/48,2a00:1a28:155a::/48,2a00:1a28:155b::/48,46.246.2.0/23,46.246.9.0/24,46.246.10.0/24,46.246.11.0/24,46.246.72.0/22,46.246.76.0/22,46.246.112.0/22,178.73.220.0/22,46.246.87.193/22,46.246.87.193/23,46.246.87.193/24,46.246.87.193/25,46.246.87.193/26,46.246.87.193/27,46.246.87.193/48,178.73.195.109/22,178.73.195.109/23,178.73.195.109/24,178.73.195.109/48,178.73.195.109/25,178.73.195.109/26,178.73.195.109/27 to any out
  ${fwcmd} add allow all from any to 104.223.34.0/24,46.246.4.0/23,46.246.6.0/23,46.246.12.0/23,46.246.14.0/23,46.246.26.0/23,46.246.80.0/23,46.246.82.0/23,46.246.84.0/23,46.246.86.0/23,178.73.192.0/23,178.73.218.0/23,188.126.90.0/23,2a00:1a28:1550::/48,2a00:1a28:1551::/48,2a00:1a28:1552::/48,2a00:1a28:1553::/48,2a00:1a28:1554::/48,2a00:1a28:1555::/48,2a00:1a28:1556::/48,2a00:1a28:1557::/48,2a00:1a28:1558::/48,2a00:1a28:1559::/48,2a00:1a28:155a::/48,2a00:1a28:155b::/48,46.246.2.0/23,46.246.9.0/24,46.246.10.0/24,46.246.11.0/24,46.246.72.0/22,46.246.76.0/22,46.246.112.0/22,178.73.220.0/22,46.246.87.193/22,46.246.87.193/23,46.246.87.193/24,46.246.87.193/25,46.246.87.193/26,46.246.87.193/27,46.246.87.193/48,178.73.195.109/22,178.73.195.109/23,178.73.195.109/24,178.73.195.109/48,178.73.195.109/25,178.73.195.109/26,178.73.195.109/27 out
  ${fwcmd} add allow all from 192.168.0.0/24 to 224.0.0.1
  ${fwcmd} add allow all from 192.168.0.0/24 to 224.0.0.251
  ${fwcmd} add allow udp from 192.168.0.0/24 to 255.255.255.255 in
  ${fwcmd} add allow udp from 0.0.0.0 to 255.255.255.255 in
  ${fwcmd} add allow log udp from any 5353 to any in
  ${fwcmd} add allow udp from any to any 5353 out
  ${fwcmd} add allow udp from any 60019 to any in
  ${fwcmd} add allow udp from any to any 60019 out
  ${fwcmd} add deny all from any to any
  ${fwcmd} add deny log tcp from any to any 21 in
  ${fwcmd} add deny log tcp from any to any 22 in setup keep-state
  ${fwcmd} add deny log tcp from any to any 113 in

Configuration pf

Code: Select all

nas4free: /mnt #  sysctl -a | grep forward
kern.smp.forward_signal_enabled: 1
net.inet.ip.forwarding: 0
net.inet.ip.fastforwarding: 0
net.inet6.ip6.forwarding: 0
net.wlan.hwmp.replyforward: 1

Merci pour votre aide. Si vous avez besoin d'un complément, je vous le fournirai.

[laster13]

Bonsoir,

Réseau|Gestion du LAN /passerelle.... t as bien l'IP de ta box?

[titi_Nas4free]

Bonsoir,

Oui, en complément : quand je désactive le PF, je n'ai plus de problème de DNS, j'ai toujours le message d'erreur DNSResponderPosix: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 0000000800C30180 18.0.168.192.in-addr.arpa. (PTR) that's already in the list qui semble alors secondaire.

[laster13]

Tas activé l ipv6?

[titi_Nas4free]

Non

[laster13]

Tu as installé openvpn?

[titi_Nas4free]

Oui, il est installé mais je le démarre manuellement. Il n'est pas démarré pour les logs que j'ai fournies.

[laster13]

Pourquoi toutes ces règles parefeu?

[laster13]

Je vois que tu utilses le port 1194 donc probablement "mullvad"

Un exemple de parefeu que tu pourrais utiliser



1) c'est pour permettre le traffic local
2) c est pour les connexions dns a travers le port 53
3) c est le port de mullvad
4) c est le tunnel dans lequel va s effectuer ton traffic internet, comme les telechargements
5) c est pour le multicast connection pour permettre des services comme "bonjour"
6) c est pour le dhcp si tu t en sers
7) on refuse toutes les autres connections

Tu peux rajouter des règles notamment pour le ftp port 21 ou autres. C'est un exemple, à toi de l'adapter

[titi_Nas4free]

Pour Mulvad, je ne sais pas. J'ai ouvert les ports du fichier openvpn.conf (de 1194 à 1209) fourni par le fournisseur de VPN. Ces ports sont utilisés pour tous les VPN. OpenVPN n'est de toute façon pas activé. Merci quand même pour le mal que tu t'es donné

Dans l'exemple que tu donnes, pour le DNS, il a ouvert le port 53 ; je l'ai fait aussi si tu regardes les règles du PF de mon premier poste. J'y ai même ajouté les ports 5353 et 60019.

