Fortinet · Web viewFGT60C3G13027163 # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
FGT60C3G13027163 # sho firewall policy 2config firewall policy edit 2 set srcintf "internal" set dstintf "modem" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic disable set nat enable nextend
FGT60C3G13027163 # get router info routing-table allCodes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default
S* 0.0.0.0/0 [1/0] via 10.64.64.64, modemC 10.64.64.64/32 is directly connected, modemC 10.195.156.199/32 is directly connected, modemC 192.168.1.0/24 is directly connected, internal
FGT60C3G13027163 #FGT60C3G13027163 # diagnose sniffer packet any 'host 8.8.8.8' 4interfaces=[any]filters=[host 8.8.8.8]6.476906 internal in 192.168.1.110 -> 8.8.8.8: icmp: echo request6.477217 modem out 10.195.156.199 -> 8.8.8.8: icmp: echo request6.594701 modem in 8.8.8.8 -> 10.195.156.199: icmp: echo reply6.594958 internal out 8.8.8.8 -> 192.168.1.110: icmp: echo reply7.489471 internal in 192.168.1.110 -> 8.8.8.8: icmp: echo request7.489570 modem out 10.195.156.199 -> 8.8.8.8: icmp: echo request7.604699 modem in 8.8.8.8 -> 10.195.156.199: icmp: echo reply7.604875 internal out 8.8.8.8 -> 192.168.1.110: icmp: echo reply8.505198 internal in 192.168.1.110 -> 8.8.8.8: icmp: echo request8.505221 modem out 10.195.156.199 -> 8.8.8.8: icmp: echo request8.624693 modem in 8.8.8.8 -> 10.195.156.199: icmp: echo reply8.624860 internal out 8.8.8.8 -> 192.168.1.110: icmp: echo reply9.520865 internal in 192.168.1.110 -> 8.8.8.8: icmp: echo request------------------------------------------------------------------------------------------------------------------------------------------Fortinet公司 www.fortinet.com.cn
6
9.520972 modem out 10.195.156.199 -> 8.8.8.8: icmp: echo request9.634722 modem in 8.8.8.8 -> 10.195.156.199: icmp: echo reply9.634886 internal out 8.8.8.8 -> 192.168.1.110: icmp: echo reply
16 packets received by filter0 packets dropped by kernel
FGT60C3G13027163 # diagnose sys modem detect modem is attached.dialtone is detected.FGT60C3G13027163 #Modem手工拨号命令 exec modem dial 。Modem手工挂断命令 exec modem hangup 。The modem can only be manually controlled in standalone mode.
FGT60C3G13027163 # FGT60C3G13027163 # modemd: run_state_machine state 1(inactive)modemd: Dial-on-demand detected unrouted traffic - launch modemmodemd: Begin dialing: redials left = 99999modemd: dev=/dev/ttyusb0 tel=*99***1#modemd: modem state changed: 1(inactive) -> 2(dialing)chat: abort on (BUSY)chat: abort on (NO DIAL TONE)chat: abort on (NO DIALTONE)chat: abort on (NO ANSWER)chat: abort on (ERROR)chat: send (atz^M)chat: expect (OK)chat: atz^M^Mchat: OKchat: -- got it------------------------------------------------------------------------------------------------------------------------------------------Fortinet公司 www.fortinet.com.cn
7
chat: send (ath0^M)chat: abort on (NO CARRIER)chat: expect (OK)chat: ^Mchat: ath0^M^Mchat: OKchat: -- got it
chat: send (ats7=90^M)chat: timeout set to 90 secondschat: expect (OK)chat: ^Mchat: ats7=90^M^Mchat: OKchat: -- got it
chat: send (^M)modemd: modem_ppp_start:412 primarymodemd: run_state_machine state 2(dialing)lcp_reqci: returning CONFACK.lcp_up: with mtu 1500ipcp: returning Configure-NAKipcp: returning Configure-ACKipcp: up ppp:0x41004000 tun:(nil) ref 0Could not determine remote IP address: defaulting to 10.64.64.64Cannot determine ethernet address for proxy ARPlocal IP address 10.195.156.199remote IP address 10.64.64.64primary DNS address 221.130.33.60secondary DNS address 221.130.33.52modemd: primary PPP link is up.modemd: run_state_machine state 2(dialing)modemd: modem state changed: 2(dialing) -> 3(connected)modemd: run_state_machine state 3(connected)modemd: run_state_machine state 3(connected)
