Код: Выделить всё
freeserv# ipfw -f add 620 fwd 192.168.0.8,3128 tcp from any to any http in via rl0
ipfw: getsockopt(IP_FW_ADD): Invalid argument
ЗЫ кстати - еще по статье http://www.lissyara.su/?id=1134 часть закоментирована, так как не заворачивает траффик на подсчет, а ваще отрубает систему от всех сетей
Полный листинг:
Код: Выделить всё
freeserv# cat /etc/rc.firewall
#!/bin/sh
fwcmd="/sbin/ipfw -f"
if_out="rl0"
if_loc1="fxp0"
ip_loc1="192.168.0.8"
net_loc1="192.168.0.0"
mask_loc="24"
if_loc2="rl1"
ip_loc2="192.168.1.1"
net_loc2="192.168.1.0"
ip_prox="192.168.0.8"
#Ochistka rulesov
${fwcmd} -f flush
#Podschet traffica
#${fwcmd} add divert 10010 ip from any to any via $if_out
#${fwcmd} add divert 10020 ip from any to any via $if_loc1
#${fwcmd} add divert 10030 ip from any to any via $if_loc2
#${fwcmd} add divert 10040 ip from any to any via lo0
#Zahod izdaleka
#${fwcmd} add chek-state
${fwcmd} add pass all from any to any via lo0
${fwcmd} add deny all from any to 127.0.0.0/8
${fwcmd} add deny all from 127.0.0.0/8 to any
#local l0 allow
${fwcmd} add allow ip from any to any via lo0
#incoming traff on out interface
${fwcmd} add reject ip from ${net_loc1}/${mask_loc} to any in via ${if_out}
${fwcmd} add reject ip from ${net_loc2}/${mask_loc} to any in via ${if_out}
#incoming http
#${fwcmd} add fwd 192.168.0.8,80 from any to any http in via ${if_out}
#PROXY TRASPARENT
${fwcmd} add pass all from any to any http in via ${if_loc1}
${fwcmd} add pass all from any to any http in via ${if_loc2}
${fwcmd} add fwd ${ip_prox},3128 tcp from ${net_loc1}/${mask_loc} to any http out via ${if_out}
${fwcmd} add fwd ${ip_prox},3128 tcp from ${net_loc2}/${mask_loc} to any http out via ${if_out}
#NAT
${fwcmd} add divert natd ip from ${net_loc1}/${mask_loc} to any out xmit ${out_ip}
${fwcmd} add divert natd ip from ${net_loc2}/${mask_loc} to any out xmit ${out_ip}
${fwcmd} add divert natd ip from any to ${out_ip}
#vse ostalnoe mojno
${fwcmd} add 6500 allow all from any to any
