forum.lissyara.su

Код: Выделить всё

lan_ip="10.10.10.0/28"
net_1="re0" # 192.168.2.2
net_2="em0" # 10.10.0.2
lan="em1" # 10.10.10.1
out_1="192.168.2.2"
out_2="10.10.0.3"
in_1="10.10.10.1"
gw_1="192.168.2.1"
gw_2="10.10.0.1"

nat on $net_1 from $lan_ip to any -> $net_1
nat on $net_2 from $lan_ip to any -> $net_2

pass in quick from ($net_1:network) tagged EXT_IF_A keep state
pass in quick reply-to ($net_1 $gw_1) tagged EXT_IF_A keep state

pass in quick from ($net_2:network) tagged EXT_IF_B keep state
pass in quick reply-to ($net_2 $gw_2) tagged EXT_IF_B keep state

Код: Выделить всё

pass out route-to ($ext_if_1 $gw_1) inet from ($ext_if_1) keep state
pass out route-to ($ext_if_2 $gw_2) inet from ($ext_if_2) keep state

Код: Выделить всё

pass in on $lan route-to ($net_1 $gw_1 ) from $lan_ip to { any, !$in_1 } keep state

Код: Выделить всё

lan_ip="10.10.10.0/28"
net_1="re0" # 192.168.2.2
net_2="em0" # 10.10.0.3
lan="em1" # 10.10.10.1
out_1="192.168.2.2"
out_2="10.10.0.3"
in_1="10.10.10.1"
gw_1="192.168.2.1"
gw_2="10.10.0.1"

nat on $net_1 from $lan_ip to any -> $net_1
nat on $net_2 from $lan_ip to any -> $net_2

pass in quick from ($net_1:network) tagged EXT_IF_A keep state
pass in quick reply-to ($net_1 $gw_1) tagged EXT_IF_A keep state

pass in quick from ($net_2:network) tagged EXT_IF_B keep state
pass in quick reply-to ($net_2 $gw_2) tagged EXT_IF_B keep state

pass in on $lan route-to ($net_1 $gw_1 ) from $lan_ip to { any, !$in_1 } probability 95% synproxy state
pass in on $lan route-to ($net_2 $gw_2 ) from $lan_ip to { any, !$in_1 } probability 5% synproxy state

Код: Выделить всё

pass in on $net_1 from any to 10.10.0.2 tag EXT_IF_B keep state
pass in quick reply-to ($net_1 $gw_1) tagged EXT_IF_B keep state