forum.lissyara.su

Код: Выделить всё

#!/bin/sh

fwcmd="/sbin/ipfw -q"

ext_if="em0"
int_if="vr0"

local_lan="192.168.1.0/24"
extnet_ip="1.2.3.4"

${fwcmd} -f flush

${fwcmd} nat 1 config log if ${ext_if} reset same_ports deny_in redirect_port tcp 192.168.1.100:4899 ${extnet_ip}:7573
${fwcmd} add nat 1 tcp from 2.2.2.2 to ${extnet_ip} 7573 via ${ext_if}
${fwcmd} add nat 1 tcp from 192.168.1.100 4899 to any via ${ext_if}

${fwcmd} nat 2 config log if ${ext_if} reset same_ports deny_in redirect_port tcp 192.168.1.100:3389${extnet_ip}:7574
${fwcmd} add nat 2 tcp from 3.3.3.3 to ${extnet_ip} 7574 via ${ext_if}
${fwcmd} add nat 2 tcp from 192.168.1.100 3389 to any via ${ext_if}

${fwcmd} add nat 3 tcp from ${local_lan} to any 80 out via $ext_if

${fwcmd} add pass ip from any to any via lo0
${fwcmd} add deny ip from any to 127.0.0.0/8
${fwcmd} add deny ip from 127.0.0.0/8 to any

${fwcmd} add pass tcp from any to me 22 in setup keep-state

${fwcmd} add 65534 deny log logamount 0 all from any to any