внешний интерфейс
Код: Выделить всё
# ifconfig em0
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=20d8<VLAN_MTU,VLAN_HWTAGGING,POLLING,VLAN_HWCSUM,WOL_MAGIC>
ether 00:30:48:8a:94:fe
inet 1.1.1.2 netmask 0xffffff00 broadcast 1.1.1.5
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
Код: Выделить всё
# ipfw nat show config
ipfw nat 10 config ip 1.1.1.2 log deny_in same_ports unreg_only reset
Код: Выделить всё
# ipfw list
00011 queue 1 icmp from any to any out via ng*
00012 queue 1 ip from any 22,53 to any out via ng*
00013 queue 2 ip from any 80,443,8080,8081 to any out via ng*
00014 queue 3 ip from any 25,110 to any out via ng*
00015 queue 4 tcp from any not 22,53,80,443,8080,8081,25,110 to any out via ng*
00016 queue 5 udp from any not 22,53,80,443,8080,8081,25,110 to any out via ng*
00021 queue 11 icmp from any to any in via ng*
00022 queue 11 ip from any to any dst-port 22,53 in via ng*
00023 queue 12 ip from any to any dst-port 80,443,8080,8081 in via ng*
00024 queue 13 ip from any to any dst-port 25,110 in via ng*
00025 queue 14 tcp from any to any not dst-port 22,53,80,443,8080,8081,25,110 in via ng*
00026 queue 15 udp from any to any not dst-port 22,53,80,443,8080,8081,25,110 in via ng*
00049 nat 10 log logamount 10000 ip from 10.10.0.0/20 to any out recv ng* xmit em0
00053 nat 10 log logamount 10000 ip from any to 1.1.1.2 in recv em0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
65000 allow ip from any to any
65535 deny ip from any to anyЕсли убрать опцию deny_in, то все работает.
Помогите разобраться в чем дело!
Спасибо!
