FreeBSD . Но столкнулся с проблемой настройки Dummynet. установлена FreeBSD-7.0 Reliase, ядро с опциями :
options IPFIREWALL
options IPDIVERT
options DUMMYNET
options HZ=1000
net.inet.ip.fw.one_pass=0
Сеть:
intranet="rl0" - 192.168.0.1 интерфейс смотрящий внутрь локалки
inet="tun0" - поднятый pppoe интерфейс
IpOut="83.xxx.xxx.xxx"- внешний IP который получает tun0
IpIn="192.168.0.1" - IP rl0
NetInE="192.168.0.0" - внутренняя сеть
NetMask="24" - маска сети
rc.firewall :
Код: Выделить всё
${ipfw} -f flush
${ipfw} -f pipe flush
${ipfw} -f queue flush
${ipfw} add 100 check-state
${ipfw} add 200 allow ip from any to any via lo0
${ipfw} add 300 deny ip from any to 127.0.0.0/8
${ipfw} add 400 deny ip from 127.0.0.0/8 to any
${ipfw} add 800 deny ip from any to 10.0.0.0/8 in via ${inet}
${ipfw} add 900 deny ip from any to 172.16.0.0/12 in via ${inet}
${ipfw} add 1000 deny ip from any to 192.168.0.0/16 in via ${inet}
${ipfw} add 1100 deny ip from any to 0.0.0.0/8 in via ${inet}
${ipfw} add 1300 deny ip from any to 169.254.0.0/16 in via ${inet}
${ipfw} add 1400 deny ip from any to 240.0.0.0/4 in via ${inet}
${ipfw} add 1600 deny icmp from any to any frag
${ipfw} add 1650 deny icmp from any to any in icmptype 5,9,13,14,15,16,17
${ipfw} add 1700 deny log icmp from any to 255.255.255.255 in via ${inet}
${ipfw} add 1800 deny log icmp from any to 255.255.255.255 out via ${inet}
${ipfw} add 1850 deny tcp from any 137-139,1022,1023 to any via ${intranet}
${ipfw} add 1860 deny tcp from any to any 137-139,1022,1023 via ${intranet}
${ipfw} add 1900 deny udp from any 137-139,1022,1023 to any via ${intranet}
${ipfw} add 2000 deny udp from any to any 137-139,1022,1023 via ${intranet}
######
${ipfw} add 2200 fwd 127.0.0.1,3128 tcp from ${NetInE}/${NetMask} to any 80 via ${inet}
#####
${ipfw} add 3000 divert 8668 ip from ${NetInE}/${NetMask} to any out via ${inet}
${ipfw} add 3200 divert 8668 ip from any to ${IpOut} in via ${inet}
#####
${ipfw} add 3500 pipe 1 ip from ${IpIn} to ${NetInE}/${NetMask}
${ipfw} pipe 1 config bw 100Mbit/s
${ipfw} add 3510 pipe 2 ip from ${IpOut} to ${NetInE}/${NetMask}
${ipfw} pipe 2 config bw 100Mbit/s
${ipfw} add 3515 pipe 3 ip from any to any tcpflags ack iplen 0-128
${ipfw} pipe 3 config bw 100Mbit/s
${ipfw} add 3520 pipe 4 ip from not ${NetInE}/${NetMask} to 192.168.0.23
${ipfw} pipe 4 config bw 64Kbit/s
####
${ipfw} add 4000 deny ip from 10.0.0.0/8 to any out via ${inet}
${ipfw} add 4100 deny ip from 172.16.0.0/12 to any out via ${inet}
${ipfw} add 4200 deny ip from 192.168.0.0/16 to any out via ${inet}
${ipfw} add 4300 deny ip from 0.0.0.0/8 to any out via ${inet}
${ipfw} add 4400 deny ip from 169.254.0.0/16 to any out via ${inet}
${ipfw} add 4500 deny ip from 224.0.0.0/4 to any out via ${inet}
#####
${ipfw} add 5000 allow tcp from any to any established
${ipfw} add 5100 allow ip from ${IpOut} to any out xmit ${inet}
#####
${ipfw} add 5700 allow udp from any 53 to any via ${inet}
${ipfw} add 5800 allow udp from any 123 to any via ${inet}
#####
${ipfw} add 6000 allow icmp from any to any icmptypes 0,8,11
${ipfw} add 7000 allow tcp from any to any via ${intranet}
${ipfw} add 7100 allow udp from any to any via ${intranet}
${ipfw} add 7200 allow icmp from any to any via ${intranet}
####
${ipfw} add 12000 deny log tcp from any to ${IpOut} in via ${inet} setup
${ipfw} add 65354 deny ip from any to any
Прошу подсказать ,где я ошибаюсь.