если пинг ходит значит айпи работает,попробуй телнетом пробиться и покажи реальный фаервол
`ipfw l`

>Есть две удаленных сетки, провайдер в обоих сетях один и тот же.
>
>Задача связать две сетки по IPSec по внутренней сети провайдера
>Туннель IPSec подымается на ура, на машинах шлюзы прописаны, ping из одной
>сети в другую идет.
>ось freebsd 5.4
>
>Проблема в следующем
>Если пытаюсь из офиса обратится к терминалу на складе результат отрицательный
>Одним словом идет только ping.
>Как заставить пропускать весь трафик из сетки в сетку
>
>Настройки приведены ниже
>
>
>настройки офис
>10.151.194.14 внешний ip
>255.255.255.0
>10.151.194.253 шлюз по умолчанию
>192.168.30.13 внутренний ip
>255.255.255.0
>
>/etc/rc.conf
>gateway_enable="YES"
>firewall_enable="YES"
>firewall_script="/etc/ipfw.rules"
>natd_enable="YES"
>natd_interface="rl0"
>natd_flags="-f /etc/natd.conf"
>
>
>gif_interfaces="gif0"
>gifconfig_gif0="10.151.194.14 10.148.111.12"
>ifconfig_gif0="inet 192.168.30.13 192.168.33.3 netmask 255.255.255.0"
>static_routes="vpn"
>route_vpn="192.168.33.0/24 192.168.33.3"
>export route_vpn
>ipsec_enable="YES"
>ipsec_file="/etc/ipsec.conf"
>racoon_enable="YES"
>
>
>/etc/ipsec.conf
>flush;
>spdflush;
>spdadd 192.168.30.0/24 192.168.33.0/24 any -P out ipsec esp/tunnel/10.151.194.14-10.148.111.12/require;
>spdadd 192.168.33.0/24 192.168.30.0/24 any -P in ipsec esp/tunnel/10.148.111.12-10.151.194.14/require;
>
>
>/etc/ipfw.rules
>lan_if="rl1"
>lan_ip="192.168.30.13"
>lan_net="192.168.30.0/24"
>wan_if="vr0"
>wan_ip="10.151.194.14"
>od=10.151.194.14
>sd=10.148.111.12
>
>${fwcmd} add 100 divert natd all from any to any via ${wan_ip}
>
>
>${fwcmd} add 1 allow udp from ${od} to ${sd} isakmp
>${fwcmd} add 1 allow udp from ${sd} to ${od} isakmp
>${fwcmd} add 1 allow esp from ${od} to ${sd}
>${fwcmd} add 1 allow esp from ${sd} to ${od}
>${fwcmd} add 1 allow ipencap from ${od} to ${sd}
>${fwcmd} add 1 allow ipencap from ${sd} to ${od}
>
>
>setkey -D
>10.151.194.14 10.148.111.12
>esp mode=tunnel spi=171670616(0x0a3b7c58) reqid=0(0x00000000)
>E: 3des-cbc ac0ecde7 420d7f19 30ba258f 46a9b978 2b5787d3 24702e0f
>A: hmac-sha1 91fdf821 0a57e44d 613fca7a 93f61080 229c2554
>seq=0x0000029b replay=4 flags=0x00000000 state=mature
>created: Jul 24 18:06:50 2006 current: Jul 24 22:30:01 2006
>diff: 15791(s) hard: 28800(s) soft: 23040(s)
>last: Jul 24 22:28:55 2006 hard: 0(s) soft: 0(s)
>current: 91528(bytes) hard: 0(bytes) soft: 0(bytes)
>allocated: 667 hard: 0 soft: 0
>sadb_seq=1 pid=1051 refcnt=2
>10.148.111.12 10.151.194.14
>esp mode=tunnel spi=32119505(0x01ea1ad1) reqid=0(0x00000000)
>E: 3des-cbc 168753a0 e02101f7 610d4ce8 390570db a74d01de 827a8004
>A: hmac-sha1 4edb9281 d1776ee0 a11129b5 5b7c02f0 cfa56b21
