что было:
Код: Выделить всё
# nat for table 10 full access
${FwCMD} nat 2000 config ip ${ip_nat33} \
redirect_port tcp 10.4.2.79:1723 1723 \
redirect_proto gre 10.4.2.79 ${ip_nat33}
поменял на такие правила:
Код: Выделить всё
# nat for table 10 full access
${FwCMD} nat 2000 config ip ${ip_nat33} \
redirect_port tcp 10.4.2.79:1723 1723 \
redirect_proto gre 10.4.2.79 ${ip_nat33}
${FwCMD} add nat 2000 all from any to any tagged 1
Код: Выделить всё
ipfw nat 2000 config ip 2.1.2.33 redirect_proto gre 10.4.2.79 2.1.2.33 redirect_port tcp 10.4.2.79:1723 1723
08200 nat 2000 ip from any to any tagged 1
Код: Выделить всё
[root@hqgw1 /etc]# tcpdump -n -i ng2 host 92.113.210.215
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ng2, link-type NULL (BSD loopback), capture size 96 bytes
18:30:17.791635 IP 92.113.210.215.52466 > 2.1.2.33.1723: S 1502213724:1502213724(0) win 8192 <mss 1452,nop,wscale 8,nop,nop,sackOK>
18:30:17.791723 IP 2.112.209.33.1723 > 92.113.210.215.52466: R 0:0(0) ack 1502213725 win 0
18:30:18.323898 IP 92.113.210.215.52466 > 2.1.2.33.1723: S 1502213724:1502213724(0) win 8192 <mss 1452,nop,wscale 8,nop,nop,sackOK>
18:30:18.324006 IP 2.112.209.33.1723 > 92.113.210.215.52466: R 0:0(0) ack 1 win 0
18:30:18.862542 IP 92.113.210.215.52466 > 2.1.2.33.1723: S 1502213724:1502213724(0) win 8192 <mss 1452,nop,nop,sackOK>
18:30:18.862664 IP 2.112.209.33.1723 > 92.113.210.215.52466: R 0:0(0) ack 1 win 0