не работает natd

[Spider1]

Всем, Доброго времени суток.
понадобилось сделать проброску портов в частности на rdp компа внутри сети

в rc.conf добавил строки

Код: Выделить всё

natd_enable="YES"
natd_interface="fxp0" //внешний интерфейс
natd_flags="-f /etc/natd.conf"

в natd.conf

Код: Выделить всё

same_ports yes
use_sockets yes
redirect_port tcp 192.168.1.11:3389 3388

когда только настроил все заработало, а через пару дней перестало работать.
Подскажите, кто может, в чем может быть затык???

[Хостинг HostFood.ru]

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

[vadim64]

Настройка IPFW

[Spider1]

Больше никаких мыслей по этому вопросу нету?

[hizel]

Код: Выделить всё

ipfw show

[Spider1]

%ipfw show

Код: Выделить всё

00030    2308    7010796 allow ip from any to any via lo0
00030       0          0 allow ip from any to any via lo0
00030       0          0 allow ip from any to any via lo0
00040       0          0 deny ip from 192.160.0.0/12 to any in via fxp0
00040       0          0 deny ip from 192.160.0.0/12 to any in via fxp0
00040       0          0 deny ip from 192.160.0.0/12 to any in via fxp0
00050       0          0 deny ip from 172.16.0.0/12 to any in via fxp0
00050       0          0 deny ip from 172.16.0.0/12 to any in via fxp0
00050       0          0 deny ip from 172.16.0.0/12 to any in via fxp0
00071       0          0 divert 8669 ip from 192.168.1.0/24 to 10.0.0.0/8 out via re0
00071       0          0 divert 8669 ip from 192.168.1.0/24 to 10.0.0.0/8 out via re0
00071       0          0 divert 8669 ip from 192.168.1.0/24 to 10.0.0.0/8 out via re0
00073      26       1332 divert 8669 ip from any to 10.125.0.115 in via re0
00073       0          0 divert 8669 ip from any to 10.125.0.115 in via re0
00073       0          0 divert 8669 ip from any to 10.125.0.115 in via re0
00075       0          0 fwd 10.125.0.126 log logamount 10 ip from me to any out via re0
00075       0          0 fwd 10.125.0.126 log logamount 10 ip from me to any out via re0
00075       0          0 fwd 10.125.0.126 log logamount 10 ip from me to any out via re0
00080  268621   54599367 divert 8668 ip from 192.168.1.0/24 to any out via fxp0
00080       0          0 divert 8668 ip from 192.168.1.0/24 to any out via fxp0
00080       0          0 divert 8668 ip from 192.168.1.0/24 to any out via fxp0
00090  563765  528789237 divert 8668 ip from any to 195.xxx.xxx.xxx in via fxp0
00090       0          0 divert 8668 ip from any to 195.xxx.xxx.xxx in via fxp0
00090       0          0 divert 8668 ip from any to 195.xxx.xxx.xxx in via fxp0
00100 2335813 1385543222 allow tcp from any to any established
00100       0          0 allow tcp from any to any established
00100       0          0 allow tcp from any to any established
00110   33171    2649453 allow ip from 195.xxx.xxx.xxx to any out xmit fxp0
00110       0          0 allow ip from 195.xxx.xxx.xxx to any out xmit fxp0
00110       0          0 allow ip from 195.xxx.xxx.xxx to any out xmit fxp0
00112       0          0 allow ip from 109.xxx.xxx.xxx to any out xmit fxp1
00112       0          0 allow ip from 109.xxx.xxx.xxx to any out xmit fxp1
00112       0          0 allow ip from 109.xxx.xxx.xxx to any out xmit fxp1
00115       0          0 allow ip from 10.125.0.115 to any out xmit re0
00115       0          0 allow ip from 10.125.0.115 to any out xmit re0
00115       0          0 allow ip from 10.125.0.115 to any out xmit re0
00120     486      30916 allow ip from 192.168.1.250 to any out
00120       0          0 allow ip from 192.168.1.250 to any out
00120       0          0 allow ip from 192.168.1.250 to any out
00130   50895    2451016 allow ip from any to me dst-port 20-25,80,110,143,443,3128,8585,9010,9091,10000,14944 via rl0
00130       0          0 allow ip from any to me dst-port 20-25,80,110,143,443,3128,8585,9010,9091,10000,14944 via rl0
00130       0          0 allow ip from any to me dst-port 20-25,80,110,143,443,3128,8585,9010,9091,10000,14944 via rl0
00135     111       5993 allow ip from any to me dst-port 25,110,143,443,14944
00135       0          0 allow ip from any to me dst-port 25,110,143,443,14944
