Это правило срабатывать не будет, т.к. не выполняется условие via $ext_if.
Если убрать это условие, то пакеты доходят до нужного сервера, но ничего не работает. Для примера, комп с которого я пытаюсь зайти на страничку компании 10.0.1.100. Адрес странички
, которая должна по правилам проброса портов преобразовываться в 10.0.0.143. Если добавить правило:
Код: Выделить всё
#tcpdump -i em0 'tcp port 443' | grep 10.0.1.100
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:14:15.472536 IP 10.0.1.100.57173 > 10.0.0.143.https: Flags [S], seq 3733476007, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
12:14:15.472562 IP 10.0.0.143.https > 10.0.1.100.57173: Flags [S.], seq 2021188711, ack 3733476008, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:15.472726 IP 10.0.1.100.57174 > 10.0.0.143.https: Flags [S], seq 1031767560, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
12:14:15.472737 IP 10.0.0.143.https > 10.0.1.100.57174: Flags [S.], seq 127519211, ack 1031767561, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:18.467745 IP 10.0.0.143.https > 10.0.1.100.57173: Flags [S.], seq 2021188711, ack 3733476008, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:18.467751 IP 10.0.0.143.https > 10.0.1.100.57174: Flags [S.], seq 127519211, ack 1031767561, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:18.476979 IP 10.0.1.100.57173 > 10.0.0.143.https: Flags [S], seq 3733476007, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
12:14:18.476996 IP 10.0.0.143.https > 10.0.1.100.57173: Flags [S.], seq 2021188711, ack 3733476008, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:18.477001 IP 10.0.1.100.57174 > 10.0.0.143.https: Flags [S], seq 1031767560, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
12:14:18.477008 IP 10.0.0.143.https > 10.0.1.100.57174: Flags [S.], seq 127519211, ack 1031767561, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:21.467791 IP 10.0.0.143.https > 10.0.1.100.57173: Flags [S.], seq 2021188711, ack 3733476008, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:21.467797 IP 10.0.0.143.https > 10.0.1.100.57174: Flags [S.], seq 127519211, ack 1031767561, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:24.477096 IP 10.0.1.100.57173 > 10.0.0.143.https: Flags [S], seq 3733476007, win 8192, options [mss 1460,nop,nop,sackOK], length 0
12:14:24.477118 IP 10.0.0.143.https > 10.0.1.100.57173: Flags [S.], seq 2021188711, ack 3733476008, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:24.477121 IP 10.0.1.100.57174 > 10.0.0.143.https: Flags [S], seq 1031767560, win 8192, options [mss 1460,nop,nop,sackOK], length 0
12:14:24.477125 IP 10.0.0.143.https > 10.0.1.100.57174: Flags [S.], seq 127519211, ack 1031767561, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:27.467741 IP 10.0.0.143.https > 10.0.1.100.57173: Flags [S.], seq 2021188711, ack 3733476008, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:27.467746 IP 10.0.0.143.https > 10.0.1.100.57174: Flags [S.], seq 127519211, ack 1031767561, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:33.467761 IP 10.0.0.143.https > 10.0.1.100.57173: Flags [S.], seq 2021188711, ack 3733476008, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:33.467767 IP 10.0.0.143.https > 10.0.1.100.57174: Flags [S.], seq 127519211, ack 1031767561, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:36.472849 IP 10.0.1.100.57180 > 10.0.0.143.https: Flags [S], seq 1120379206, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
12:14:36.472875 IP 10.0.0.143.https > 10.0.1.100.57180: Flags [S.], seq 3304254948, ack 1120379207, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:36.472900 IP 10.0.1.100.57181 > 10.0.0.143.https: Flags [S], seq 627968612, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
12:14:36.472907 IP 10.0.0.143.https > 10.0.1.100.57181: Flags [S.], seq 3027749728, ack 627968613, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:39.467760 IP 10.0.0.143.https > 10.0.1.100.57180: Flags [S.], seq 3304254948, ack 1120379207, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:39.467770 IP 10.0.0.143.https > 10.0.1.100.57181: Flags [S.], seq 3027749728, ack 627968613, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:39.474957 IP 10.0.1.100.57180 > 10.0.0.143.https: Flags [S], seq 1120379206, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
