здравствуйте, по мотивам ваших ответов я поправил свой скрипт: #!/bin/sh ipfw -f flush ipfw add check-state ipfw add allow all from any to any via lo0 ipfw add deny all from 10.0.0.0/8 to any in via tun0 ipfw add deny all from 172.16.0.0/12 to any in via tun0 ipfw add deny all from 192.168.0.0/16 to any in via tun0 ipfw add allow icmp from me to any keep-state ipfw add allow icmp from 192.168.5.0/24 to me ipfw add deny all from any to any frag ipfw add divert natd all from 192.168.5.220 to any out xmit tun0 ipfw add divert natd all from 192.168.7.70 to any out recv ppp\* xmit tun0 ipfw add divert natd all from any to 195.5.17.86 in recv tun0 ipfw add unreach filter-prohib ip from not me to any out recv any xmit tun0 ipfw add allow gre from 192.168.5.0/24 to me ipfw add allow gre from me to any ipfw add allow udp from me to any keep-state ipfw add allow tcp from me to any keep-state ipfw add allow tcp from any to any established ipfw add allow tcp from any to me 25 setup ipfw add allow tcp from any to me ssh setup ipfw add allow tcp from 192.168.7.0/24 to me 3128 setup ipfw add allow tcp from 192.168.7.0/24 to me 2080 setup via ppp\* ipfw add allow tcp from 192.168.7.0/24 to me pop3 setup via ppp\* ipfw add allow tcp from any to me http setup via tun0 ipfw add allow tcp from 192.168.7.0/24 to me setup via ppp\* ipfw add allow tcp from 192.168.5.0/24 to me pptp setup ipfw add allow tcp from 192.168.5.0/24 to me ftp\\-data-ftp setup via sk0 ipfw add allow udp from 192.168.7.0/24 to me 53 ipfw add allow udp from 192.168.5.0/24 to me 53 ipfw add allow tcp from any to me 53 setup ipfw add deny log all from any to any НЕ работает. начинает работать только если после правил divert стоит allow all from any to any, но это же не дело! что еще нужно? -- With best regards, Gregory Edigarov =================================================================== uanog mailing list. To Unsubscribe: send mail to majordomo@uanog.kiev.ua with "unsubscribe uanog" in the body of the message