Проблемы
- не могу соединиться из локалки с внешними фтп
пробовал ftp-proxy. но может с данным pf нужні особіе условия.
- получение почты через одного провайдера.(ISP2)
Код: Выделить всё
ext_if1="rl0"
ext_if2="fxp0"
ext_gw1="82.x.x.x"
ext_gw2="65.x.x.x"
int_if="fxp1"
lan_net="192.168.0.0/24"
1 = "(" $ext_if1 $ext_gw1 ")"
2 = "(" $ext_if2 $ext_gw2 ")"
set block-policy drop
###########################################
set skip on ln0
scrub in on $ext_if1 all fragment reassemble no-df min-ttl 20 max-mss 1440
###
rdr on $int_if proto tcp from !$int_if to any port www -> 127.0.0.1 port 3128
nat on $ext_if1 from $lan_net to any -> ($ext_if1)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)
rdr on $int_if proto tcp from $int_if:network to any port ftp -> 127.0.0.1 port 8021
block in all
#block out all
pass quick on lo0 all
antispoof quick for $int_if inet
pass in quick proto tcp from any to any port ssh keep state
###
pass in quick on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass in quick on $ext_if1 proto tcp from port ftp to $ext_if1 user proxy flags S/SA modulate state
#local
pass in quick on $int_if inet from $int_if:network to $int_if keep state
pass out quick on $int_if inet from $int_if to $int_if:network keep state
#wan
pass in on $ext_if1 tag $ext_if1 keep state
pass out on $int_if reply-to $1 tagged $ext_if1 keep state
pass in on $ext_if2 tag $ext_if2 keep state
pass out on $int_if reply-to $2 tagged $ext_if2 keep state
#balance
pass in on $int_if route-to {$1, $2} round-robin proto tcp from $lan_net to any flags S/SA modulate state
pass in on $int_if route-to {$1, $2} round-robin proto {udp, icmp} from $lan_net to any keep state
#OUT
pass out on $ext_if1 route-to $1 keep state
pass out on $ext_if2 route-to $2 keep state
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto {udp, icmp} from any to any keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto {udp, icmp} from any to any keep state
pass out on $ext_if1 route-to {$ext_if2 $ext_gw2} from $ext_if2 to any
pass out on $ext_if2 route-to {$ext_if1 $ext_gw1} from $ext_if1 to any