интернет есть только на шлюзе дальше не раздается то есть на других машинах инет можно получить только через поднятый на шлюзе сквид мимо сквида не ходит ...
RC.CONFig
Код: Выделить всё
# -- sysinstall generated deltas -- # Fri Oct 2 10:04:38 2009
# Created: Fri Oct 2 10:04:38 2009
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
# -- sysinstall generated deltas -- # Fri Oct 2 13:08:13 2009
mousechar_start="3"
saver="daemon"
font8x8="cp866-8x8"
font8x14="cp866-8x14"
font8x16="cp866b-8x16"
keymap="ru.koi8-r"
# -- sysinstall generated deltas -- # Fri Oct 2 13:20:13 2009
ifconfig_rl0="inet 192.168.2.67 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.12.1 netmask 255.255.255.0"
defaultrouter="192.168.2.100"
hostname="sun.example.com"
gateway_enable="YES"
#ppp_enable="YES"
#ppp_mode="ddial"
#ppp_nat="YES"
#ppp_profile="aaa"
apache_enable="YES"
squid_enable="YES"
mysql_enable="YES"
sams_enable="YES"
#nmbd_enable="YES"
#smbd_enable="YES"
#winbind_enable="YES"
firewall_enable="YES"
firewall_type="/etc/rc.firewall"
#router_flags="-q"
#router="/sbin/routed"
#router_enable="YES"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-same_ports"
Код: Выделить всё
#!/bin/sh
ipfw=/sbin/ipfw
${ipfw} -f flush
iif="rl1" #sokrashenie dlya vnutrennego interfesa
oif="rl0" #--//-- dlya dlya vneshnego PPP interfesa, esli net PPP, nado rlX
#oip="213.27.58.211" #vneshnii IP
iip="192.168.12.1"
ilan="192.168.12.0/24"
bankip="192.168.12.22" #ip propuskaemui mimo proxy
#${ipfw} add divert natd ip from 192.168.2.0/24 to any out via rl0
#${ipfw} add divert natd ip from any to 192.168.12.0/24 in via rl0
#sohranenie vseh packetov v log fail /var/log
#${ipfw} add count log logamount 0 ip from any to any
#primer zapreta vsego s opredelenngo ip
#${ipfw} add deny ip from 218.201.99.55 to me
#lo0 - dolzhno but vsegda
$ipfw add allow ip from any to any via lo0
#razreshit dostut serveru v localnui set'
$ipfw add allow ip from ${ilan} to ${ilan} via ${iif}
#Server - vuhod v INET
$ipfw add allow ip from me to any via ${oif}
#primer razreshenia dostupa izvne po portu dlya IP
#$ipfw add allow tcp from 90.143.0.0 to me 22,3389 #
#$ipfw add allow tcp from any to me 4899,3389 #
$ipfw add allow tcp from 87.117.29.194 to me #
#ping -
$ipfw add allow icmp from any to me in via ${oif} icmptype 0,3,4,8,11,12 #snaruzhi toka nekotorue pingi
$ipfw add allow icmp from $ilan to any icmptype 0,3,4,8,11,12 # s lan to inet
$ipfw add allow icmp from any to $ilan icmptype 0,3,4,8,11,12 # vozvrat otveta
#DNS to LAN
$ipfw add allow udp from 192.168.2.100 53 to $ilan
$ipfw add allow tcp from 192.168.2.100 53 to $ilan
$ipfw add allow udp from $ilan to 192.168.2.100 53
$ipfw add allow tcp from $ilan to 192.168.2.100 53
#razreshit IP mimo without proxy
${ipfw} add allow tcp from ${bankip} to any out via $oif
#RDP - probros portov
#
$ipfw add fwd 192.168.12.77,3389 tcp from any to me 3389 via $oif
$ipfw add allow tcp from any to 192.168.12.77 3389 via $oif
# SQUID
#zapret zi seti mimo proxy dlya portov
$ipfw add deny log tcp from $ilan to not $ilan 80,8080,3128,443,21 via $oif
#NATD
#${ipfw} add divert natd ip from ${ilan} to any out via ${iif}
#${ipfw} add divert natd ip from not $ilan to ${oip} in via ${oif}
#razreshit vhodyashie snaruzhi tolko esli oni iniciirovanu iznutri
${ipfw} add allow ip from any to me via ${oif} keep-state
#zapretit vse istalnue vhodyashie
${ipfw} add deny log tcp from any to me via ${oif}
#LAN -> INET polnui dostup
$ipfw add allow ip from $ilan to any in via ${iif}
$ipfw add allow ip from $ilan to any out via ${oif}
$ipfw add allow ip from any to $ilan in via ${oif}
$ipfw add allow ip from any to $ilan out via ${iif}
#vse ostalnoe - zapretit
${ipfw} add deny log ip from any to any