>seq=0x000002c7 replay=4 flags=0x00000000 state=mature
>created: Jul 24 18:06:50 2006 current: Jul 24 22:30:01 2006
>diff: 15791(s) hard: 28800(s) soft: 23040(s)
>last: Jul 24 22:28:55 2006 hard: 0(s) soft: 0(s)
>current: 86960(bytes) hard: 0(bytes) soft: 0(bytes)
>allocated: 711 hard: 0 soft: 0
>sadb_seq=0 pid=1051 refcnt=1
>
>
>
>настройки склада
>10.148.111.12 внешний ip
>255.255.255.0
>10.148.111.253 шлюз по умолчанию
>192.168.33.3 внутренний ip
>255.255.255.0
>
>
>/etc/rc.conf
>firewall_enable="YES"
>firewall_script="/etc/ipfw.rules"
>natd_enable="YES"
>natd_interface="rl1"
>natd_flags="-f /etc/natd.conf"
>
>
>gif_interfaces="gif0"
>gifconfig_gif0="10.148.111.12 10.151.194.14"
>ifconfig_gif0="inet 192.168.33.3 192.168.30.13 netmask 255.255.255.0"
>static_routes="vpn"
>route_vpn="192.168.30.0/24 192.168.30.13"
>export route_vpn
>ipsec_enable="YES"
>ipsec_file="/etc/ipsec.conf"
>racoon_enable="YES"
>
>/etc/ipsec.conf
>flush;
>spdflush;
>spdadd 192.168.33.0/24 192.168.30.0/24 any -P out ipsec esp/tunnel/10.148.111.12-10.151.194.14/require;
>spdadd 192.168.30.0/24 192.168.33.0/24 any -P in ipsec esp/tunnel/10.151.194.14-10.148.111.12/require;
>
>/etc/ipfw.rules
>lan_if="rl0"
>lan_ip="192.168.33.3"
>lan_net="192.168.33.0/24"
>wan_if="rl1"
>wan_ip="10.148.111.12"
>od=10.151.194.14
>sd=10.148.111.12
>
>
>${fwcmd} add 100 divert natd all from any to any via ${wan_ip}
>
>
>ipfw add 1 allow udp from ${sd} to ${od} isakmp
>ipfw add 1 allow udp from ${od} to ${sd} isakmp
>ipfw add 1 allow esp from ${sd} to ${od}
>ipfw add 1 allow esp from ${od} to ${sd}
>ipfw add 1 allow ipencap from ${sd} to ${od}
>ipfw add 1 allow ipencap from ${od} to ${sd}
>
>
>
>setkey -D
>10.148.111.12 10.151.194.14
>esp mode=tunnel spi=32119505(0x01ea1ad1) reqid=0(0x00000000)
>E: 3des-cbc 168753a0 e02101f7 610d4ce8 390570db a74d01de 827a8004
>A: hmac-sha1 4edb9281 d1776ee0 a11129b5 5b7c02f0 cfa56b21
>seq=0x000002ec replay=4 flags=0x00000000 state=mature
>created: Jul 24 18:06:50 2006 current: Jul 24 22:30:35 2006
>diff: 15825(s) hard: 28800(s) soft: 23040(s)
>last: Jul 24 22:30:35 2006 hard: 0(s) soft: 0(s)
>current: 132176(bytes) hard: 0(bytes) soft: 0(bytes)
>allocated: 748 hard: 0 soft: 0
>sadb_seq=1 pid=1088 refcnt=2
>10.151.194.14 10.148.111.12
>esp mode=tunnel spi=171670616(0x0a3b7c58) reqid=0(0x00000000)
>E: 3des-cbc ac0ecde7 420d7f19 30ba258f 46a9b978 2b5787d3 24702e0f
>A: hmac-sha1 91fdf821 0a57e44d 613fca7a 93f61080 229c2554
>seq=0x000002c5 replay=4 flags=0x00000000 state=mature
>created: Jul 24 18:06:50 2006 current: Jul 24 22:30:35 2006
>diff: 15825(s) hard: 28800(s) soft: 23040(s)
>last: Jul 24 22:30:35 2006 hard: 0(s) soft: 0(s)
>current: 61550(bytes) hard: 0(bytes) soft: 0(bytes)
>allocated: 709 hard: 0 soft: 0
>sadb_seq=0 pid=1088 refcnt=1