Народ, подскажите где грабли:
роутер на FreeBSD 4.6, на нем же DNS и SMTP сервера (без проблем), Squid для внутренней сетки (тож работает), не ходят pop3 и smtp (и остальные из этого же правила) из внутренней сетки на внешние сервера и обратно, своя почта и udp 53 ходят нормально.
'ipfw show' показывает что пакеты не попадают в "pass tcp from any to any 20,21,25,110,119,443 setup via ${iif}".

Заранее благодарен за совет.

Вот скрипт:

#
# IPFW RULES
# /etc/ipfw.rules
#

fwcmd="/sbin/ipfw"

oif="fxp0"
oip="62.118.100.1"
onet="62.118.100.0"
omask="255.255.255.0"

iif="fxp1"
iip="192.168.0.9"
inet="192.168.0.0"
imask="255.255.255.0"

dns2="212.188.8.37"
dns3="195.34.0.100"

${fwcmd} -f flush

${fwcmd} add pass ip from any to any via lo0

# Stop private networks (RFC1918) from entering the outside interface.
${fwcmd} add deny ip from 192.168.0.0/16 to any in via $oif
${fwcmd} add deny ip from 172.16.0.0/12 to any in via $oif
${fwcmd} add deny ip from 10.0.0.0/8 to any in via $oif

# NAT
${fwcmd} add divert 8668 ip from any to any via ${oif}

# Allow established connections
${fwcmd} add pass tcp from any to any established

# Allow all outgoing packets from fxp0
${fwcmd} add pass ip from ${oip} to any out xmit ${oif}

# Allow access to our DNS
${fwcmd} add pass udp from any to ${oip} 53 in recv ${oif}
${fwcmd} add pass udp from any 53 to ${oip} in recv ${oif}

#
# rules for internal network
#
# Squid for lan
${fwcmd} add pass tcp from ${inet}:${imask} to ${iip} 8000-8104
${fwcmd} add pass tcp from ${iip} 8000-8104 to ${inet}:${imask}

# DNS, ICQ
${fwcmd} add pass udp from any to any 53,4000 via ${iif}
${fwcmd} add pass udp from any 53,4000 to any via ${iif}

# Allow FTP, SMTP, POP3, NEWS, HTTPS
${fwcmd} add pass tcp from any to any 20,21,25,110,119,443 setup via ${iif}
${fwcmd} add pass tcp from any 20,21,25,110,119,443 to any via ${iif}

# TCP for ICQ
${fwcmd} add pass tcp from any to any 5190 via ${iif}
${fwcmd} add pass tcp from any 5190 to any via ${iif}

# ICMP
${fwcmd} add allow icmp from any to any icmptypes 0,3,8,11 via ${iif}

# PUBLIC SMTP, DNS, SSH only for fgor  
${fwcmd} add pass tcp from any to ${oip} 25 in recv ${oif} setup
${fwcmd} add pass tcp from 100.100.100.86/32 to ${oip} 22 in recv ${oif} setup
${fwcmd} add pass tcp from ${dns2} to ${oip} 53 in recv ${oif} setup
${fwcmd} add pass tcp from ${dns3} to ${oip} 53 in recv ${oif} setup

${fwcmd} add reject tcp from any to ${oip} via ${oif} in

${fwcmd} add pass icmp from any to any icmptypes 0,3,8,11

${fwcmd} add deny log all from any to any via ${oif}

${fwcmd} add deny log ip from any to any

• RE: IPFW на роутере , не работает POP3 и SMTP на внешние сер..., sassha, 12:25 , 14-Авг-02, (1)
  • RE: IPFW на роутере , не работает POP3 и SMTP на внешние сер..., wwwuser, 19:19 , 14-Авг-02, (2)
• RE: IPFW на роутере , не работает POP3 и SMTP на внешние сер..., ssv, 10:12 , 15-Авг-02, (3)
  • RE: IPFW на роутере , не работает POP3 и SMTP на внешние сер..., sassha, 10:54 , 15-Авг-02, (4)
    • RE: IPFW на роутере , не работает POP3 и SMTP на внешние сер..., ssv, 11:13 , 15-Авг-02, (5)
      • RE: IPFW на роутере , не работает POP3 и SMTP на внешние сер..., sassha, 17:02 , 15-Авг-02, (6)