forum.lissyara.su

Код: Выделить всё

add 4000 divert natd ip from any to any via nfe0
add fwd 127.0.0.1,3128 tcp from any to any 80 via ue0
add 65500 allow ip from any to any

Код: Выделить всё

oot@FreeBSD:/ # cat /etc/ipfw.rules
ipfw -q -f flush

LanOut="re1"
LanIn="re2"
IpOut="192.168.0.210"
IpIn="192.168.20.210"
cmd="ipfw -q add"
ks="keep-state"
skip="skipto 800"


$cmd 005 allow all from any to any via $LanIn
$cmd 006 allow all from any to any via lo0
$cmd 007 pass tcp from any to 192.168.20.52 8181 in recv $LanOut
$cmd 010 allow tcp from me to any out via $LanOut keep-state uid squid
$cmd 011 fwd 127.0.0.1,3129 tcp from 192.168.20.0/24 to any 1-65535 out via $LanOut
$cmd 012 divert natd ip from any to any in via $LanOut
$cmd 013 check-state

###################################################
#####FOR OUTBOUND TRAFFIC ON OUTSIDE INTERFACE#####
###################################################
$cmd 016 allow all from any to 192.168.0.100 out via $LanOut
$cmd 017 allow all from any to 192.168.0.100 in via $LanOut
$cmd 018 allow all from 192.168.0.100 to any out via $LanOut
$cmd 019 allow all from 192.168.0.100 to any in via $LanOut

$cmd 020 $skip tcp from any to 217.29.116.1 53 out via $LanOut setup $ks
$cmd 021 $skip tcp from any to 217.29.116.2 53 out via $LanOut setup $ks
$cmd 040 $skip tcp from any to any 80 out via $LanOut setup $ks
$cmd 050 $skip tcp from any to any 443 out via $LanOut setup $ks
$cmd 060 $skip tcp from any to any 25 out via $LanOut setup $ks
$cmd 061 $skip tcp from any to any 110 out via $LanOut setup $ks
$cmd 070 $skip tcp from me to any out via $LanOut setup $ks uid root
$cmd 080 $skip icmp from any to any out via $LanOut $ks
$cmd 090 $skip tcp from any to any 37 out via $LanOut setup $ks
$cmd 100 $skip tcp from any to any 119 out via $LanOut setup $ks
$cmd 110 $skip tcp from any to any 22 out via $LanOut setup $ks
$cmd 120 $skip tcp from any to any 43 out via $LanOut setup $ks
$cmd 130 $skip udp from any to any 123 out via $LanOut $ks


###################################################
#####FOR INCOMING TRAFFIC ON OUTSIDE INTERFACE#####
###################################################

$cmd 301 deny all from 172.16.0.0/12 to any in via $LanOut
$cmd 302 deny all from 10.0.0.0/8 to any in via $LanOut
$cmd 303 deny all from 127.0.0.0/8 to any in via $LanOut
$cmd 304 deny all from 0.0.0.0/8 to any in via $LanOut
$cmd 305 deny all from 169.254.0.0/16 to any in via $LanOut
$cmd 306 deny all from 192.0.2.0/24 to any in via $LanOut
$cmd 307 deny all from 204.152.64.0/23 to any in via $LanOut
$cmd 308 deny all from 224.0.0.0/3 to any in via $LanOut
$cmd 309 deny all from any to any 445 in via $LanOut
$cmd 315 deny tcp from any to any 113 in via $LanOut
$cmd 320 deny tcp from any to any 137 in via $LanOut
$cmd 321 deny tcp from any to any 138 in via $LanOut
$cmd 322 deny tcp from any to any 139 in via $LanOut
$cmd 323 deny tcp from any to any 81 in via $LanOut
$cmd 330 deny all from any to any frag in via $LanOut
$cmd 370 allow tcp from any to me 80 in via $LanOut setup limit src-addr 2
$cmd 380 allow tcp from any to me 22 in via $LanOut setup limit src-addr 2
$cmd 399 deny icmp from any to any in via $LanOut
$cmd 400 allow tcp from any to 192.168.20.2 dst-port 8080,21 via re1
$cmd 401 allow tcp from any to 192.168.20.2 dst-port 8080,21 via re2

$cmd 800 divert natd ip from any to any out via $LanOut
$cmd 801 allow ip from any to any

$cmd 999 deny log all from any to any

#############THE END###############root@FreeBSD:/ # 

Код: Выделить всё

netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     0.0.0.0         255.255.255.252 U         0 0          0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eth0

Код: Выделить всё

 netstat -nr
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.1.1        UGS         0       87   nfe0
127.0.0.1          link#2             UH          0        0    lo0
192.168.0.0/24     link#3             U           0      306    ue0
192.168.0.1        link#3             UHS         0        0    lo0
192.168.1.0/24     link#1             U           0       92   nfe0
192.168.1.2        link#1             UHS         0        0    lo0

Код: Выделить всё

 netstat -nr
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.1.1        UGS         0       87   nfe0
127.0.0.1          link#2             UH          0        0    lo0
192.168.0.0/24   192.168.1.1             U           0      306    ue0
192.168.0.1        192.168.1.1           UHS         0        0    lo0
192.168.1.0/24     192.168.1.1          U           0       92   nfe0
192.168.1.2        192.168.1.1             UHS         0        0    lo0