En fait, je n'ai pas vraiment de problème DNS car l'adresse IP de google.fr est bien résolue. Il me manque quelque chose dans le PF ou autre.

[titi_Nas4free]

Pourquoi toutes ces règles parefeu?

Je n'avais pas vu ton poste.
Il n'y a pas beaucoup de règles. C'est juste que mon fournisseur de VPN peut utiliser toutes ces adresses IP. Du coup, pour autoriser le traffic, je les mets toutes par précaution. Pour les ports : cf. post précédent.

Voici l'erreur de réponse au ping lorsque OpenVPN est activé :

Code: Select all

nas4free: /DLTMP # ping google.fr
ping: cannot resolve google.fr: Host name lookup failure

J'ai trouvé la page dont tu as extrait les règles. Ils disent :

Head back to your SSH window and try to ping www.google.com again, first with OpenVPN running, and then after you’ve killed OpenVPN as described in step four. The ping should work correctly when OpenVPN is running, and return errors when OpenVPN isn’t running. Again, if it doesn’t work correctly, you may have to fiddle with some settings until you get it right.

[titi_Nas4free]

Pour info, le résultat de la commande

Code: Select all

# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
0.0.0.0/1          188.126.90.193     UGS         0      171   tun0 =>
default            192.168.0.254      UGS         0    30771    re0
127.0.0.1          link#6             UH          0       21    lo0
128.0.0.0/1        188.126.90.193     UGS         0      214   tun0
178.73.195.105/32  192.168.0.254      UGS         0      386    re0
188.126.90.192/27  188.126.90.197     US          0        0   tun0
188.126.90.193     link#7             UH          0        0   tun0
188.126.90.197     link#7             UHS         0        0    lo0
192.168.0.0/24     link#3             U           0     7540    re0
192.168.0.18       link#3             UHS         0        0    lo0
239.0.0.0/8        70:62:b8:a5:2f:1b  US          0      764    re0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::1                               link#6                        UH          lo0
2000::/3                          tun0                          US         tun0
2a00:1a28:1557:6::/64             link#7                        U          tun0
2a00:1a28:1557:6::1003            link#7                        UHS         lo0
fe80::%lo0/64                     link#6                        U           lo0
fe80::1%lo0                       link#6                        UHS         lo0
fe80::%tun0/64                    link#7                        U          tun0
fe80::7262:b8ff:fea5:2f1b%tun0    link#7                        UHS         lo0
ff01::%lo0/32                     ::1                           U           lo0
ff01::%tun0/32                    fe80::7262:b8ff:fea5:2f1b%tun0 U          tun0
ff02::%lo0/32                     ::1                           U           lo0
ff02::%tun0/32                    fe80::7262:b8ff:fea5:2f1b%tun0 U          tun0

Au passage, pourquoi j'ai de l'IPv6 alors que je ne l'ai pas activée ? Tu sais ?

[laster13]

Ce que je ne comprends pas... Tu dis que le service openvpn n est pas lance, hors l'interface tun0 ne se créé que lorsque le vpn est activé. Alors peut être que je me trompe mais j ai l'impression que tu fais passer ton traffic internet ds le tunnel réservé à openvpn sauf que le service n est pas lancé.

Il serait peut être temps que je te demande ce que tu souhaites mettre en place pour mieux comprendre

[titi_Nas4free]

Je l'ai activé entre-temps (2 posts plus haut) par rapport à cette phrase :

Head back to your SSH window and try to ping http://www.google.com again, first with OpenVPN running, and then after you’ve killed OpenVPN as described in step four. The ping should work correctly when OpenVPN is running, and return errors when OpenVPN isn’t running. Again, if it doesn’t work correctly, you may have to fiddle with some settings until you get it right.

Pour mon cas, qu'openVPN soit "running" ou pas j'ai une erreur de réponse au ping :
"Permission Denied" quand VPN OFF et PF ON
"ping: cannot resolve google.fr: Host name lookup failure" quand VPN ON et PF ON


Mais quand j'enlève le PF, pas de problème de réponse au ping.

Sinon, je veux juste que ça marche
Je fais appel à vous car je ne maîtrise pas tout.

Code: Select all

nas4free: /DLTMP # sockstat -4 -l
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
root     openvpn    2763  5  udp4   *:29360               *:*
root     fuppesd    2334  6  tcp4   192.168.0.18:49152    *:*
root     fuppesd    2334  7  udp4   *:1900                *:*
root     lighttpd   2225  4  tcp4   192.168.0.18:80       *:*
root     mDNSRespon 2135  3  udp4   *:63624               *:*
root     mDNSRespon 2135  5  udp4   *:5353                *:*
root     sshd       2042  5  tcp4   *:22                  *:*
nobody   proftpd    1939  0  tcp4 6 *:21                  *:*
transmission transmissi1827 7 udp4  *:*                   *:*
transmission transmissi1827 8 udp4  *:*                   *:*
transmission transmissi1827 9 tcp4  *:9091                *:*
transmission transmissi1827 10 tcp4 *:51413               *:*
transmission transmissi1827 12 udp4 *:51413               *:*

[laster13]

Peut être serait il bon de reprendre toutes tes règles puisque visiblement c'est ton Firewall qui bloque.
Le mieux tu établis tes règles pour le local et tu bloques tout le reste. Ensuite progressivement tu rajoutes tes règles en testant systématiquement. Pour le VPN je te conseille de le configurer comme sur le screen. Sans vouloir faire de la pub pour Mullvad, il fonctionne très bien et a bonne presse d'autant que c'est un véritable vpn suédois à 5 euros par mois. Demande à lulu80 il l'utilise et à priori il en est satisfait. D'ailleurs le screen fait parti d'un tuto avec mullvad.

