>[оверквотинг удален]
> отправить пакет через ext_if
> natd -p 8887 -n ${ext_if} -redirect_port tcp ${int_ip}:81 81
> divert 8887 tcp from any to me 81 in via ext_if
> divert 8887 tcp from int_ip 81 to any out via ext_if
> check-state
> allow tcp from any to int_ip 81 setup keep-state
> allow tcp from me 81 to any setup keep-state
> По крайней мере, в расчете на единственный внешний интерфейс или на дефолтный
> маршрут через него...
> "опорная точка" - check-state.Правила IPFW достались по наследству. Я во feeBSD не силен поэтому и прошу совета хочу разобраться что к чему, но в инете ничего не могу найти похожего на мою конфигурацию. Возможно скоро придется все это самому настраивать хотелось бы заранее быть подготовленным к этому. Спасибо вам за помощь.
вот мой rc.firewall
[Mm][Yy])
yif="sk0"
ynet="Шлюз_пров1"
ymask="255.255.255.224"
yip="внеш_IP_пров1"
oif="fxp0"
onet="Шлюз_пров2"
omask="255.255.255.252"
oip="внеш_IP_пров2"
# set these to your inside interface network and netmask and ip
iif="dc0"
inet="172.21.29.0"
imask="255.255.255.0"
iip="172.21.29.1"
#############
#Redirect ip address server
server="172.21.29.254"
server1="172.21.29.130"
WebCam="172.21.29.24"
#############
skip="skipto 1000"
${fwcmd} -f flush
#Localhost
${fwcmd} add 001 pass all from any to any via lo0
${fwcmd} add 002 pass all from any to 127.0.0.0/8
${fwcmd} add 003 pass ip from 127.0.0.0/8 to any
${fwcmd} add 004 fwd Шлюз_пров1 tcp from внеш_IP_пров1 22 to any
${fwcmd} add 005 fwd Шлюз_пров1 tcp from внеш_IP_пров1 443 to any
${fwcmd} add 006 fwd Шлюз_пров1 tcp from внеш_IP_пров1 110 to any
${fwcmd} add 007 fwd Шлюз_пров1 tcp from внеш_IP_пров1 25 to any
${fwcmd} add 008 fwd Шлюз_пров1 icmp from внеш_IP_пров1 to any
${fwcmd} add 009 fwd Шлюз_пров1 tcp from внеш_IP_пров1 443 to any
${fwcmd} add 010 fwd Шлюз_пров1 tcp from внеш_IP_пров1 21 to any
${fwcmd} add 011 fwd Шлюз_пров1 tcp from внеш_IP_пров1 50000-60000 to any
${fwcmd} add 012 fwd Шлюз_пров1 tcp from внеш_IP_пров1 53 to any
${fwcmd} add 013 fwd Шлюз_пров1 udp from внеш_IP_пров1 53 to any
${fwcmd} add 020 fwd Шлюз_пров2 tcp from внеш_IP_пров2 22 to any
${fwcmd} add 021 fwd Шлюз_пров2 tcp from внеш_IP_пров2 443 to any
${fwcmd} add 022 fwd Шлюз_пров2 tcp from внеш_IP_пров2 110 to any
${fwcmd} add 023 fwd Шлюз_пров2 tcp from внеш_IP_пров2 25 to any
${fwcmd} add 024 fwd Шлюз_пров2 icmp from внеш_IP_пров2 to any
${fwcmd} add 025 fwd Шлюз_пров2 tcp from внеш_IP_пров2 443 to any
${fwcmd} add 026 fwd Шлюз_пров2 tcp from внеш_IP_пров2 53 to any
${fwcmd} add 027 fwd Шлюз_пров2 udp from внеш_IP_пров2 53 to any
#LAN to srv
#${fwcmd} add 006 deny tcp from any to any 80 via ${iif}
${fwcmd} add 90 pass all from any to any via ${iif}
#Redirect to MSRDP
natd -p 8888 -n ${oif} -redirect_port tcp ${server}:3389 3389
${fwcmd} add 100 divert 8888 tcp from any to ${oip} 3389 via ${oif}
#Redierct to MOTIW
natd -p 8889 -n ${oif} -redirect_port tcp ${server1}:4000 4000
${fwcmd} add 101 divert 8889 tcp from any to ${oip} 4000 via ${oif}
natd -p 8890 -n ${oif} -redirect_port tcp ${server1}:80 80
${fwcmd} add 102 divert 8890 tcp from any to ${oip} 80 via ${oif}
natd -p 8891 -n ${yif} -redirect_port tcp ${server}:3389 3389
${fwcmd} add 103 divert 8891 tcp from any to ${yip} 3389 via ${yif}
#Redierct to MOTIW
natd -p 8892 -n ${yif} -redirect_port tcp ${server1}:4000 4000
${fwcmd} add 104 divert 8892 tcp from any to ${yip} 4000 via ${yif}
natd -p 8893 -n ${yif} -redirect_port tcp ${server1}:80 80
${fwcmd} add 105 divert 8893 tcp from any to ${yip} 80 via ${yif}
Вот что я добавлял
#Redirect to WebCam
natd -p 8887 -n $(oif) -redirect_port tcp ${WebCam}:81 81
${fwcmd} add 106 divert 8887 tcp from any to ${oip} 81 via ${oif}
#NAT System
natd -f /etc/natd.conf -a внеш_IP_пров1 -p 8894
${fwcmd} add 120 divert natd all from any to ${oip} in via ${oif}
${fwcmd} add 121 divert 8894 all from any to ${yip} in via ${yif}
#Statefull firewall
${fwcmd} add 200 check-state
${fwcmd} add 209 ${skip} ip from me to any out via ${oif} keep-state