00135       0          0 allow ip from any to me dst-port 25,110,143,443,14944
00140       0          0 allow ip from 194.xxx.xxx.xxx to any
00140       0          0 allow ip from 194.xxx.xxx.xxx to any
00140       0          0 allow ip from 194.xxx.xxx.xxx to any
00150       0          0 allow ip from any to 194.xxx.xxx.xxx
00150       0          0 allow ip from any to 194.xxx.xxx.xxx
00150       0          0 allow ip from any to 194.xxx.xxx.xxx
00158       0          0 allow ip from 195.xxx.xxx.xxx to any
00158       0          0 allow ip from 195.xxx.xxx.xxx to any
00158       0          0 allow ip from 195.xxx.xxx.xxx to any
00159       0          0 allow ip from any to 195.xxx.xxx.xxx
00159       0          0 allow ip from any to 195.xxx.xxx.xxx
00159       0          0 allow ip from any to 195.xxx.xxx.xxx
00160    5071     205492 allow ip from 192.168.1.62 to any
00160       0          0 allow ip from 192.168.1.62 to any
00160       0          0 allow ip from 192.168.1.62 to any
00165     200      13600 allow ip from any to 192.168.1.62
00165       0          0 allow ip from any to 192.168.1.62
00165       0          0 allow ip from any to 192.168.1.62
00172       3        144 allow ip from 109.xxx.xxx.xxx to any
00172       0          0 allow ip from 109.xxx.xxx.xxx to any
00172       0          0 allow ip from 109.xxx.xxx.xxx to any
00173       0          0 allow ip from any to 109.xxx.xxx.xxx
00173       0          0 allow ip from any to 109.xxx.xxx.xxx
00173       0          0 allow ip from any to 109.xxx.xxx.xxx
00175       0          0 allow ip from 95.xxx.xxx.xxx to any
00175       0          0 allow ip from 95.xxx.xxx.xxx to any
00175       0          0 allow ip from 95.xxx.xxx.xxx to any
00176       0          0 allow ip from any to 95.xxx.xxx.xxx
00176       0          0 allow ip from any to 95.xxx.xxx.xxx
00176       0          0 allow ip from any to 95.xxx.xxx.xxx
00177       0          0 allow ip from 178.xxx.xxx.xxx to any
00177       0          0 allow ip from 178.xxx.xxx.xxx to any
00177       0          0 allow ip from 178.xxx.xxx.xxx to any
00178       0          0 allow ip from any to 178.xxx.xxx.xxx
00178       0          0 allow ip from any to 178.xxx.xxx.xxx
00178       0          0 allow ip from any to 178.xxx.xxx.xxx
00180    1554     105234 allow udp from any to any dst-port 53,123
00180       0          0 allow udp from any to any dst-port 53,123
00180       0          0 allow udp from any to any dst-port 53,123
00190    5082    1172964 allow udp from any 53,123 to any
00190       0          0 allow udp from any 53,123 to any
00190       0          0 allow udp from any 53,123 to any
00200       0          0 deny icmp from any to any icmptypes 13,14
00200       0          0 deny icmp from any to any icmptypes 13,14
00200       0          0 deny icmp from any to any icmptypes 13,14
00210    1312     154210 allow icmp from any to any
00210       0          0 allow icmp from any to any
00210       0          0 allow icmp from any to any
00220       0          0 allow udp from 192.168.1.250 to any dst-port 137
00220       0          0 allow udp from 192.168.1.250 to any dst-port 137
00220       0          0 allow udp from 192.168.1.250 to any dst-port 137
00230    7066     576288 allow udp from any 137 to any
00230       0          0 allow udp from any 137 to any
00230       0          0 allow udp from any 137 to any
00240    1847     421770 allow udp from any 138 to any dst-port 138
00240       0          0 allow udp from any 138 to any dst-port 138
00240       0          0 allow udp from any 138 to any dst-port 138
00300       0          0 allow ip from any to 87.xxx.xxx.xxx
00300       0          0 allow ip from any to 87.xxx.xxx.xxx
00300       0          0 allow ip from any to 87.xxx.xxx.xxx
00310       0          0 allow ip from any to 87.xxx.xxx.xxx
00310       0          0 allow ip from any to 87.xxx.xxx.xxx
00310       0          0 allow ip from any to 87.xxx.xxx.xxx
00311    1161      55728 allow ip from any to 89.xxx.xxx.xxx
00311       0          0 allow ip from any to 89.xxx.xxx.xxx
