Код: Выделить всё
#!/bin/sh
FwCMD="/sbin/ipfw"
LanOut="alc0"
LanIn="em0"
IpOut="zzz.zzz.zzz.132"
NetOut="zzz.zzz.zzz.128"
NetOutMask="29"
IpIn="192.168.0.1"
NetIn="192.168.0.0"
NetInMask="16"
${FwCMD} -f flush
${FwCMD} add 00010 check-state
${FwCMD} add 00110 allow log logamount 100 ip from any to any via lo0
#${FwCMD} add 00111 deny log logamount 100 ip from any to 127.0.0.0/8
#${FwCMD} add 00112 deny log logamount 100 ip from 127.0.0.0/8 to any
${FwCMD} add 00120 allow log logamount 100 ip from any to any via ${LanIn}
${FwCMD} add 00130 allow log logamount 100 tcp from any to any established
${FwCMD} add 00131 allow log logamount 100 ip from ${IpOut} to any via ${LanOut} keep-state
${FwCMD} add 00303 allow log logamount 100 tcp from ${NetOut}/${NetOutMask} to ${IpOut} 5900 via ${LanOut}
${FwCMD} nat 1 config ip ${IpOut} log reset same_ports deny_in
${FwCMD} add 00500 nat 1 log logamount 100 ip from any to ${IpOut} via ${LanOut}
${FwCMD} add 00501 nat 1 log logamount 100 ip from 192.168.0.5/32 to any via ${LanOut}
${FwCMD} add 65534 deny log logamount 100 ip from any to any
Код: Выделить всё
Dec 27 15:28:10 hostel kernel: ipfw: 120 Accept TCP 192.168.0.5:1103 93.158.134.203:80 in via em0
Dec 27 15:28:10 hostel kernel: ipfw: 501 Nat TCP 192.168.0.5:1103 93.158.134.203:80 out via alc0
Dec 27 15:28:13 hostel kernel: ipfw: 120 Accept TCP 192.168.0.5:1103 93.158.134.203:80 in via em0
Dec 27 15:28:13 hostel kernel: ipfw: 501 Nat TCP 192.168.0.5:1103 93.158.134.203:80 out via alc0