Есть natd и firewall c указанынми правилами
машины из внутренней сети не могут получить доступ в инет???
запускала natd -v вроде все транслирует , а доступа нет, мало того если правила с natd пересестить ниже (там сейчас оно закомментировано), так вообще ерунда получается откуда то снаржи гуляют фейковые пакеты!!!!
ПОМОГИТЕ ПОЖАЛУЙСТА!!!! В ЧЕМ ТУТ ПРОБЛЕМА!!!!????
rc.firewall
-----------
#!/bin/sh
natd_interface=dc0
# set these to your outside interface network and netmask and ip
oif="dc0"
onet="...."
omask="255.255.255.224"
oip="..."
# set these to your inside interface network and netmask and ip
iif="xl0"
inet="192.168.1.0"
imask="255.255.255.0"
iip="192.168.1.254"
${fwcmd} -f flush
${fwcmd} add divert natd all from any to any via dc0
${fwcmd} add pass all from any to any via lo0
${fwcmd} add deny all from any to 10.0.0.0/8 in via ${oif}
${fwcmd} add deny all from 10.0.0.0/8 to any in via ${oif}
${fwcmd} add deny log all from any to 10.0.0.0/8 out via ${oif}
${fwcmd} add deny log all from 10.0.0.0/8 to any out via ${oif}
${fwcmd} add deny all from any to 172.16.0.0/12 in via ${oif}
${fwcmd} add deny all from 172.16.0.0/12 to any in via ${oif}
${fwcmd} add deny log all from any to 172.16.0.0/12 out via ${oif}
${fwcmd} add deny log all from 172.16.0.0/12 to any out via ${oif}
${fwcmd} add deny all from any to 192.168.0.0/16 in via ${oif}
${fwcmd} add deny all from 192.168.0.0/16 to any in via ${oif}
${fwcmd} add deny log all from any to 192.168.0.0/16 out xmit ${oif}
${fwcmd} add deny log all from 192.168.0.0/16 to any out xmit ${oif}
${fwcmd} add deny all from 127.0.0.0/8 to any in via ${oif}
${fwcmd} add deny log all from 127.0.0.0/8 to any out via ${oif}
${fwcmd} add deny log all from 255.255.255.255 to any in via ${oif}
${fwcmd} add deny log all from any to 0.0.0.0 in via ${oif}
${fwcmd} add deny log all from 255.255.255.255 to any out via ${oif}
${fwcmd} add deny log all from any to 0.0.0.0 out via ${oif}
${fwcmd} add deny log all from 244.0.0.0/4 to any in via ${oif}
${fwcmd} add deny log all from any to 244.0.0.0/4 out via ${oif}
${fwcmd} add deny log all from 244.0.0.0/5 to any in via ${oif}
${fwcmd} add deny log all from any to 244.0.0.0/5 out via ${oif}
#${fwcmd} add divert natd all from any to any via dc0
#${fwcmd} add pass all from any to any via lo0
# Allow DNS queries out in the world
${fwcmd} add pass udp from ${oip} to any 53 out via dc0
${fwcmd} add pass udp from any 53 to ${oip} in via dc0
#${fwcmd} add pass udp from any 53 to any in via dc0
${fwcmd} add pass tcp from ${oip} to any 53 out via dc0
${fwcmd} add pass tcp from any 53 to ${oip} in via dc0 established
${fwcmd} add pass tcp from ${oip} to any auth out via dc0
${fwcmd} add pass tcp from any to ${oip} auth in via dc0 established
${fwcmd} add pass tcp from ${oip} to any 25 out via dc0
${fwcmd} add pass tcp from any 25 to ${oip} in via dc0 established
${fwcmd} add pass tcp from any to ${oip} 25 in via dc0
${fwcmd} add pass tcp from ${oip} 25 to any out via dc0 established
${fwcmd} add pass tcp from any to ${oip} 110 in via dc0
${fwcmd} add pass tcp from ${oip} 110 to any out via dc0 established
${fwcmd} add pass tcp from any to ${oip} 22 in via dc0
${fwcmd} add pass tcp from ${oip} 22 to any out via dc0 established
${fwcmd} add pass tcp from ${oip} to any 22 out via dc0
${fwcmd} add pass tcp from any 22 to ${oip} in via dc0 established
${fwcmd} add pass tcp from ${oip} to any 21 out via dc0
${fwcmd} add pass tcp from any 21 to ${oip} in via dc0 established
${fwcmd} add pass tcp from any 20 to ${oip} 1024-65535 in via dc0
${fwcmd} add pass tcp from ${oip} 1024-65535 to any 20 out via dc0 established
${fwcmd} add pass tcp from any 1024-65535 to ${oip} 1024-65535 in via dc0
${fwcmd} add pass tcp from ${oip} 1024-65535 to any 1024-65535 out via dc0 established
${fwcmd} add pass tcp from any to ${oip} 80 in via dc0
${fwcmd} add pass tcp from ${oip} 80 to any out via dc0 established
${fwcmd} add pass tcp from ${oip} to any 80 out via dc0
${fwcmd} add pass tcp from any 80 to ${oip} in via dc0 established
${fwcmd} add pass tcp from ${oip} to any 443 out via dc0
${fwcmd} add pass tcp from any 443 to ${oip} in via dc0 established
${fwcmd} add pass tcp from any to ${iip} 3128 in via xl0
${fwcmd} add pass tcp from ${iip} 3128 to any out via xl0 established
${fwcmd} add pass tcp from any to ${oip} 3128 in via dc0
${fwcmd} add pass tcp from ${oip} 3128 to any out via dc0 established
# Allow NTP queries out in the world
${fwcmd} add pass udp from ${oip} to any 123
${fwcmd} add pass udp from any 123 to ${oip}
${fwcmd} add pass all from 192.168.1.0/24 to any in via xl0
${fwcmd} add pass all from any to 192.168.1.9/24 out via xl0
${fwcmd} add pass all from any to any via ppp0
А вот если разершить на внешнем интерфейсе хождение пакетов 192.168. все в порядке???!!!!!!!!
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.