Есть локалка: 192.168.0.0/24 - dc0
Внешка - xx.xx.xxx.xx - vr0
Правила ipfw:
Код: Выделить всё
#!/bin/sh
ipfw -q -f flush
cmd="ipfw -q add"
$cmd check-state
$cmd allow ip from any to any via lo0
$cmd deny ip from any to 127.0.0.0/8
$cmd deny ip from 127.0.0.0/8 to any
$cmd deny ip from 118.161.246.12 to any
$cmd allow ip from any to me pptp,ftp,80,3389,110,25 via vr0
$cmd allow ip from any to me 110,25,22,80,21,1723,3389 via dc0
$cmd deny ip from any to me ssh
$cmd divert natd all from any to any via vr0
#User
$cmd pipe 11 ip from any to 192.168.0.252 out
$cmd pipe 11 ip from 192.168.0.252 to any in
ipfw pipe 11 config bw 64Kbit/s
$cmd allow ip from 192.168.0.252 to any
$cmd allow ip from any to 192.168.0.252
$cmd deny ip from any to any via dc0
