Парни, разрулите пжл. такую ситуацию (что я не так делаю).
Код: Выделить всё
FreeBSD gw-bsd.ndm.local 6.3-RELEASE FreeBSD 6.3-RELEASE #5: Mon Aug 10 16:07:11 VOLST 2009 seasadmin@gw-bsd.ndm.local:/usr/obj/usr/src/sys/sys/KERNELGW i3Squid 2.7 Stable6, + SAMS + Rejik + авторизация NTLM (не прозрачный прокси).
Выкладываю правила, напишите пжл, где ошибка.
Код: Выделить всё
gw-bsd# ipfw show
00001 0 0 check-state
00002 0 0 deny log logamount 5 ip from 219.91.0.0/16 to me via ste0
00003 6 366 reject log logamount 5 icmp from any to me in via ste0
00004 0 0 reject log logamount 5 tcp from any to any tcpflags syn,fin,ack,psh,rst,urg
00004 0 0 reject log logamount 5 tcp from any to any tcpflags !syn,!fin,!ack,!psh,!rst,!urg
00004 0 0 reject log logamount 5 tcp from any to any not established tcpflags fin
00004 277 42167 deny log logamount 5 ip from any to any not verrevpath in
00005 0 0 deny log logamount 5 icmp from any to any frag
00006 0 0 deny log logamount 5 icmp from any to 255.255.255.255 in via ste0
00007 0 0 deny log logamount 5 icmp from any to 255.255.255.255 out via ste0
00008 0 0 deny ip from 192.168.0.0/16 to any in via ste0
00008 0 0 deny ip from 172.16.0.0/12 to any in via ste0
00008 0 0 deny ip from 10.0.0.0/8 to any in via ste0
00008 0 0 deny ip from 127.0.0.0/8 to any in via ste0
00008 0 0 deny ip from 0.0.0.0/8 to any in via ste0
00008 0 0 deny ip from 169.254.0.0/16 to any in via ste0
00008 0 0 deny ip from 192.0.2.0/24 to any in via ste0
00008 0 0 deny ip from 204.152.64.0/23 to any in via ste0
00008 0 0 deny ip from 224.0.0.0/3 to any in via ste0
00008 211 16455 allow ip from any to any via lo0
00009 0 0 deny ip from any to 127.0.0.0/8
00010 0 0 deny ip from 127.0.0.0/8 to any
00012 0 0 skipto 800 tcp from 192.168.1.174 to 91.199.156.210 dst-port 20,21,25,80,110,443,1100,1024-1500 out via ste0 setup keep-state
00013 7 430 fwd 192.168.1.200,3128 tcp from 192.168.1.0/24 to not 91.199.156.210 dst-port 80 in via sk0
00014 5615 994770 allow log logamount 5 tcp from me to not 192.168.1.0/24 dst-port 21,80,443 out via ste0
00015 7546 2336556 divert 8668 log logamount 5 ip from any to any in via ste0
00017 30932 7936300 allow ip from any to any via sk0
00018 7364 2331886 allow tcp from any to any established
00019 8 518 count udp from 192.168.1.0/24 to 89.31.16.51,89.31.16.35 dst-port 53 out via ste0
00020 28 1758 skipto 800 udp from 192.168.1.0/24 to 89.31.16.51,89.31.16.35 dst-port 53 out via ste0 keep-state
00021 0 0 count udp from 89.31.16.51,89.31.16.35 to 89.31.нн.нн dst-port 53 in via ste0
00022 0 0 allow udp from 89.31.16.51,89.31.16.35 to 89.31.нн.нн dst-port 53 in via ste0 limit src-addr 10
00023 0 0 count tcp from 192.168.1.1,192.168.1.2,192.168.1.7,192.168.1.181 to any dst-port 22,3389,3390,3391,3392,4898,4899,5900,5901,5902 out via ste0
00024 0 0 skipto 800 tcp from 192.168.1.1,192.168.1.2,192.168.1.7,192.168.1.181 to any dst-port 22,3389,3390,3391,3392,4898,4899,5900,5901,5902 out via ste0 setup keep-state
00025 1 48 count tcp from any to 89.31.нн.нн dst-port 22,3389,3390,3391,3392,4898,4899,5900,5901,5902 in via ste0
00026 5 240 allow log logamount 5 tcp from any to 89.31.нн.нн dst-port 22,3389,3390,3391,3392,4898,4899,5900,5901,5902 in via ste0 setup limit src-addr 10
00027 0 0 count tcp from 192.168.1.7 to any dst-port 25 out via ste0
00028 0 0 skipto 800 tcp from 192.168.1.7 to any dst-port 25 out via ste0 setup keep-state
