привожу конфиг ipfw.conf
Код: Выделить всё
#!/bin/sh
ipfw -q -f flush
FwCMD="ipfw -q add"
LanOut="ed0"
LanIn="rl0"
IpOut="х.х.х.х"
IpIn="192.168.10.1"
NetMask="24"
NetIn="192.168.10.0"
#${FwCMD} 00010 check-state
${FwCMD} 00015 allow ip from any to any via lo0
${FwCMD} 00020 deny ip from any to 127.0.0.0/8
${FwCMD} 00025 deny ip from 127.0.0.0/8 to any
# mrtg.
${FwCMD} 00040 count ip from any to any in via ${LanOut}
${FwCMD} 00041 count ip from any to any out via ${LanOut}
${FwCMD} 00042 count ip from any to any in via ${LanIn}
${FwCMD} 00043 count ip from any to any out via ${LanIn}
# portsentry
${FwCMD} 00045 allow tcp from any to ${IpOut} \
1,11,15,23,79,81,111,119,540,635 via ${LanOut}
${FwCMD} 00046 allow tcp from any to ${IpOut} \
1080,1524,2000,5742,6667,8080,8085 via ${LanOut}
${FwCMD} 00047 allow udp from any to ${IpOut} \
1,7,9,69,513,635,640,641,700 via ${LanOut}
# ICMP
${FwCMD} 00050 deny icmp from any to any frag
#${FwCMD} 00051 allow icmp from any to any icmptype 0,8,11
#${FwCMD} 00052 allow icmp from any to any via ${LanOut}
${FwCMD} 00061 deny ip from any to 10.0.0.0/8 in via ${LanOut}
${FwCMD} 00062 deny ip from any to 172.16.0.0/12 in via ${LanOut}
${FwCMD} 00063 deny ip from any to 192.168.0.0/16 in via ${LanOut}
${FwCMD} 00064 deny ip from any to 0.0.0.0/8 in via ${LanOut}
${FwCMD} 00065 deny ip from any to 169.254.0.0/16 in via ${LanOut}
${FwCMD} 00066 deny ip from any to 240.0.0.0/4 in via ${LanOut}
${FwCMD} 00068 deny log icmp from any to 255.255.255.255 in via ${LanOut}
${FwCMD} 00069 deny log icmp from any to 255.255.255.255 out via ${LanOut}
# NAT.
${FwCMD} 00070 divert natd all from any to any via ${LanOut}
${FwCMD} 00070 divert natd ip from ${NetIn}/${NetMask} to any out via ${LanOut}
${FwCMD} 00071 divert natd ip from any to ${IpOut} in via ${LanOut}
${FwCMD} 00110 deny ip from 10.0.0.0/8 to any out via ${LanOut}
${FwCMD} 00111 deny ip from 172.16.0.0/12 to any out via ${LanOut}
${FwCMD} 00112 deny ip from 192.168.0.0/16 to any out via ${LanOut}
${FwCMD} 00113 deny ip from 0.0.0.0/8 to any out via ${LanOut}
${FwCMD} 00114 deny ip from 169.254.0.0/16 to any out via ${LanOut}
${FwCMD} 00115 deny ip from 224.0.0.0/4 to any out via ${LanOut}
${FwCMD} 00116 deny ip from 240.0.0.0/4 to any out via ${LanOut}
${FwCMD} 00120 allow tcp from any to any established
${FwCMD} 00121 allow ip from ${IpOut} to any out xmit ${LanOut}
# dns.
${FwCMD} 00300 allow udp from any to any 53 via ${LanOut}
${FwCMD} 00310 allow udp from any 53 to any via ${LanOut}
# ftp.
${FwCMD} 00320 allow tcp from any to any 20 via ${LanOut}
${FwCMD} 00330 allow tcp from any 20 to any via ${LanOut}
${FwCMD} 00340 allow tcp from any to any 21 via ${LanOut}
${FwCMD} 00350 allow tcp from any 21 to any via ${LanOut}
# smtp.
#${FwCMD} 00360 allow tcp from any to any 25 via ${LanOut}
#${FwCMD} 00370 allow tcp from any 25 to any via ${LanOut}
# ssh.
${FwCMD} 00380 allow tcp from any to any 32 via ${LanOut}
${FwCMD} 00390 allow tcp from any 32 to any via ${LanOut}
# http https.
${FwCMD} 00400 allow tcp from any to any 80,443 via ${LanOut}
${FwCMD} 00410 allow tcp from any 80,443 to any via ${LanOut}
# pop3.
#${FwCMD} 00420 allow tcp from any to any 110 via ${LanOut}
#${FwCMD} 00430 allow tcp from any 110 to any via ${LanOut}
${FwCMD} 00510 allow gre from any to any via ${LanIn}
${FwCMD} 00520 allow tcp from any to any via ${LanIn}
${FwCMD} 00540 allow udp from any to any via ${LanIn}
${FwCMD} 00550 allow icmp from any to any via ${LanIn}
${FwCMD} 00999 deny ip from any to any
в чём проблема? правила неправельные или сам фтп глючный? я нехочу устанавливать дополнительные чтото типа vsftp или proftp что посоветуете???
если есть ещё какие то ошибки в правилах то поправте....
