Здравствуйте, после всех изменений и правок получился у меня наконец работающий скрипт #!/bin/sh ipfw -f flush ipfw add 1 check-state ipfw add 100 allow all from any to any via lo0 ipfw add deny all from 10.0.0.0/8 to any in via tun0 ipfw add deny all from 172.16.0.0/12 to any in via tun0 ipfw add deny all from 192.168.0.0/16 to any in via tun0 ipfw add deny all from any to any frag ipfw add divert natd all from any to 195.5.17.86 in ipfw add allow icmp from me to any ipfw add allow icmp from any to me ipfw add allow gre from 192.168.5.0/24 to me ipfw add allow gre from me to any ipfw add allow tcp from me to any keep-state ipfw add allow udp from me to any keep-state ipfw add allow udp from any to me 53 ipfw add allow tcp from any to any established ipfw add allow tcp from any to me 25 setup ipfw add allow tcp from any to me ssh setup ipfw add allow tcp from any to me http setup via tun0 ipfw add allow tcp from 192.168.7.0/24 to me 3128 setup via ppp\* ipfw add allow tcp from 192.168.7.0/24 to me 2080 setup via ppp\* ipfw add allow tcp from 192.168.7.0/24 to me pop3 setup via ppp\* ipfw add allow tcp from 192.168.5.0/24 to me pptp setup ipfw add allow tcp from 192.168.5.0/24 to me ftp\\-data-ftp setup via em0 ipfw add allow tcp from any to me 53 setup ipfw add skipto 10000 all from 192.168.7.40 to any in keep-state ipfw add skipto 10000 all from 192.168.7.65 to any in keep-state ipfw add skipto 10000 all from 192.168.7.100 to any in keep-state ipfw add deny all from any to any ipfw add 10000 divert natd all from 192.168.7.40 to any out keep-state ipfw add divert natd all from 192.168.7.65 to any out keep-state ipfw add divert natd all from 192.168.7.100 to any out keep-state ipfw add allow all from any to any так все работает. появилась другая задача: дать доступ из сети 10.100.105.0/24 к сети 192.168.5.0/24 и наоборот, при этом не давая доступа к серверу 192.168.5.1. заодно я решил упорядочить обработку. #!/bin/sh ipfw -f flush ipfw add 1 check-state ipfw add deny all from 10.0.0.0/8 to 195.5.17.86 ipfw add deny all from 172.16.0.0/16 to 195.5.17.86 ipfw add deny all from 192.168.0.0/16 to 195.5.17.86 ipfw add deny all from any to any frag ipfw add allow udp from me to any keep-state ipfw add allow tcp from me to any keep-state ipfw add allow icmp from me to any keep-state ipfw add allow all from me to any ipfw add allow tcp from any to any established ipfw add skipto 1000 all from any to 195.5.17.86 in via tun0 ipfw add skipto 2000 all from 192.168.5.0/24 to me in via em0 ipfw add skipto 3000 all from 192.168.7.0/24 to me in via ppp\* ipfw add skipto 4000 all from 192.168.5.0/24 to not me via em0 ipfw add skipto 5000 all from 10.100.105.0/24 to not me via em0 ipfw add skipto 6000 all from 192.168.7.0/24 to not me out xmit tun0 ipfw add deny log all from any to any ipfw add 1000 divert natd all from any to 195.5.17.86 ipfw add allow tcp from any to me smtp setup ipfw add allow tcp from any to me ssh setup ipfw add allow tcp from any to me domain setup ipfw add deny all from any to any ipfw add 2000 allow tcp from 192.168.5.0/24 to me ftp\\-data-ftp setup ipfw add allow tcp from 192.168.5.0/24 to me pptp setup ipfw add allow udp from 192.168.5.0/24 to me 53 ipfw add allow icmp from 192.168.5.0/24 to me ipfw add allow gre from 192.168.5.0/24 to me ipfw add deny all from any to any ipfw add 3000 allow tcp from 192.168.7.0/24 to me 3128 setup ipfw add allow tcp from 192.168.7.0/24 to me 2080 setup ipfw add allow tcp from 192.168.7.0/24 to me 25 setup ipfw add allow tcp from 192.168.7.0/24 to me 80 setup ipfw add allow tcp from 192.168.7.0/24 to me 110 setup ipfw add allow udp from 192.168.7.0/24 to me 53 ipfw add deny all from any to any ipfw add 4000 allow all from any to 10.100.105.0/24 via em0 ipfw add deny all from any to any ipfw add 5000 deny all from 10.100.105.0/24 to any out via tun0 ipfw add deny all from 10.100.105.0/24 to me via em0 ipfw add allow all from 10.100.105.0/24 to any ipfw add deny all from any to any ipfw add 6000 divert natd all from 192.168.7.40 to any via ppp\* ipfw add divert natd all from 192.168.7.100 to any via ppp\* ipfw add divert natd all from 192.168.7.65 to any via ppp\* ipfw add allow all from any to any и вообще ничего не работает. к большому сожалению я не имею сейчас возможности отладить второй скрипт, поэтому очень большая просьба подсказать в чем может быть проблема. х хотелось бы использовать именно второй скрипт , как более упорядоченый -- With best regards, Gregory Edigarov =================================================================== uanog mailing list. To Unsubscribe: send mail to majordomo@uanog.kiev.ua with "unsubscribe uanog" in the body of the message
participants (1)
-
Gregory Edigarov