${fwcmd} add 210 ${skip} tcp from any to any 5190 out via ${oif} setup keep-state
${fwcmd} add 211 ${skip} tcp from any to any 22 out via ${oif} setup keep-state
${fwcmd} add 212 ${skip} tcp from any to any 3389 out via ${oif} setup keep-state
еще вот здесь
${fwcmd} add 213 ${skip} tcp from any to any 81 out via ${oif} setup keep-state
${fwcmd} add 214 ${skip} tcp from any to any 25 out via ${oif} setup keep-state
${fwcmd} add 215 ${skip} tcp from any to any 110 out via ${oif} setup keep-state
${fwcmd} add 216 ${skip} tcp from any to any 143 out via ${oif} setup keep-state
${fwcmd} add 217 ${skip} tcp from any to any 8878 out via ${oif} setup keep-state
${fwcmd} add 218 ${skip} tcp from any to any 2041 via ${oif} setup keep-state
${fwcmd} add 219 ${skip} tcp from any to any 443 out via ${oif} setup keep-state
${fwcmd} add 220 ${skip} tcp from any to any 995 out via ${oif} setup keep-state
${fwcmd} add 221 ${skip} udp from any to any out via ${oif} keep-state
${fwcmd} add 222 ${skip} gre from any to any out via ${oif} keep-state
${fwcmd} add 223 ${skip} esp from any to any out via ${oif} keep-state
${fwcmd} add 224 ${skip} icmp from any to any out via ${oif} keep-state
${fwcmd} add 225 allow tcp from any to me 53 via ${oif} setup keep-state
${fwcmd} add 226 allow udp from any to me 53 via ${oif} keep-state
${fwcmd} add 227 allow tcp from any to me 25 via ${oif} setup keep-state
${fwcmd} add 228 allow tcp from any to me 110 via ${oif} setup keep-state
${fwcmd} add 324 allow tcp from any to me 53 via ${yif} setup keep-state
${fwcmd} add 325 allow udp from any to me 53 via ${yif} keep-state
${fwcmd} add 326 allow tcp from any to me 25 via ${yif} setup keep-state
${fwcmd} add 327 allow tcp from any to me 110 via ${yif} setup keep-state
${fwcmd} add 229 ${skip} ip from 172.21.29.254 to any out via ${oif} keep-state
${fwcmd} add 230 ${skip} ip from 172.21.29.24 to any out via ${oif} keep-state
${fwcmd} add 231 ${skip} tcp from any to ${server} 3389 via ${oif} setup keep-state
${fwcmd} add 232 ${skip} tcp from any to ${server1} 4000 via ${oif} setup keep-state
${fwcmd} add 233 ${skip} tcp from any to ${server1} 80 via ${oif} setup keep-state
Здесь
${fwcmd} add 234 ${skip} tcp from any to ${WebCam} 81 via ${oif} setup keep-state
${fwcmd} add 330 ${skip} tcp from any to ${server} 3389 via ${yif} setup keep-state
И здесь
${fwcmd} add 331 ${skip} tcp from any to ${WebCam} 81 via ${yif} setup keep-state
${fwcmd} add 332 ${skip} tcp from any to ${server1} 4000 via ${yif} setup keep-state
${fwcmd} add 333 ${skip} tcp from any to ${server1} 80 via ${yif} setup keep-state
${fwcmd} add 234 ${skip} ip from any to any out via ${oif} keep-state
${fwcmd} add 235 skipto 1001 ip from any to any out via ${yif} keep-state
${fwcmd} add 302 allow tcp from any to me 443 in via ${oif}
${fwcmd} add 303 allow tcp from any to me 50000-60000 in via ${oif}
${fwcmd} add 305 allow tcp from any to me 22 in via ${oif}
${fwcmd} add 306 allow tcp from any to me 21 in via ${oif}
${fwcmd} add 307 allow icmp from any to me in via ${oif}
${fwcmd} add 402 allow tcp from any to внеш_IP_пров1 443 in via ${yif}
${fwcmd} add 403 allow tcp from any to внеш_IP_пров1 50000-60000 in via ${yif}
${fwcmd} add 405 allow tcp from any to внеш_IP_пров1 22 in via ${yif}
${fwcmd} add 406 allow tcp from any to внеш_IP_пров1 21 in via ${yif}
${fwcmd} add 407 allow icmp from any to внеш_IP_пров1 in via ${yif}
${fwcmd} add 600 deny log ip from any to any
${fwcmd} add 1000 divert natd all from ${inet}:${imask} to any out via ${oif}
${fwcmd} add 1001 divert 8894 all from ${inet}:${imask} to any out via ${yif}
${fwcmd} add 1100 allow ip from any to any
${fwcmd} add 65534 deny log ip from any to any
case ${natd_enable} in
С таким конфигом ничего не работает ( .
Если у вас есть возможность подскажите где мои ошибки и если можно с объяснением. Спасибо что откликнулись на мою просьбу.
Вариант для распечатки
(??) on 06-Янв-12, 23:12 