12:14:39.474972 IP 10.0.0.143.https > 10.0.1.100.57180: Flags [S.], seq 3304254948, ack 1120379207, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:39.474976 IP 10.0.1.100.57181 > 10.0.0.143.https: Flags [S], seq 627968612, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
12:14:39.474981 IP 10.0.0.143.https > 10.0.1.100.57181: Flags [S.], seq 3027749728, ack 627968613, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:42.467750 IP 10.0.0.143.https > 10.0.1.100.57180: Flags [S.], seq 3304254948, ack 1120379207, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:42.467756 IP 10.0.0.143.https > 10.0.1.100.57181: Flags [S.], seq 3027749728, ack 627968613, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:42.962598 IP 10.0.1.100.57185 > 10.0.0.143.https: Flags [S], seq 4065520194, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
12:14:42.962621 IP 10.0.0.143.https > 10.0.1.100.57185: Flags [S.], seq 1609760230, ack 4065520195, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:42.963652 IP 10.0.1.100.57185 > 10.0.0.143.https: Flags [.], ack 1, win 16425, length 0
12:14:42.964112 IP 10.0.1.100.57185 > 10.0.0.143.https: Flags [P.], seq 1:187, ack 1, win 16425, length 186
12:14:42.964465 IP 10.0.0.143.https > 10.0.1.100.57185: Flags [P.], seq 1:146, ack 187, win 1026, length 145
12:14:42.966083 IP 10.0.1.100.57185 > 10.0.0.143.https: Flags [P.], seq 187:1360, ack 146, win 16388, length 1173
12:14:42.991443 IP 10.0.0.143.https > 10.0.1.100.57185: Flags [P.], seq 146:950, ack 1360, win 1026, length 804
12:14:43.190067 IP 10.0.1.100.57185 > 10.0.0.143.https: Flags [.], ack 950, win 16187, length 0
12:14:45.467765 IP 10.0.0.143.https > 10.0.1.100.57174: Flags [S.], seq 127519211, ack 1031767561, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:45.467770 IP 10.0.0.143.https > 10.0.1.100.57173: Flags [S.], seq 2021188711, ack 3733476008, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:45.470074 IP 10.0.1.100.57180 > 10.0.0.143.https: Flags [S], seq 1120379206, win 8192, options [mss 1460,nop,nop,sackOK], length 0
12:14:45.470087 IP 10.0.0.143.https > 10.0.1.100.57180: Flags [S.], seq 3304254948, ack 1120379207, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:45.470090 IP 10.0.1.100.57181 > 10.0.0.143.https: Flags [S], seq 627968612, win 8192, options [mss 1460,nop,nop,sackOK], length 0
12:14:45.470094 IP 10.0.0.143.https > 10.0.1.100.57181: Flags [S.], seq 3027749728, ack 627968613, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:47.997850 IP 10.0.0.143.https > 10.0.1.100.57185: Flags [P.], seq 950:987, ack 1360, win 1026, length 37
12:14:47.997881 IP 10.0.0.143.https > 10.0.1.100.57185: Flags [F.], seq 987, ack 1360, win 1026, length 0
12:14:47.998377 IP 10.0.1.100.57185 > 10.0.0.143.https: Flags [.], ack 988, win 16178, length 0
12:14:47.998571 IP 10.0.1.100.57185 > 10.0.0.143.https: Flags [F.], seq 1360, ack 988, win 16178, length 0
12:14:47.998601 IP 10.0.0.143.https > 10.0.1.100.57185: Flags [.], ack 1361, win 1026, length 0
12:14:48.467774 IP 10.0.0.143.https > 10.0.1.100.57180: Flags [S.], seq 3304254948, ack 1120379207, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:48.467783 IP 10.0.0.143.https > 10.0.1.100.57181: Flags [S.], seq 3027749728, ack 627968613, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:54.467771 IP 10.0.0.143.https > 10.0.1.100.57180: Flags [S.], seq 3304254948, ack 1120379207, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:14:54.467781 IP 10.0.0.143.https > 10.0.1.100.57181: Flags [S.], seq 3027749728, ack 627968613, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:15:06.467776 IP 10.0.0.143.https > 10.0.1.100.57180: Flags [S.], seq 3304254948, ack 1120379207, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
12:15:06.467781 IP 10.0.0.143.https > 10.0.1.100.57181: Flags [S.], seq 3027749728, ack 627968613, win 65535, options [mss 1460,nop,wscale 6,sackOK,eol], length 0
Т.е. компы даже пытаються общаться, но в браузере ничего не открывается.