Да нет проблем, самый что нинаесть простенький...
fw=10.5.1.11
ip=191.168.10.1
net="192.168.10.0/28"
mask="255.255.255.0"
# ------------------ divert ---------------------
# DIVERT
ipfw add divert natd ip from 192.168.10.0/24 to any out via xl0
ipfw add divert natd ip from any to 10.5.1.11 in via xl0
# ----------------- COUNT --------------
# ipfw add count all from any to 10.5.1.11 in via xl0
# ipfw add count all from 192.168.10/24 to any out via xl0
# ----------------- SHAPER---------------
ipfw pipe 1 config bw 64Kbit/s queue 5
ipfw add pipe 1 ip from any to 192.168.10.21 in via xl0
ipfw add pipe 1 ip from any to 192.168.10.23 in via xl0
ipfw pipe 2 config bw 100Kbit/s queue 5
ipfw add pipe 2 ip from any to 192.168.10.5 in via xl0
# ------------------- END Shaper -----------
# ------------------- FW rulez ---------
ipfw add pass all from any to any via lo0
ipfw add pass all from any to any via xl1
ipfw add deny ip from any to 127.0.0.0/8
ipfw add deny icmp from any to any frag
ipfw add pass ICMP from any to any
# DNS Resolving
ipfw add pass udp from any to any 53
ipfw add pass udp from any 53 to any
ipfw add pass tcp from any to any 25
ipfw add pass tcp from any 25 to any
ipfw add pass tcp from any to any 443 out via xl0
ipfw add pass tcp from any 443 to any in via xl0
ipfw add pass tcp from 10.5.1.11 to any 80 out via xl0
ipfw add pass tcp from any 80 to 192.168.10.0/24 in via xl0
ipfw add pass tcp from 10.5.1.11 to any 19020 out via xl0
ipfw add pass tcp from any 19020 to 192.168.10.0/24 in via xl0
ipfw add pass udp from 10.5.1.11 to any 119 out via xl0
ipfw add pass udp from any 119 to 192.168.10.0/24 in via xl0
ipfw add pass tcp from any 110 to any
ipfw add pass tcp from any to any 110
ipfw add pass tcp from 10.5.1.11 1024-65535 to any 21 out
ipfw add deny log tcp from any 21 to 10.5.1.11 1024-65535 in setup
ipfw add pass tcp from any 21 to 192.168.10.0/24 1024-65535 in
ipfw add pass tcp from 10.5.1.11 1024-65535 to any 20 out
ipfw add pass tcp from any 20 to 192.168.10.0/24 1024-65535 in
ipfw add pass tcp from 10.5.1.11 1024-65535 to 212.45.1.179 1024-65535 out
ipfw add pass tcp from 212.45.1.179 1024-65535 to 192.168.10.0/24 in via xl0
ipfw add pass tcp from any 22 to any
ipfw add pass tcp from any to any 22
ipfw add pass tcp from any 2700 to 192.168.10.0/24 in via xl0
ipfw add pass tcp from 10.5.1.11 to any 2700 out via xl0
ipfw add pass tcp from any 8025 to 192.168.10.0/24 in via xl0
ipfw add pass tcp from 10.5.1.11 to any 8025 out via xl0
ipfw add pass tcp from any 12801 to 192.168.10.0/24 in via xl0
ipfw add pass tcp from 10.5.1.11 to any 12801 out via xl0
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
on
04-Апр-02, 15:39 (MSK)
