Сборка со следующими параметрами:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=50
options IPFIREWALL_FORWARD
options IPFIREWALL_NAT
options LIBALIAS
options DUMMYNETuname -a FreeBSD 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #2: Thu Oct 15 03:17:17 MSD 2009 i386
rc.conf:
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/etc/rc.fire"
firewall_logging="YES"
firewall_nat_enable="YES"
firewall_nat_interface="fxp0"
natd_enable="NO"cat /etc/rc.fire
#!/bin/sh
#cmd="/sbin/ipfw -q "
ext_if="fxp0"
ext_ip="x.x.x.x"
int_if="sk0"
int_ip="10.0.0.1"
inf_net="10.0.0.0/24"
win_serv="10.0.0.5"${cmd} -f flush
${cmd} -f pipe flush
${cmd} -f queue flush${cmd} add check-state
${cmd} add allow ip from any to any via lo0
${cmd} add deny ip from any to 127.0.0.0/8
${cmd} add deny ip from 127.0.0.0/8 to any
${cmd} add deny ip from any to 172.16.0.0/12 in via ${ext_if}
${cmd} add deny ip from any to 192.168.0.0/16 in via ${ext_if}
${cmd} add deny ip from any to 0.0.0.0/8 in via ${ext_if}
${cmd} add deny ip from any to 169.254.0.0/16 in via ${ext_if}
${cmd} add deny ip from any to 240.0.0.0/4 in via ${ext_if}
${cmd} add deny ip from 172.16.0.0/12 to any out via ${int_if}
${cmd} add deny ip from 192.168.0.0/16 to any out via ${int_if}
${cmd} add deny ip from 0.0.0.0/8 to any out via ${int_if}
${cmd} add deny ip from 169.254.0.0/16 to any out via ${int_if}
${cmd} add deny ip from 224.0.0.0/4 to any out via ${int_if}
${cmd} add deny ip from 240.0.0.0/4 to any out via ${int_if}
${cmd} add deny icmp from any to any frag
${cmd} add deny log icmp from any to 255.255.255.255 in via ${ext_if}
${cmd} add deny log icmp from any to 255.255.255.255 out via ${ext_if}
${cmd} add allow icmp from any to any icmptypes 0,8,11
${cmd} nat 1 config log if ${ext_if} reset same_ports redirect_port tcp 10.0.0.5:3777 5321
${cmd} add nat 1 ip from any to any via ${ext_if}
${cmd} add allow tcp from any to any dst-port 5321 via ${ext_if}
${cmd} add allow tcp from any to any dst-port 3777 via ${ext_if}
${cmd} add fwd ${int_ip},2121 tcp from ${inf_net} to any 21 via ${int_if}
${cmd} add fwd 127.0.0.1,3128 tcp from ${inf_net} to any 80 via ${int_if}
${cmd} add allow tcp from any to any established
${cmd} add allow ip from ${ext_ip} to any out xmit ${int_if}
${cmd} add allow ip from any to any via ${int_if}
${cmd} add deny ip from any to anyТребуется с инета (ext_if, ext_ip) пробросить порт 5321 на машинку во внутренней сети (win_serv) на порт 3777. Чего-то не хватает никак не пойму чего именно... Ессно как проброшу перепешу внутренние ограницения. Помогите советом если не сложно.
почитайте man natd
+ ipfw nat не умеет вроде как делать портредирект
>почитайте man natd
>+ ipfw nat не умеет вроде как делать портредиректВот ты и почитай ман! Всё он умеет. Советчики мля...
firewall_nat_flags="unreg_only same_ports redirect_port redirect_port tcp 192.168.34.65:5223 5223
>почитайте man natd
>+ ipfw nat не умеет вроде как делать портредиректМир меняется быстрее, чем люди.
Много лет назад ваши слова были правдой.