ng0 = инет l2tp через re0
em0 = внутрянка
re0 = сеть провайдера
pf.conf
Код: Выделить всё
wan_ip=......
lan_ip=192.168.10.1
scrub in all
rdr on ng0 inet proto tcp from any to $wan_ip port 2222 -> 127.0.0.1 port 22 # SSH ADDITIONAL PORT
rdr inet proto tcp from any to $wan_ip port 81 -> 127.0.0.1 port 14534 # TS OR MUMBLE
rdr on ng0 inet proto udp from any to $wan_ip port { 5060 10000:20000 } -> 192.168.10.26 # VOIP LINKSYS
rdr inet proto tcp from any to $wan_ip port 80 -> $wan_ip port 8080 # HTTP
rdr on em0 inet proto tcp from any to $lan_ip port 80 -> $lan_ip port 8080 # HTTP
rdr inet proto tcp from any to 10.165.96.106 port 80 -> 10.165.96.106 port 8080 # HTTP
#rdr inet proto { tcp udp } from any to 10.165.96.106 port 2121 -> 192.168.10.21 # DC++
nat on ng0 from 192.168.10.26 to any -> $wan_ip static-port
nat on ng0 from 192.168.10.0/24 to any -> $wan_ip static-port
nat on re0 from 192.168.10.0/24 to any -> re0 static-port
rdr-anchor "miniupnpd"
table <homeusers> { 192.168.10.21, 192.168.10.22, 192.168.10.23, 192.168.10.24 192.168.10.25 192.168.10.26 }
block all
block in log on ng0 all
block in log on re0 all
set skip on lo0
anchor "miniupnpd"
pass in on ng0 inet proto tcp from any to 127.0.0.1 port 14534 # TEAMSPEAK
pass in on ng0 inet proto udp from any to $wan_ip port 8767 # TEAMSPEAK
pass in on em0 inet proto udp from any to $lan_ip port 8767 # TEAMSPEAK
pass in on ng0 inet proto { tcp, udp } from any to $wan_ip port 53 # DNS
pass in on em0 inet proto tcp from any to $lan_ip port 22 # SSH
pass in on ng0 inet proto tcp from any to $wan_ip port 22 # SSH
pass in on ng0 inet proto tcp from any to 127.0.0.1 port 22 # SSH
pass in on ng0 inet proto icmp from any to $wan_ip icmp-type echoreq # ICMP
pass in on ng0 inet proto { tcp, udp } from any to $wan_ip port 6890 # TORRENT
pass in on ng0 inet proto { tcp, udp } from any to $wan_ip port 6881 # DHT TORRENT
pass in on re0 inet proto tcp from any to 10.165.96.106 port { 8080 80 } # APACHE
pass in on ng0 inet proto tcp from any to $wan_ip port { 8080 80 } # APACHE
pass in on em0 inet from <homeusers> to any
pass in on ng0 inet from any to { $wan_ip <homeusers> }
pass out on ng0 inet from { $wan_ip <homeusers> } to any
pass out on em0 inet from { $lan_ip <homeusers> } to any
pass out on re0 inet from { re0 <homeusers> } to any
pass in on ng0 inet proto udp from any to 192.168.10.26 port { 5060 10000:20000 }
pass out on em0 inet proto udp from any to 192.168.10.26 port { 5060 10000:20000 }
Код: Выделить всё
ext_ifname=ng0
listening_ip=192.168.10.1
port=5555
secure_mode=yes
#minissdpdsocket=/var/run/minissdpd.sock
# enable NAT-PMP support (default is no)
enable_natpmp=no
enable_upnp=yes
# lease file location
#lease_file=/var/log/upnp.leases
# bitrates reported by daemon in bits per second
bitrate_up=131072
bitrate_down=524288
# "secure" mode : when enabled, UPnP client are allowed to add mappings only
# to their IP. (default is yes)
#secure_mode=yes
# default presentation url is http address on port 80
#presentation_url=
# report system uptime instead of daemon uptime
system_uptime=yes
# unused rules cleaning.
# never remove any rule before this threshold for the number
# of redirections is exceeded. default to 20
#clean_ruleset_threshold=10
# clean process work interval in seconds. default to 0 (disabled).
# a 600 seconds (10 minutes) interval makes sense
clean_ruleset_interval=600
# notify interval in seconds default is 30 seconds.
#notify_interval=240
# log packets in pf
#packet_log=no
# ALTQ queue in pf
# filter rules must be used for this to be used.
# compile with PF_ENABLE_FILTER_RULES (see config.h file)
#queue=queue_name1
# uuid : generated by the install a new one can be created with
# uuidgen
uuid=a62977c7-bd6e-11e0-a4f0-001cc0c39109
# UPnP permission rules
# (allow|deny) (external port range) ip/mask (internal port range)
# A port range is <min port>-<max port> or <port> if there is only
# one port in the range.
# ip/mask format must be nn.nn.nn.nn/nn
allow 1024-65535 192.168.10.25 1024-65535
allow 1024-65535 192.168.10.21 1024-65535
deny 0-65535 0.0.0.0/0 0-65535
Код: Выделить всё
rdr pass quick on ng0 inet proto udp from any to any port = 64238 keep state label "Teredo" rtable 0 -> 192.168.10.21 port 64238
rdr pass quick on ng0 inet proto udp from any to any port = 51422 keep state label "Teredo" rtable 0 -> 192.168.10.21 port 51422
rdr pass quick on ng0 inet proto tcp from any to any port = 3030 keep state label "EiskaltDC++ 3030 (TCP)" rtable 0 -> 192.168.10.21 port 3030
rdr pass quick on ng0 inet proto udp from any to any port = 3658 keep state label "192.168.10.25:3658 to 3658 (UDP)" rtable 0 -> 192.168.10.25 port 3658
rdr pass quick on ng0 inet proto udp from any to any port = 3659 keep state label "EA Tunnel" rtable 0 -> 192.168.10.25 port 3659
rdr pass quick on ng0 inet proto udp from any to any port = 53098 keep state label "Teredo" rtable 0 -> 192.168.10.21 port 53098
rdr pass quick on ng0 inet proto tcp from any to any port = 9999 keep state label "FlylinkDC++ Transfer Port (9999 TCP)" rtable 0 -> 192.168.10.21 port 9999
rdr pass quick on ng0 inet proto udp from any to any port = 9998 keep state label "FlylinkDC++ Search Port (9998 UDP)" rtable 0 -> 192.168.10.21 port 9998
Код: Выделить всё
пусто