в инете крутится сервак на нём 2 сетевухи одна в локалку другая в инет, с в локалке всё работает и сервак и инет, в инете тоже всё хорошо -то что ipfw пропускает всё работает, проблема вот какая на другом конце города когда я подключаюсь к прову и делаю маршрутизацию на другой комп в сети то зайти на сервер не могу! как не странно пинги есть и не плохие на шлюзе тоже всё УРА, пробывал в универе тоже самое не пашит но пинг есть, поексперементиревал с ipfw выяснил когда отключаю всё и везде ура! -значит проблема в нём? привожу конфиг "ipfw.conf"
Код: Выделить всё
#!/bin/sh
ipfw -q -f flush
FwCMD="ipfw -q add"
LanOut="ed1"
LanIn="ed0"
IpOut="xxx.xxx.xxx.xxx"
IpIn="192.168.1.254"
NetMask="24"
NetIn="192.168.1.0"
${FwCMD} 00010 check-state
${FwCMD} 00015 allow ip from any to any via lo0
${FwCMD} 00020 deny ip from any to 127.0.0.0/8
${FwCMD} 00025 deny ip from 127.0.0.0/8 to any
${FwCMD} 00040 count ip from any to any in via ${LanOut}
${FwCMD} 00041 count ip from any to any out via ${LanOut}
${FwCMD} 00042 count ip from any to any in via ${LanIn}
${FwCMD} 00043 count ip from any to any out via ${LanIn}
${FwCMD} 00045 allow tcp from any to ${IpOut} \
1,11,15,23,79,81,111,119,540,635 via ${LanOut}
${FwCMD} 00046 allow tcp from any to ${IpOut} \
1080,1524,2000,5742,6667,8080,8085 via ${LanOut}
${FwCMD} 00047 allow udp from any to ${IpOut} \
1,7,9,69,513,635,640,641,700 via ${LanOut}
${FwCMD} 00051 deny ip from any to 10.0.0.0/8 in via ${LanOut}
${FwCMD} 00052 deny ip from any to 172.16.0.0/12 in via ${LanOut}
#${FwCMD} 00053 deny ip from any to 192.168.0.0/16 in via ${LanOut}
${FwCMD} 00054 deny ip from any to 0.0.0.0/8 in via ${LanOut}
${FwCMD} 00055 deny ip from any to 169.254.0.0/16 in via ${LanOut}
${FwCMD} 00056 deny ip from any to 240.0.0.0/4 in via ${LanOut}
${FwCMD} 00057 deny icmp from any to any frag
${FwCMD} 00058 deny log icmp from any to 255.255.255.255 in via ${LanOut}
${FwCMD} 00059 deny log icmp from any to 255.255.255.255 out via ${LanOut}
${FwCMD} 00070 divert natd ip from ${NetIn}/${NetMask} to any out via ${LanOut}
${FwCMD} 00071 divert natd ip from any to ${IpOut} in via ${LanOut}
${FwCMD} 00110 deny ip from 10.0.0.0/8 to any out via ${LanOut}
${FwCMD} 00111 deny ip from 172.16.0.0/12 to any out via ${LanOut}
#${FwCMD} 00112 deny ip from 192.168.0.0/16 to any out via ${LanOut}
${FwCMD} 00113 deny ip from 0.0.0.0/8 to any out via ${LanOut}
${FwCMD} 00114 deny ip from 169.254.0.0/16 to any out via ${LanOut}
${FwCMD} 00115 deny ip from 224.0.0.0/4 to any out via ${LanOut}
${FwCMD} 00116 deny ip from 240.0.0.0/4 to any out via ${LanOut}
${FwCMD} 00120 allow tcp from any to any established
${FwCMD} 00121 allow ip from ${IpOut} to any out xmit ${LanOut}
${FwCMD} 00150 allow udp from any 53 to any via ${LanOut}
#${FwCMD} 00151 allow udp from any to any 53 via ${LanOut}
#${FwCMD} add allow udp from any to any 123 via ${LanOut}
${FwCMD} 00152 allow tcp from any to ${IpOut} 21 via ${LanOut}
${FwCMD} 00160 allow icmp from any to any icmptypes 0,8,11
${FwCMD} 00200 allow tcp from any to ${IpOut} 80 via ${LanOut}
#${FwCMD} 00210 allow tcp from any to ${IpOut} 25 via ${LanOut}
${FwCMD} 00220 allow tcp from any to ${IpOut} 22 via ${LanOut}
#${FwCMD} 00230 allow tcp from any to ${IpOut} 143 via ${LanOut}
#${FwCMD} 00240 allow tcp from any to ${IpOut} 110 via ${LanOut}
#${FwCMD} 00300 allow ip from any to any via ${LanIn}
${FwCMD} 00310 allow gre from any to any via ${LanIn}
${FwCMD} 00320 allow tcp from any to any via ${LanIn}
${FwCMD} 00340 allow udp from any to any via ${LanIn}
${FwCMD} 00350 allow icmp from any to any via ${LanIn}
${FwCMD} 00999 deny ip from any to any