squid30 stale21 , http_port 127.0.0.1:3128 transparent
все заворачиваться через ipnat.
Проблема в том что с vr0 все работает а rl0 неработает. менял сетевуху, непомогло.
на rl0 инет есть , там skype .. , играть в игры можно итд. 80 порта нету
Подскажите , вчем может быть дело.
ipnat
Код: Выделить всё
rdr vr0 0.0.0.0/0 port 80 -> 127.0.0.1 port 3128 tcp
rdr rl0 0.0.0.0/0 port 80 -> 127.0.0.1 port 3128 tcp
map tun0 192.168.1.0/24 -> x.x.x.x/32 portmap tcp/udp auto
Код: Выделить всё
vr0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:50:ba:00:7c:be
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:e0:43:0d:00:c4
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 32:87:5d:ee:32:f0
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: rl0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 4 priority 128 path cost 55
member: vr0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 2 priority 128 path cost 200000
Код: Выделить всё
net.link.bridge.ipfw: 0
net.link.bridge.log_stp: 0
net.link.bridge.pfil_local_phys: 0
net.link.bridge.pfil_member: 1
net.link.bridge.pfil_bridge: 1
net.link.bridge.ipfw_arp: 0
net.link.bridge.pfil_onlyip: 1
Код: Выделить всё
00010 0 0 check-state
00200 1060 115838 allow ip from any to any via lo0
00210 0 0 deny ip from any to 127.0.0.0/8
00220 27 1296 deny ip from 127.0.0.0/8 to any
00400 0 0 deny ip from any to 192.168.0.0/16 in via tun0
00410 0 0 deny ip from any to 224.0.0.0/4 in via tun0
00420 0 0 deny ip from any to 240.0.0.0/4 in via tun0
00430 0 0 deny ip from any to 0.0.0.0/8 in via tun0
00600 36 1872 deny ip from 192.168.0.0/16 to any out via tun0
00610 0 0 deny ip from 224.0.0.0/4 to any out via tun0
00620 0 0 deny ip from 240.0.0.0/4 to any out via tun0
00630 0 0 deny ip from 0.0.0.0/8 to any out via tun0
00660 0 0 deny icmp from any to 255.255.255.255 via tun0
00670 0 0 deny icmp from any to any frag
00700 12941 1499487 allow ip from any to 192.168.1.0/24 iplen 0-500 src-port 80
00710 22561 1439857 allow ip from any to 192.168.1.0/24 tcpflags ack iplen 0-128
00720 257321 365423743 pipe 1 ip from not 192.168.1.0/24 to 192.168.1.0/24 out
00730 205162 17489481 pipe 2 ip from 192.168.1.0/24 to not me in
01020 44 2304 allow icmp from any to any icmptypes 0,8,11
02000 940712 752106128 allow tcp from any to any established
02100 2719 397128 allow tcp from 192.168.1.15 to any dst-port 22 in via vr0 setup keep-state
02200 6267 878227 allow ip from any to any via vr0
02300 397 60299 allow ip from any to any via rl0
02400 128 13222 allow ip from 192.168.1.0/24 to 192.168.1.0/24 via bridge0
03300 17134 1641178 allow ip from any to any via tun0
65535 32 2310 deny ip from any to any