00311       0          0 allow ip from any to 89.xxx.xxx.xxx
00320       0          0 allow ip from any to any dst-port 3274
00320       0          0 allow ip from any to any dst-port 3274
00320       0          0 allow ip from any to any dst-port 3274
00330       1         44 allow ip from 192.168.1.150 to any
00330       0          0 allow ip from 192.168.1.150 to any
00330       0          0 allow ip from 192.168.1.150 to any
00340       0          0 allow ip from any to 192.168.1.150
00340       0          0 allow ip from any to 192.168.1.150
00340       0          0 allow ip from any to 192.168.1.150
00350       1         44 allow ip from 192.168.1.151 to any
00350       0          0 allow ip from 192.168.1.151 to any
00350       0          0 allow ip from 192.168.1.151 to any
00360       0          0 allow ip from any to 192.168.1.151
00360       0          0 allow ip from any to 192.168.1.151
00360       0          0 allow ip from any to 192.168.1.151
00370       2         88 allow ip from 192.168.1.152 to any
00370       0          0 allow ip from 192.168.1.152 to any
00370       0          0 allow ip from 192.168.1.152 to any
00380       0          0 allow ip from any to 192.168.1.152
00380       0          0 allow ip from any to 192.168.1.152
00380       0          0 allow ip from any to 192.168.1.152
00382       0          0 allow ip from 192.168.1.154 to any
00382       0          0 allow ip from 192.168.1.154 to any
00382       0          0 allow ip from 192.168.1.154 to any
00383       0          0 allow ip from any to 192.168.1.154
00383       0          0 allow ip from any to 192.168.1.154
00383       0          0 allow ip from any to 192.168.1.154
00385       0          0 allow ip from 192.168.1.155 to any
00385       0          0 allow ip from 192.168.1.155 to any
00385       0          0 allow ip from 192.168.1.155 to any
00386       0          0 allow ip from any to 192.168.1.155
00386       0          0 allow ip from any to 192.168.1.155
00386       0          0 allow ip from any to 192.168.1.155
00388       0          0 allow ip from 192.168.1.156 to any
00388       0          0 allow ip from 192.168.1.156 to any
00388       0          0 allow ip from 192.168.1.156 to any
00389       0          0 allow ip from any to 192.168.1.156
00389       0          0 allow ip from any to 192.168.1.156
00389       0          0 allow ip from any to 192.168.1.156
00442       0          0 allow ip from 192.168.1.252 to any
00442       0          0 allow ip from 192.168.1.252 to any
00442       0          0 allow ip from 192.168.1.252 to any
00444       0          0 allow ip from any to 192.168.1.252
00444       0          0 allow ip from any to 192.168.1.252
00444       0          0 allow ip from any to 192.168.1.252
00445   12730    1409101 allow ip from 192.168.1.44 to any
00445       0          0 allow ip from 192.168.1.44 to any
00445       0          0 allow ip from 192.168.1.44 to any
00446    9886    2939532 allow ip from any to 192.168.1.44
00446       0          0 allow ip from any to 192.168.1.44
00446       0          0 allow ip from any to 192.168.1.44
00450     405      19440 allow ip from 192.168.1.51 to any
00450       0          0 allow ip from 192.168.1.51 to any
00450       0          0 allow ip from 192.168.1.51 to any
00460       0          0 allow ip from any to 192.168.1.51
00460       0          0 allow ip from any to 192.168.1.51
00460       0          0 allow ip from any to 192.168.1.51
00465      14       1720 allow ip from 192.168.1.59 to any
00465       0          0 allow ip from 192.168.1.59 to any
00465       0          0 allow ip from 192.168.1.59 to any
00466       0          0 allow ip from any to 192.168.1.59
00466       0          0 allow ip from any to 192.168.1.59
00466       0          0 allow ip from any to 192.168.1.59
00470       0          0 allow ip from 109.xxx.xxx.xxx to any
00470       0          0 allow ip from 109.xxx.xxx.xxx to any
00470       0          0 allow ip from 109.xxx.xxx.xxx to any
00480       0          0 allow ip from any to 109.xxx.xxx.xxx
00480       0          0 allow ip from any to 109.xxx.xxx.xxx