config system 3g-modem custom edit 1 set vendor "Huawei" set model "EC3372" set vendor-id 12d1 set product-id 1f01 set init-string "inquire=1 msg=55534243000000000000000000000011060000000000000000000000000000" next edit 2 set vendor "Huawei" set model "EC3372" set vendor-id 12d1 set product-id 1442 set class-id ff nextend
FGT60C3G13027163 # sho firewall policy 2config firewall policy edit 2 set srcintf "internal" set dstintf "modem" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic disable set nat enable nextend
FGT60C3G13027163 # diagnose ip address list IP=192.168.1.99->192.168.1.99/255.255.255.0 index=3 devname=internalIP=10.10.10.1->10.10.10.1/255.255.255.0 index=6 devname=dmzIP=10.160.36.100->10.64.64.64/255.255.255.255 index=12 devname=modemIP=127.0.0.1->127.0.0.1/255.0.0.0 index=13 devname=rootIP=127.0.0.1->127.0.0.1/255.0.0.0 index=15 devname=vsys_haIP=127.0.0.1->127.0.0.1/255.0.0.0 index=17 devname=vsys_fgfm
FGT60C3G13027163 #查看Modem接口获得的缺省路由。
FGT60C3G13027163 # get router info routing-table allCodes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default------------------------------------------------------------------------------------------------------------------------------------------Fortinet公司 www.fortinet.com.cn
12
S* 0.0.0.0/0 [1/0] via 10.64.64.64, modemC 10.64.64.64/32 is directly connected, modemC 10.160.36.100/32 is directly connected, modemC 192.168.1.0/24 is directly connected, internal
FGT60C3G13027163 # diagnose debug application modemd -1modemd: run_state_machine state 1(inactive)modemd: run_state_machine state 1(inactive)modemd: run_state_machine state 1(inactive)modemd: run_state_machine state 1(inactive)modemd: Dial-on-demand detected unrouted traffic - launch modemmodemd: Begin dialing: redials left = 99999modemd: dev=/dev/ttyusb0 tel=*99#modemd: modem state changed: 1(inactive) -> 2(dialing)chat: abort on (BUSY)chat: abort on (NO DIAL TONE)chat: abort on (NO DIALTONE)chat: abort on (NO ANSWER)chat: abort on (ERROR)chat: send (atz^M)chat: expect (OK)chat: atz^M^Mchat: OKchat: -- got it
chat: send (ath0^M)chat: abort on (NO CARRIER)chat: expect (OK)chat: ^Mchat: ath0^M^Mchat: OKchat: -- got it
chat: send (ats7=90^M)chat: timeout set to 90 seconds------------------------------------------------------------------------------------------------------------------------------------------Fortinet公司 www.fortinet.com.cn
13
chat: expect (OK)chat: ^Mchat: ats7=90^M^Mchat: OKchat: -- got it
chat: send (^M)modemd: modem_ppp_start:412 primarymodemd: run_state_machine state 2(dialing)lcp_reqci: returning CONFACK.lcp_up: with mtu 1400ipcp: returning Configure-NAKipcp: returning Configure-ACKipcp: up ppp:0x41004000 tun:(nil) ref 0Could not determine remote IP address: defaulting to 10.64.64.64Cannot determine ethernet address for proxy ARPlocal IP address 10.160.32.191remote IP address 10.64.64.64primary DNS address 219.141.136.10secondary DNS address 219.141.140.10modemd: primary PPP link is up.modemd: run_state_machine state 2(dialing)modemd: modem state changed: 2(dialing) -> 3(connected)modemd: run_state_machine state 3(connected)modemd: run_state_machine state 3(connected)modemd: run_state_machine state 3(connected)
FGT60C3G13027163 # FGT60C3G13027163 # modemd: run_state_machine state 3(connected)
FGT60C3G13027163 # modemd: run_state_machine state 3(connected)
FGT60C3G13027163 # diagnose ip amodemd: run_state_machine state 3(connected)ddress modemd: run_state_machine state 3(connected)list IP=192.168.1.99->192.168.1.99/255.255.255.0 index=3 devname=internalIP=10.10.10.1->10.10.10.1/255.255.255.0 index=6 devname=dmz------------------------------------------------------------------------------------------------------------------------------------------Fortinet公司 www.fortinet.com.cn