Народ, подскажите где грабли:
роутер на FreeBSD 4.6, на нем же DNS и SMTP сервера (без проблем), Squid для внутренней сетки (тож работает), не ходят pop3 и smtp (и остальные из этого же правила) из внутренней сетки на внешние сервера и обратно, своя почта и udp 53 ходят нормально.
'ipfw show' показывает что пакеты не попадают в "pass tcp from any to any 20,21,25,110,119,443 setup via ${iif}".
Заранее благодарен за совет.
Вот скрипт:
#
# IPFW RULES
# /etc/ipfw.rules
#
fwcmd="/sbin/ipfw"
oif="fxp0"
oip="62.118.100.1"
onet="62.118.100.0"
omask="255.255.255.0"
iif="fxp1"
iip="192.168.0.9"
inet="192.168.0.0"
imask="255.255.255.0"
dns2="212.188.8.37"
dns3="195.34.0.100"
${fwcmd} -f flush
${fwcmd} add pass ip from any to any via lo0
# Stop private networks (RFC1918) from entering the outside interface.
${fwcmd} add deny ip from 192.168.0.0/16 to any in via $oif
${fwcmd} add deny ip from 172.16.0.0/12 to any in via $oif
${fwcmd} add deny ip from 10.0.0.0/8 to any in via $oif
# NAT
${fwcmd} add divert 8668 ip from any to any via ${oif}
# Allow established connections
${fwcmd} add pass tcp from any to any established
# Allow all outgoing packets from fxp0
${fwcmd} add pass ip from ${oip} to any out xmit ${oif}
# Allow access to our DNS
${fwcmd} add pass udp from any to ${oip} 53 in recv ${oif}
${fwcmd} add pass udp from any 53 to ${oip} in recv ${oif}
#
# rules for internal network
#
# Squid for lan
${fwcmd} add pass tcp from ${inet}:${imask} to ${iip} 8000-8104
${fwcmd} add pass tcp from ${iip} 8000-8104 to ${inet}:${imask}
# DNS, ICQ
${fwcmd} add pass udp from any to any 53,4000 via ${iif}
${fwcmd} add pass udp from any 53,4000 to any via ${iif}
# Allow FTP, SMTP, POP3, NEWS, HTTPS
${fwcmd} add pass tcp from any to any 20,21,25,110,119,443 setup via ${iif}
${fwcmd} add pass tcp from any 20,21,25,110,119,443 to any via ${iif}
# TCP for ICQ
${fwcmd} add pass tcp from any to any 5190 via ${iif}
${fwcmd} add pass tcp from any 5190 to any via ${iif}
# ICMP
${fwcmd} add allow icmp from any to any icmptypes 0,3,8,11 via ${iif}
# PUBLIC SMTP, DNS, SSH only for fgor
${fwcmd} add pass tcp from any to ${oip} 25 in recv ${oif} setup
${fwcmd} add pass tcp from 100.100.100.86/32 to ${oip} 22 in recv ${oif} setup
${fwcmd} add pass tcp from ${dns2} to ${oip} 53 in recv ${oif} setup
${fwcmd} add pass tcp from ${dns3} to ${oip} 53 in recv ${oif} setup
${fwcmd} add reject tcp from any to ${oip} via ${oif} in
${fwcmd} add pass icmp from any to any icmptypes 0,3,8,11
${fwcmd} add deny log all from any to any via ${oif}
${fwcmd} add deny log ip from any to any