Знать бы, какие именно! Те, в которых я что-либо писал, одинаковы. Ну вот, например, rc.conf первой (BSD-5.1), в скобках вторая тачка (BSD-5.2.1):
amd_enable="NO"
inetd_enable="NO"
gateway_enable="YES"
firewall_enable="YES"
defaultrouter="195.161.40.81" (defaultrouter="195.222.1.2")
hostname="zulu.domen.ru" (hostname="bravo.subdomen.domen.ru")
ifconfig_rl0="inet 195.161.40.85 netmask 255.255.255.248"
ifconfig_rl1="inet 192.168.11.226 netmask 255.255.255.0"
(ifconfig_de0="inet 195.222.1.1 netmask 255.255.255.0")
(ifconfig_rl0="inet 192.168.104.202 netmask 255.255.255.0")
(ifconfig_rl1="inet 192.168.204.202 netmask 255.255.255.0")
kern_securelevel_enable="NO"
nfs_client_enable="NO"
router="/sbin/routed"
router_enable="YES"
router_flags="-s"
rpcbind_enable="NO"
sendmail_enable="NO"
sshd_enable="YES"
natd_enable="YES"
natd_interface="rl0" (natd_interface="de0")
natd_flags="-f /etc/natd.conf"
tcp_drop_synfin="YES"
icmp_drop_redirect="YES"
tcp_extensions="NO"
файлы rc.firewall одинаковы, за исключением подстановки имён интерфейсов и адресов сетей.
#!/bin/sh
ipfw="/sbin/ipfw -q"
# wan1 - leased line, connected to first NIC (rl0) (de0)
# lan1 - main LAN, connected to second NIC (rl1) (rl0)
# lan2 - second LAN, connected to third NIC (rl2) (rl1)
wan1="195.161.40.80/29"
wan1if="rl0"
lan1="192.168.11.0/24"
lan1if="rl1"
lan2="192.168.104.0/24"
lan2if="rl2"
${ipfw} -f flush
${ipfw} add 100 deny icmp from any to any in icmptype 5,9,13,14,15,16,17
${ipfw} add 300 allow all from any to any via lo
${ipfw} add 310 deny all from any to 127.0.0.0/8
${ipfw} add 320 deny all from 127.0.0.0/8 to any
${ipfw} add 500 divert natd all from any to any via ${wan1if}
${ipfw} add 600 check-state
${ipfw} add 610 allow tcp from any to any 1352 keep-state
${ipfw} add 710 deny tcp from ${lan1} to any in via ${wan1if}
${ipfw} add 720 deny tcp from ${lan2} to any in via ${wan1if}
${ipfw} add 800 allow tcp from ${wan1} to any keep-state
${ipfw} add 810 allow tcp from ${lan1} to any keep-state
${ipfw} add 820 allow tcp from ${lan2} to any keep-state
${ipfw} add 1000 allow tcp from any to me ssh keep-state
${ipfw} add 1300 allow udp from any to any 53 keep-state
${ipfw} add 1500 allow icmp from ${wan1} to any
${ipfw} add 1600 allow icmp from ${lan1} to any
${ipfw} add 1700 allow icmp from ${lan2} to any
${ipfw} add 1800 allow icmp from any to any in icmptype 0,3,4,8,11,12
Ядро по умолчанию "deny from any to any"
Опции ядра:
# My options
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE_LIMIT=100 (на 5.2.1=20)
options IPDIVERT
options DUMMYNET
options QUOTA
options SUIDDIR
options TCP_DROP_SYNFIN
Просто непонятно:
1. Почему именно на два из трёх
2. Почему это вылезло именно на разных версиях ОС (настраиваю кучу серверов на 5.1 - всё нормалёк, а тут решил на 5.2 и на тебе).