Подскажите пож. Есть компьютер с ip 10.0.0.2
Как ему предоставить выход в интернет???
Создал Vlan
ifconfig
vlan4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:19:db:de:e4:b9
inet 10.0.0.1 netmask 0xfffff800 broadcast 10.0.7.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 4 parent interface: re0
rc.conf
gateway_enable="YES"
hostname="bsd.ratc"
ifconfig_re0="inet 192.168.0.254 netmask 255.255.252.0"
ifconfig_re1="inet x.x.x.x netmask x.x.x.x"
cloned_interfaces="vlan4"
ifconfig_vlan4="inet 10.0.0.1/29 vlan 4 vlandev re0"
defaultrouter="x.x.x.x"
inetd_enable="YES"
keymap="ru.koi8-r"
sshd_enable="YES"
firewall_enable="YES"
natd_enable="YES"
natd_interface="re1"
squid_enable="YES"
mpd_enable="YES"
mpd_flags="-b"
rinetd_enable="YES"
ipfw
#!/bin/sh
/sbin/ipfw -f flush
oif=re1
oip=x.x.x.x
iip=192.168.0.0/22
#Nat
/sbin/ipfw add 1 divert natd all from $iip to any out via re1
/sbin/ipfw add 2 divert natd all from any to $oip in via re1
/sbin/ipfw add 3 allow tcp from 10.0.0.0/29 to any
/sbin/ipfw add 4 allow tcp from any to 10.0.0.0/29
/sbin/ipfw add 8 fwd 192.168.0.254,8080 tcp from 192.168.0.0/22 to any 80
/sbin/ipfw add 9 allow all from 192.168.0.0/22 to 192.168.0.254 8080
/sbin/ipfw add 10 allow all from me to any
#Squid
/sbin/ipfw add 11 allow tcp from $oip to any 80
/sbin/ipfw add 12 allow tcp from any 80 to $oip
#DNS
/sbin/ipfw add 13 allow udp from any to any 53
/sbin/ipfw add 14 allow udp from any 53 to any
/sbin/ipfw add 15 allow tcp from $iip to any 443
/sbin/ipfw add 16 allow tcp from any 443 to $iip
#Putty
/sbin/ipfw add 17 allow tcp from any to any 8822
#POP,SMTP
/sbin/ipfw add 18 allow tcp from any to any 25,110
/sbin/ipfw add 19 allow tcp from any 25,110 to any
#ICMP
/sbin/ipfw add 20 allow icmp from any to any icmptype 8,0,11
#FTP
/sbin/ipfw add 30 allow tcp from any to any 20,21
/sbin/ipfw add 40 allow tcp from 20,21 any to any
/sbin/ipfw add 67 allow tcp from any to any 1024-65535
#VPN
/sbin/ipfw add 71 allow gre from any to any
/sbin/ipfw add 72 allow tcp from any to any 1723
/sbin/ipfw add 73 allow tcp from any 1723 to any
#RDP
/sbin/ipfw add 74 allow tcp from $iip to any 3389
/sbin/ipfw add 75 allow tcp from any 3389 to $iip
#Exch
/sbin/ipfw add 80 allow tcp from any to any 2378
/sbin/ipfw add 81 allow tcp from any 2378 to any
#LOG
/sbin/ipfw add 500 deny log tcp from any to any
/sbin/ipfw add 501 deny log logamount 100 all from any to any
#/sbin/ipfw add 999 allow all from any to any
/sbin/ipfw add 1000 deny all from any to any