00029 72 4540 count tcp from any to 89.31.нн.нн dst-port 25 in via ste0
00030 2615 227203 allow log logamount 5 tcp from any to 89.31.нн.нн dst-port 25 in via ste0 setup limit src-addr 5
00031 0 0 count tcp from any to 89.31.нн.нн dst-port 110 via ste0
00032 0 0 allow log logamount 5 tcp from any to 89.31.нн.нн dst-port 110 via ste0 setup limit src-addr 5
00033 0 0 count tcp from 192.168.1.1 20,21,5000-7000 to any in via ste0
00034 0 0 skipto 800 tcp from 192.168.1.1 20,21,5000-7000 to any in via ste0 setup
00035 0 0 count tcp from any to 89.31.нн.нн dst-port 20,21,5000-7000 in via ste0
00036 0 0 allow tcp from any to 89.31.нн.нн dst-port 20,21,5000-7000 in via ste0 setup limit src-addr 5
00037 0 0 count tcp from me to any out via ste0 uid root
00038 0 0 skipto 800 tcp from me to any out via ste0 setup uid root keep-state
00040 0 0 count tcp from 192.168.1.179,192.168.1.180,192.168.1.30,192.168.1.182 to any dst-port 25 out via ste0
00041 0 0 skipto 800 tcp from 192.168.1.179,192.168.1.180,192.168.1.30,192.168.1.182 to any dst-port 25 out via ste0 setup keep-state
00042 48 2304 count tcp from 192.168.1.179,192.168.1.180,192.168.1.30,192.168.1.182 to any dst-port 110 out via ste0
00043 2020 147606 skipto 800 tcp from 192.168.1.179,192.168.1.180,192.168.1.30,192.168.1.182 to any dst-port 110 out via ste0 setup keep-state
00044 4 192 count tcp from 192.168.1.179,192.168.1.180,192.168.1.30,192.168.1.182 to any dst-port 5190,6667,6678,6679,7000 out via ste0
00045 1525 249794 skipto 800 tcp from 192.168.1.179,192.168.1.180,192.168.1.30,192.168.1.182 to any dst-port 5190,6667,6678,6679,7000 out via ste0 setup keep-state
00046 1 48 count tcp from 192.168.1.179,192.168.1.180,192.168.1.30,192.168.1.182 to any dst-port 22,3389,3390,3391,3392,4898,4899,5900,5901,5902 out via ste0
00047 365 97810 skipto 800 tcp from 192.168.1.179,192.168.1.180,192.168.1.30,192.168.1.182 to any dst-port 22,3389,3390,3391,3392,4898,4899,5900,5901,5902 out via ste0 setup keep-state
00048 0 0 skipto 800 icmp from 192.168.1.179,192.168.1.180,192.168.1.30,192.168.1.182,192.168.1.1,192.168.1.2,192.168.1.7,192.168.1.181,192.168.1.200 to any out via ste0 keep-state
00049 0 0 count tcp from 192.168.1.179,192.168.1.180,192.168.1.30,192.168.1.182 to any dst-port 20-22 out via ste0
00050 0 0 skipto 800 tcp from 192.168.1.179,192.168.1.180,192.168.1.30,192.168.1.182 to any dst-port 20-22 out via ste0 setup keep-state
00100 6 288 deny ip from 192.168.0.0/16 to any out via ste0
00101 0 0 deny ip from 172.16.0.0/12 to any out via ste0
00102 0 0 deny ip from 10.0.0.0/8 to any out via ste0
00103 0 0 deny ip from 127.0.0.0/8 to any out via ste0
00104 0 0 deny ip from 0.0.0.0/8 to any out via ste0
00105 0 0 deny ip from 169.254.0.0/16 to any out via ste0
00106 0 0 deny ip from 192.0.2.0/24 to any out via ste0
00107 0 0 deny ip from 204.152.64.0/23 to any out via ste0
00108 0 0 deny ip from 224.0.0.0/3 to any out via ste0
00130 0 0 deny log logamount 5 ip from any to any frag in via ste0
00200 153 8363 deny log logamount 5 ip from any to any in via ste0
00210 817 47756 deny log logamount 5 ip from any to any out via ste0
00800 1254 102112 divert 8668 log logamount 5 ip from any to any out via ste0
00801 3938 496968 allow ip from any to any
00999 0 0 deny log logamount 5 ip from any to any
65535 8 634 deny ip from any to any
