1) Wan
2)LAn
3)LAn
rc.conf :
Код: Выделить всё
ifconfig_fxp0="ether 00:22:DD:41:XX:XX"
ifconfig_fxp0_alias0="xx.xx.xx.94 netmask 255.255.255.0 -rxcsum"
defaultrouter="xx.xx.xx.1"
ifconfig_rl0="inet 192.168.1.1 netmask 255.255.255.0"
ifconfig_rl0_alias0="inet 192.168.1.4 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.1.5 netmask 255.255.255.0"
hostname="xxxx"
firewall_enable="YES"
firewall_nat_enable="YES"
firewall_script="/etc/firewall"
gateway_enable="YES"
firewall_logging="YES"
Код: Выделить всё
cmd="ipfw -q add"
ipfw="ipfw -q"
pif="xx.xx.xx.94" #WAN
lif="rl0" # interfeis local'naj seti
lan="192.168.1.0/24" # local'naja set'
loc="192.168.1.1"
dns="192.168.1.4"
$cmd 1004 allow ip from any to any via $lif
$cmd 1005 allow ip from any to any via $lif
$cmd 1011 check-state
$cmd 1013 pass tcp from any to any 25 #keep-state
$cmd 1014 pass tcp from any 25 to any
$cmd 1015 pass tcp from any to any 143 #keep-state
$cmd 1016 pass tcp from any 143 to any
$cmd 1017 pass tcp from any to any 110 #keep-state
$cmd 1018 pass tcp from any 110 to any
$cmd 1019 pass tcp from any to any 953
$cmd 1020 pass tcp from any 953 to any
$cmd 1025 deny ip from any to 192.168.0.0/16 in recv $pif
$cmd 1030 deny ip from 192.168.0.0/16 to any in recv $pif
$cmd 1040 deny ip from any to 172.16.0.0/12 in recv $pif
$cmd 1050 deny ip from 172.16.0.0/12 to any in recv $pif
$cmd 1060 deny ip from any to 10.0.0.0/8 in recv $pif
$cmd 1070 deny ip from 10.0.0.0/8 to any in recv $pif
$cmd 1080 deny ip from any to 169.254.0.0/16 in recv $pif
$cmd 1090 deny ip from 169.254.0.0/16 to any in recv $pif
$cmd 1091 pass tcp from any to $pif 80 #keep-state
$cmd 1092 pass tcp from $pif to any 80 #keep-state
$ipfw nat 1 config log ip $pif reset same_ports deny_in redirect_port tcp $dns:53 53 redirect_port udp $dns:53 53 redirect_port tcp $loc:22 22
$cmd 10100 nat 1 ip from any to any via $pif
$cmd 65534 deny log all from any to any
1)WAN
2)LAN
Lan выходит в нет без проблем,
вот только вторая Lan2 - это сделать не может.
Думаю проблема с правилами, только голова уже не варит подскажите где не точности.