Код: Выделить всё
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
options IPFIREWALL_NAT #ipfw kernel nat support
options LIBALIAS
Код: Выделить всё
hostname="office.artkitch"
defaultrouter="xxx.xxx.ххх.ххх" #шлюз провайдера
ifconfig_re0="inet xx.xxx.xxx.xxx netmask 255.255.255.0" # внешний ip
ifconfig_vr0="inet 192.168.1.0 netmask 255.255.255.128"
ifconfig_vr1="inet 192.168.1.128 netmask 255.255.255.128"
gateway_enable="YES"
named_enable="YES"
firewall_enable="YES"
firewall_script="/usr/local/etc/firewall.conf"
inetd_enable="YES"
sshd_enable="YES"
sendmail_enable="NONE"
dhcpd_enable="YES"
dhcpd_ifaces="vr0 vr1"
Код: Выделить всё
fw="/sbin/ipfw -q"
${fw} -f flush
${fw} add pass all from any to any via lo0
${fw} add deny all from any to 127.0.0.0/8
${fw} add deny all from 127.0.0.0/8 to any
#Kernel NAT
${fw} nat 50 config ip xxx.xxx.xxx.xxx log #внешний ip
${fw} add nat 50 all from 192.168.1.0/25 to any
${fw} add nat 50 all from 192.168.1.128/25 to any
${fw} add nat 50 all from any to xxx.xxx.xxx.xxx # внешний ip
${fw} add 310 allow ip from 192.168.1.128/25 to 192.168.1.0/25
${fw} add 320 allow ip from 192.168.1.0/25 to 192.168.128/25
Код: Выделить всё
options IPFIREWALL_FORWARD