Помогите понять где напортачил
не ходят пакеты из сети loc в loc2 и наоборот
ip сетевой на сервере смотрящей в loc из loc2 пингуется а машины в loc уже нет.
freebsd 6.1,ipfw,squid,vsftpd,samba,nat/etc/rc.frw
____________
#
ipfw -q -f flush
#
cmd="ipfw -q add"
publif="xl1"
lif="xl0"
loc2if="fxp0"
loc="192.168.1.0/24"
loc2="192.168.2.0/24"
lip="192.168.1.1"
publip="90.90.90.90"
l2ip="192.168.2.1"
## base
$cmd 00010 allow all from any to any via lo0
$cmd 00015 check-state
#deny
$cmd 00100 deny all from 192.168.0.0/16 to any in via $publif
$cmd 00110 deny all from 172.16.0.0/12 to any in via $publif
$cmd 00120 deny all from 10.0.0.0/8 to any in via $publif
$cmd 00130 deny all from 0.0.0.0/8 to any in via $publif
$cmd 00140 deny all from 169.254.0.0/16 to any in via $publif
$cmd 00150 deny all from 192.0.2.0/24 to any in via $publif
$cmd 00160 deny all from 204.152.64.0/23 to any in via $publif
$cmd 00170 deny all from 224.0.0.0/3 to any in via $publif
$cmd 00180 deny all from 127.0.0.0/8 to any in via $publif
$cmd 00190 deny all from $loc to any in via $publif
$cmd 00191 deny all from $loc2 to any in via $publif
$cmd 00192 deny all from $loc to any in via $loc2if
$cmd 00193 deny all from $loc2 to any in via $lif
$cmd 00311 deny tcp from any to any 22,25,53,80-83,110,135-139,443,445,548,953,8080 in via $publif
$cmd 00431 deny udp from any to any 22,25,53,80-83,110,135-139,443,445,548,953,8080 in via $publif
$cmd 00440 deny all from any to any frag in via $publif
$cmd 00461 deny icmp from any to $publip in via $publif
$cmd 00470 pass all from 127.0.0.0/8 to any
#
#allowed
$cmd 00490 pass icmp from any to any
$cmd 00491 pass all from $loc2 to $loc
$cmd 00492 pass all from $loc to $loc2
$cmd 00500 pass udp from $loc to $lip 53 via $lif keep-state
$cmd 00501 pass udp from $loc2 to $lip 53 via $loc2if keep-state
$cmd 00505 pass tcp from $loc to $lip 8080 via $lif keep-state
$cmd 00506 pass tcp from $loc2 to $l2ip 8080 via $loc2if keep-state
$cmd 00511 allow tcp from $loc to $lip via $lif
$cmd 00513 allow udp from $loc to $lip via $lif
#loc2
$cmd 00516 allow tcp from $loc2 to $l2ip via $loc2if
$cmd 00517 allow udp from $loc2 to $l2ip via $loc2if
#localshikov na nat
$cmd 00525 skipto 00720 tcp from $loc to any 25,110,20,21,10000-65535 in via $lif
$cmd 00526 skipto 00720 udp from $loc to any 53 in via $lif
$cmd 00528 skipto 00720 tcp from $loc2 to any 25,110,20,21,10000-65535 in via $loc2if
$cmd 00529 skipto 00720 udp from $loc2 to any 53 in via $loc2if
#rubim lishnee s nata
$cmd 00530 deny tcp from $loc to any 22,23,80,81,135,137,138,139,443,548,1080,5190,3128,8080 in via $lif
$cmd 00531 deny all from $loc to any in via $lif
$cmd 00532 deny tcp from $loc2 to any 22,23,80,81,135,137,138,139,443,548,1080,5190,3128,8080 in via $loc2if
$cmd 00533 deny all from $loc2 to any in via $loc2if
#rasresh isxodyashie
$cmd 00550 allow tcp from me to any 53 out via $publif setup keep-state
$cmd 00560 allow udp from me to any 53 out via $publif keep-state
$cmd 00570 pass tcp from me to any via $publif keep-state
#k nash ftp dostup
$cmd 00600 pass tcp from any to $publip 20 via $publif
$cmd 00610 pass tcp from me 20 to any via $publif
$cmd 00620 pass tcp from any to $publip 21 via $publif
$cmd 00630 pass tcp from me 21 to any via $publif
#$cmd 00640 pass tcp from any to $publip 10000-20000 via $publif
#nat
$cmd 00720 divert natd ip from any to any via $publif
$cmd 00725 allow all from any to any
#deny log
$cmd 50000 deny log all from any to any
|
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
on 16-Май-06, 14:12 