00480       0          0 allow ip from any to 109.xxx.xxx.xxx
00490       0          0 allow ip from any to me dst-port 1194
00490       0          0 allow ip from any to me dst-port 1194
00490       0          0 allow ip from any to me dst-port 1194
00500       0          0 allow ip from 10.8.0.0/24 to 192.168.1.0/24
00500       0          0 allow ip from 10.8.0.0/24 to 192.168.1.0/24
00500       0          0 allow ip from 10.8.0.0/24 to 192.168.1.0/24
00510       0          0 allow ip from 192.168.1.0/24 to 10.8.0.0/24
00510       0          0 allow ip from 192.168.1.0/24 to 10.8.0.0/24
00510       0          0 allow ip from 192.168.1.0/24 to 10.8.0.0/24
00512       0          0 allow ip from 192.168.0.0/24 to 10.8.0.0/24
00512       0          0 allow ip from 192.168.0.0/24 to 10.8.0.0/24
00512       0          0 allow ip from 192.168.0.0/24 to 10.8.0.0/24
00514       0          0 allow ip from 10.8.0.0/24 to 192.168.0.0/24
00514       0          0 allow ip from 10.8.0.0/24 to 192.168.0.0/24
00514       0          0 allow ip from 10.8.0.0/24 to 192.168.0.0/24
00520       0          0 allow ip from 192.168.1.49 to any
00520       0          0 allow ip from 192.168.1.49 to any
00520       0          0 allow ip from 192.168.1.49 to any
00530       0          0 allow ip from any to 192.168.1.49
00530       0          0 allow ip from any to 192.168.1.49
00530       0          0 allow ip from any to 192.168.1.49
00531       0          0 allow ip from 192.168.1.57 to any
00531       0          0 allow ip from 192.168.1.57 to any
00531       0          0 allow ip from 192.168.1.57 to any
00532       0          0 allow ip from any to 192.168.1.57
00532       0          0 allow ip from any to 192.168.1.57
00532       0          0 allow ip from any to 192.168.1.57
00540       0          0 allow ip from 192.168.1.206 to any
00540       0          0 allow ip from 192.168.1.206 to any
00540       0          0 allow ip from 192.168.1.206 to any
00550       0          0 allow ip from any to 192.168.1.206
00550       0          0 allow ip from any to 192.168.1.206
00550       0          0 allow ip from any to 192.168.1.206
00551     431      69380 allow ip from 192.168.1.214 to any
00551       0          0 allow ip from 192.168.1.214 to any
00551       0          0 allow ip from 192.168.1.214 to any
00552       0          0 allow ip from any to 192.168.1.214
00552       0          0 allow ip from any to 192.168.1.214
00552       0          0 allow ip from any to 192.168.1.214
00553      68       4884 allow ip from 192.168.1.211 to any
00553       0          0 allow ip from 192.168.1.211 to any
00553       0          0 allow ip from 192.168.1.211 to any
00554       0          0 allow ip from any to 192.168.1.211
00554       0          0 allow ip from any to 192.168.1.211
00554       0          0 allow ip from any to 192.168.1.211
01003    1537     217672 allow ip from 192.168.1.0/24 to any dst-port 20-25,110,443,5190,41192-65535
01004    1093      52464 allow ip from 192.168.1.14 to any
01006       0          0 allow ip from 192.168.1.23 to any
65000   15674    2029892 deny log logamount 10 ip from any to any via fxp0
65000       0          0 deny log logamount 10 ip from any to any via fxp0
65000       0          0 deny log logamount 10 ip from any to any via fxp0
65100    8909    1345606 deny log logamount 10 ip from any to any
65100       0          0 deny log logamount 10 ip from any to any
65100       0          0 deny log logamount 10 ip from any to any
65535       2        258 deny ip from any to any

[hizel]

вы где-то

Код: Выделить всё

ipfw flush

забыли

судя по портянке вы какие то ip разрешаете и среди них я не вижу 192.168.1.11

[Spider1]

так он вроде в natd.conf прописан
вот этот адрес тоже прописан и в rc.firewall и в natd.conf
redirect_port tcp 192.168.1.62:3389 3387
и тоже не работает

[vadim64]

так он вроде в natd.conf прописан

Я понимаю что вы судя по всему специалист очень высокого класса и час вашего времени стоит слишком много, чтобы тратить его на чтение чьих-то там статеек, но всё же скажу вам ещё раз: прочтите статью Настройка IPFW