Здравствуйте.

Подскажите где ошибка, нат не хочет работать, но если добавить в конец правило
${ipfw} add 401 allow ip from any to any, то все работает.

#!/bin/sh
ipfw='/sbin/ipfw -q'
ournet='192.168.0.0/24'
uprefix='192.168.0'
ifout='fxp0'
ifuser='rl0'
ip="192.168.0.83"
${ipfw} flush
${ipfw} add 002 allow all from any to any via ${ifuser}
${ipfw} add 003 allow all from any to any via lo0
${ipfw} add 004 divert natd ip from any to any in via ${ifout}
${ipfw} add 100 check-state
${ipfw} add 200 deny icmp from any to any in icmptype 5,9,13,14,15,16,17
${ipfw} add 210 deny all from 127.0.0.0/8 to any in via ${ifout}
${ipfw} add 220 deny all from 0.0.0.0/8 to any in via ${ifout}
${ipfw} add 230 reject ip from ${ournet} to any in via ${ifout}
${ipfw} add 240 reject tcp from any to any not established tcpflags fin
${ipfw} add 250 reject tcp from any to any tcpflags fin, syn, rst, psh, ack, urg
${ipfw} add 260 reject tcp from any to any tcpflags !fin, !syn, !rst, !psh, !ack, !urg
${ipfw} add 300 allow tcp from me to any keep-state via ${ifout}
${ipfw} add 310 allow icmp from any to any
${ipfw} add 320 allow udp from me to any domain keep-state
${ipfw} add 400 divert natd ip from any to any out via ${ifout}