Ситуация следующая: настроенный шлюз: squid+ipfw+natd! Ядро пересобрал:
Код: Выделить всё
IPFIREWALL
IPFIREWALL_VERBOSE
IPFIREWALL_VERBOSE_LIMIT=100
IPFIREWALL_FORWARD
IPDIVERT
Код: Выделить всё
Firewall:
#!/bin/sh
FwCMD="/sbin/ipfw"
LanOut="fxp0"
LanIn="vr0"
IpOut="192.168.20.7"
IpIn="10.48.245.253"
NetMask="24"
NetIn="10.0.0.0"
${FwCMD} -f flush
${FwCMD} add check-state
${FwCMD} add allow ip from any to any via lo0
${FwCMD} add deny ip from any to 127.0.0.0/8
${FwCMD} add deny ip from 127.0.0.0/8 to any
${FwCMD} add deny icmp from any to any frag
${FwCMD} add deny log icmp from any to 255.255.255.255 in via ${LanOut}
${FwCMD} add deny log icmp from any to 255.255.255.255 out via ${LanOut}
${FwCMD} add fwd 127.0.0.1,3128 tcp from ${NetIn}/${NetMask} to any 80,443 via ${LanOut}
${FwCMD} add divert natd ip from ${NetIn}/${NetMask} to any out via ${LanOut}
${FwCMD} add divert natd ip from any to ${IpOut} in via ${LanOut}
${FwCMD} add allow tcp from any to any established
${FwCMD} add allow ip from ${IpOut} to any out xmit ${LanOut}
${FwCMD} add allow udp from any 53 to any via ${LanOut}
${FwCMD} add allow udp from any to any 53 via ${LanOut}
${FwCMD} add allow udp from any to any 123 via ${LanOut}
${FwCMD} add allow ip from any to any via ${LanIn}
${FwCMD} add deny ip from any to any
Код: Выделить всё
rc.conf:
defaultrouter="192.168.20.1"
gateway_enable="YES"
hostname="proxy.od.ua"
route add 10.48.234.0 10.48.245.1 255.255.255.0
ifconfig_re0="inet 192.168.20.7 netmask 255.255.255.0"
ifconfig_vr0="inet 10.48.245.253 netmask 255.255.255.0"
firewall_enable="YES"
#firewall_type="open"
firewall_script="/etc/proxy_firewall"
firewall_logging="YES"
natd_enable="YES"
natd_interface="re0"
squid_enable="YES"
keymap="ru.koi8-r"
sshd_enable="YES"
named_enable="YES"
clear_tmp_enable="YES"
sendmail_enable="NONE"
Инет,корпоративная почта ходит все ок и только через fwd 127.0.0.1:3128(инет) !
Проблема в том что на mail.ru и yandex не прикрепляются вложения ! Если fwd закоментить все идет в обход squid и все ОК!
Код: Выделить всё
squid:
http_port 127.0.0.1:3128
acl vasya pupkin src 111.111.111.111/.............
http_access allow vasya pupkin
HELP!!!!!!!!!! Thanks a lot !