в конфиге нетамса:
Код: Выделить всё
service data-source 1
type ip-traffic
source divert 199
layer7-detect urls
Код: Выделить всё
#!/bin/sh -
fwcmd="/sbin/ipfw -q"
##############
oif="rl1"
oip="88.88.88.88"
##############
iif="rl0"
iip="192.168.1.5"
##############
Mylan="192.168.1.0/24"
Iplan="192.168.1"
##############
${fwcmd} flush -f
${fwcmd} add allow ip from ${Mylan} to ${Mylan} via ${iif}
${fwcmd} add divert 199 ip from ${Mylan} to any out via ${oif}
${fwcmd} add divert natd ip from ${Mylan} to any out via ${oif}
${fwcmd} add divert natd ip from any to ${oip} in via ${oif}
${fwcmd} add divert 199 ip from any to ${Mylan} in via ${oif}
${fwcmd} add allow ip from ${oip} to any out via ${oif}
${fwcmd} add allow ip from any to ${oip} in via ${oif}
${fwcmd} add allow tcp from any to 192.168.1.3 80 via ${oif}
${fwcmd} add allow ip from ${Mylan} to any in via ${iif}
${fwcmd} add allow ip from ${Mylan} to any out via ${oif}
${fwcmd} add allow ip from any to ${Mylan} in via ${oif}
${fwcmd} add allow ip from any to ${Mylan} out via ${iif}
${fwcmd} add allow udp from any to any 1194
${fwcmd} add allow ip from any to any
Код: Выделить всё
${fwcmd} add divert 199 tcp from ${Mylan} to any 3128 out via ${iif}
${fwcmd} add divert 199 tcp from any 3128 to ${Mylan} in via ${iif}
${fwcmd} add divert 199 ip from ${Mylan} to any out via ${oif}
${fwcmd} add divert natd ip from ${Mylan} to any out via ${oif}
${fwcmd} add divert natd ip from any to ${oip} in via ${oif}
${fwcmd} add divert 199 ip from any to ${Mylan} in via ${oif}
Код: Выделить всё
ussur# ipfw show
00100 54736 35822384 allow ip from 192.168.1.0/24 to 192.168.1.0/24 via rl0
00200 0 0 divert 199 tcp from 192.168.1.0/24 to any dst-port 3128 out via rl0
00300 0 0 divert 199 tcp from any 3128 to 192.168.1.0/24 in via rl0
00400 21757 1476235 divert 199 ip from 192.168.1.0/24 to any out via rl1
00500 21757 1476235 divert 8668 ip from 192.168.1.0/24 to any out via rl1
00600 66120 46942864 divert 8668 ip from any to 88.88.88.88 in via rl1
00700 39154 16426724 divert 199 ip from any to 192.168.1.0/24 in via rl1
00800 43330 4737717 allow ip from 88.88.88.88 to any out via rl1
00900 26966 30516140 allow ip from any to 88.88.88.88 in via rl1
01000 0 0 allow tcp from any to 192.168.1.3 dst-port 80 via rl1
01100 21762 1477773 allow ip from 192.168.1.0/24 to any in via rl0
01200 0 0 allow ip from 192.168.1.0/24 to any out via rl1
01300 39154 16426724 allow ip from any to 192.168.1.0/24 in via rl1
01400 39154 16426724 allow ip from any to 192.168.1.0/24 out via rl0
01500 0 0 allow udp from any to any dst-port 1194
01600 2 678 allow ip from any to any
65535 0 0 deny ip from any to any
00200 0 0 divert 199 tcp from 192.168.1.0/24 to any dst-port 3128 out via rl0 (ставил и rl1)
00300 0 0 divert 199 tcp from any 3128 to 192.168.1.0/24 in via (ставил и rl1)
пакеты не считаются!!!
Подскажите пожалуйста, как должны выглядеть правила!!! ????