[titi_Nas4free]

Salut,

Merci pour ta réponse.

Oui je vais tester les règles. MAis je pense qu'elles sont bonnes, et qu'il en manque une. Je verrai bien.

J'utilise depuis longtemps frootvpn à 4 euros par mois, VPN suédois aussi.

[titi_Nas4free]

Bonsoir,

J'ai refait les règles en fin d'après-midi et ça ne change rien.
Du coup j'ai désactivé le PF et ça ne marche pas non plus finalement, même avec le PF coupé.

Code: Select all

 nas4free: ~# ping google.fr
ping: cannot resolve google.fr: Host name lookup failure

[laster13]

Si tu n'as pas d'accés internet c'est probablement tes DNS. Tu peux faire un screen de ces deux écrans stp?
Système|Configuration générale
Réseau|Gestion du LAN

[titi_Nas4free]

Bonjour,

Les deux screens :

[laster13]

Dans serveur DNS ipv4 tu mets l'adresse de ta box uniquement soit 192.168.0.254 et le problème devrait être réglé

[titi_Nas4free]

Ok, je les ai changés dans /etc/resolv.conf, ça reboot.
=> KO mais ça n'a pas pris en compte la modif... Le fichier resolv.conf a été rétabli avec les anciens DNS après le reboot

[laster13]

C'est normal il faut les modifier non pas dans etc/resolv.conf mais dans l'interface graphique de Nas4free
Système|Configuration générale
Serveurs DNS IPv4

Tu enlèves les dns de free et tu mets juste 192.168.0.254

[titi_Nas4free]

Ce n'est pas une zone modifiable ^^

[laster13]

c'est parce que tu es en DHCP mets toi en static dans Réseau|Gestion du LAN

[titi_Nas4free]

En cours de reboot

Code: Select all

 nas4free: ~# ping google.fr
ping: cannot resolve google.fr: Host name lookup failure

Code: Select all

openvpn[2394]: RESOLVE: Cannot resolve host address: se-openvpn.frootvpn.com: hostname nor servname provided, or not known

Avant je n'avais pas ce message d'erreur.

[titi_Nas4free]

Bon, ce que j'ai fait ...
J'ai mis d'autres DNS. J'ai démarré openvpn et je peux pinger...

Code: Select all

 nas4free: ~# ping google.fr
PING google.fr (173.194.44.47): 56 data bytes
64 bytes from 173.194.44.47: icmp_seq=0 ttl=52 time=103.491 ms
64 bytes from 173.194.44.47: icmp_seq=1 ttl=52 time=104.834 ms

Ca veut dire que Free n'accepte pas d'IP utilisant ses DNS si celle-ci ne correspond pas à une assignée par free ? Sur windows, en tous les cas, je n'ai aps eu ce souci en conservant les DNS par défaut. Mais bon, ce n'est pas le même protocole.

Je vérifie la suite.

Code: Select all

 nas4free: ~# curl ifconfig.me
curl: (7) Failed to connect to ifconfig.me port 80: Operation timed out

Résolu par (http://stackoverflow.com/questions/2295 ... st-port-80)

Code: Select all

 nas4free: ~# curl --ipv4 ifconfig.me
xx.246.xx.73

Côté Torrent c'est bon : Success avec une IP différente de celle de free.

Code: Select all

 	transmission-daemon[1979]: checkMyTorrentIp.png Tracker error: "Success, Your torrent client IP is: xx.246.xx.73" (torrent.c:580)

Y a ça mais je ne sais pas ce que c'est comme ordi distant

Code: Select all

lighttpd[2189]: (connections.c.137) (warning) close: 9 Connection reset by peer

[titi_Nas4free]

Tout à l'air stable et fonctionnel, ici en Suède
Bon au final, c'était bien un problème de DNS.

@laster13 : merci pour ton aide.

J'ai bien pris note de ton avertissement concernant un éventuel accès depuis l'extérieur. Le VPN dans le NAS n'est qu'une solution temporaire. Le VPN sera placé dans le routeur par la suite afin d'anonymiser tous les flux. A priori, je ne souhaite pas de toute façon accéder au NAS depuis l'extérieur. Ca me parait être en plein hiver et vouloir garder une fenêtre ouverte

Bon maintenant je vais me battre avec ma box V5 qui voit bien les répertoires de fichier du NAS mais qui ne voit pas les fichiers. Elle les a vu pendant un moment puis plus rien depuis Les PCs les voient très bien par contre.