Привет Всем . У меня FreeBsd 7.0 + NAT + mpd-3-18_5. Настроил конфиги и другие . NAT c файерволом нормально работает . А вот MPD поключаеться и только пингует сервер,а другие локалки не пингует. Думаю что это с файерволом, пожалуйста проверьте мои правили , может я что то пропустил :)#!/bin/sh -
cmd="ipfw -q add"
#LocalAdapter
lad="sk0"
iplad="192.168.0.0"
#InternetAdapter
iad="rl0"
good_tcpo="22,25,37,43,53,80,443,110,119"
agentports="2041,2042,5190,443"
skip="skipto 1500"
#ipiad="169.1.0.1"
mask="24"
#DNS i
dns1="x.x.x.x"
dns2="x.x.x.x"
ipfw -q -a flush
# All to Local
$cmd 0004 allow all from any to any via $lad
# All on Server
$cmd 0008 allow all from any to any via lo0
# NAT dostup vsem
$cmd 0016 divert natd ip from any to any in via $iad
#$cmd 0017 allow tcp from any to any 1723
$cmd 0019 check-state
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#~ Out Rules to Internet from Server ~
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# DNS
$cmd 0020 $skip tcp from any to $dns1 53 out via $iad setup keep-state
$cmd 0022 $skip udp from any to $dns1 53 out via $iad keep-state
# DHCP , esli u tebya ip beryotsya c provaydera
#$cmd 0024 allow log udp from any to any 67 out via $iad keep-state
#$cmd 0026 allow udp from any to x.x.x.x 67 out via $iad keep-state
#WWW out
$cmd 0028 $skip tcp from any to any 80 out via $iad setup keep-state
#https
$cmd 0029 $skip tcp from any to any 443 out via iad setup keep-state
#pochta
$cmd 0030 $skip tcp from any to any 25 out via $iad setup keep-state
$cmd 0031 $skip tcp from any to any 110 out via $iad setup keep-state
#FBSD (make install) dostup
$cmd 0033 $skip tcp from me to any out via $iad keep-state uid root
#ping
$cmd 0034 $skip icmp from any to any out via $iad keep-state
#Time
$cmd 0035 $skip tcp from any to any 37 out via $iad setup keep-state
#nttp news
$cmd 0036 $skip tcp from any to any 119 out via $iad setup keep-state
#FTP,Telnet
$cmd 0037 $skip tcp from any to any 22 out via $iad setup keep-state
#whois
$cmd 0038 $skip tcp from any to any 43 out via $iad setup keep-state
#mail agent
$cmd 0039 $skip tcp from any to any $agentports out via $iad setup keep-state
#Udalyonniy rabochiy stol
$cmd 0044 $skip tcp from any to any 3389 out via $iad setup keep-state
#Others to log and deny
$cmd 0050 deny log all from any to any out via $iad setup keep-state
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#~In Rules from Internet to Server ~
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$cmd 0055 deny all from 192.168.0.0/16 to any in via $iad
$cmd 0056 deny all from 172.16.0.0/12 to any in via $iad
$cmd 0057 deny all from 10.0.0.0/8 to any in via $iad
$cmd 0058 deny all from 127.0.0.0/8 to any in via $iad #loopback
$cmd 0059 deny all from 0.0.0.0/8 to any in via $iad #loopback
$cmd 0060 deny all from 169.254.0.0/16 to any in via $iad #DHCP auto config
$cmd 0061 deny all from 192.0.2.0/24 to any in via $iad #reserved for docs
$cmd 0062 deny all from 204.152.64.0/23 to any in via $iad #Sun cluster interconnect
$cmd 0063 deny all from 224.0.0.0/3 to any in via $iad #Class D&E multicast# ping in
$cmd 0064 allow icmp from any to any in via $iad
# Netbios
$cmd 0065 deny tcp from any to any 137 in via $iad
$cmd 0066 deny tcp from any to any 138 in via $iad
$cmd 0067 deny tcp from any to any 139 in via $iad
$cmd 0068 deny tcp from any to any 81 in via $iad
$cmd 0069 deny all from any to any frag in via $iad
#VPN
$cmd 0080 allow tcp from any to me 1723
$cmd 0082 allow tcp from me 1723 to any established
$cmd 0084 allow gre from any to any
$cmd 0086 allow ip from any to any via ng0 # ng это интервейс MDP
$cmd 0087 allow ip from any to any via ng1
$cmd 0088 allow ip from any to any via ng2# deny ACK not in dynamic tables
$cmd 0130 deny tcp from any to any established in via $iad
# allow to DHCP ack from Provider
# $cmd 0135 allow udp from to x.x.x.x 67 in via $iad keep-state
# in www
$cmd 0138 allow tcp from any to me 80 in via $iad setup limit src-addr 2
# FTP,Telnet,ssh
$cmd 0140 allow tcp from any to me 22,21 in via $iad setup limit src-addr 2
# Squid
$cmd 0144 fwd 127.0.0.1,3128 tcp from $iplad/$mask to any 80 via $iad
# All in packets to LOG file
$cmd 0150 deny log all from any to any in via $iad$cmd 0999 deny log all from any to any
#BlockAll
$cmd 1200 deny ip from any to any#NAT out
$cmd 1500 divert natd ip from any to any out via $iad
$cmd 1510 allow ip from any to any
для чего то никто не хочет отвечать, может что не так с вопросом :)))