>> Есть шлюз на FreeBSD(ipfw+squid в прозрачном режиме). Шлюз отрабатывает свое идеально,
>> кидает пакеты из сетки в сетку, за шлюзом у всех есть
>> интернет. Но сам сервер не видит ни шлюза провайдера ни интернет
>> в целом. Ни пинг ни wget не проходят.
>> Что может вызвать такое странное поведение?
> настройки файрволла.#!/bin/sh
outif="dc0"
outip="XXX.X.XXX.XX"
#outip="192.168.1.1"
intif="rl0"
intip="192.168.100.115"
lmask="192.168.100.0/24"
fw="/sbin/ipfw"
# Flush the list
#
${fw} -f flush
# pipe
${fw} -f pipe flush
#
#${fw} -f queue flush
${fw} add allow all from any to any via ${intif}
#Remote Access
# remote access for 'yellow' (comment strings if you don't need them)
#${fw} add allow icmp from ${yellowip} to me via ${outif}
#${fw} add allow ip from ${yellowip} to me 22 via ${outif}
#${fw} add allow ip from me to ${yellowip} via ${outif}
# Remote Access for Piter
${fw} add allow all from ${yellowip} to ${outip} dst-port 3389
${fw} add allow all from ${piterip1} to ${outip} dst-port 3389
${fw} add allow all from ${piterip2} to ${outip} dst-port 3389
#natd -a ${outip} -p 3389 -redirect_port tcp 192.168.100.203:3389 3389
#${fw} add divert 3389 log ip from ${yellowip} to any out via ${outif}
#${fw} add divert 3389 log ip from any to ${outip} in via ${outif}
#--- Bear
#${fw} add allow tcp from any to me 1235 in
#${fw} add allow tcp from any to 188.133.155.146 1235
#${fw} add allow tcp from 188.133.155.146 1235 to any
#${fw} add allow tcp from me 1235 to any out
${fw} add allow all from any to any dst-port 22
#---
# ${fw} add allow all from any to any dst-port 80
# ${fw} add allow all from any to any dst-port 9009
${fw} add allow all from any to any dst-port 5000
${fw} add allow all from any to any dst-port 3389
${fw} add allow all from any to any dst-port 1235
${fw} add allow all from any to any dst-port 1238
${fw} add allow all from any to any dst-port 1237
${fw} add allow all from any to any dst-port 1234
${fw} add allow all from any to any dst-port 3390
#${fw} add allow tcp from any to any 1235 keep-state
#${fw} add pass all from any to any via ${intif}
#${fw} add allow all from any to any dst-port 1235
${fw} add pass all from any to any via lo0
${fw} add allow all from any to any dst-port 535
#${fw} add deny all from any to any dst-port 110
#${fw} add deny all from any to any dst-port smtp
#${fw} add deny all from any to ${outip} dst-port 22
#${fw} add deny all from any to ${outip} dst-port 80
${fw} add deny all from any to ${outip} dst-port 138
${fw} add deny all from any to ${outip} dst-port 139
${fw} add deny all from any to ${outip} dst-port 7000
############ DENY !
${fw} table 2 add 195.218.169.203
${fw} table 2 add 194.85.153.209
${fw} table 2 add 195.218.169.137
${fw} table 2 add 195.218.169.178
${fw} table 2 add 195.218.169.203
${fw} table 2 add 195.222.187.139
${fw} table 2 add 195.222.187.171
${fw} table 2 add 212.119.200.146
${fw} table 2 add 212.44.139.84
${fw} table 2 add 213.221.7.105
${fw} table 2 add 213.221.7.74
${fw} table 2 add 213.33.198.141
${fw} table 2 add 213.33.198.171
${fw} table 2 add 213.33.198.210
${fw} table 2 add 213.33.198.214
${fw} table 2 add 213.33.198.218
${fw} table 2 add 213.33.198.222
${fw} table 2 add 213.59.1.38
${fw} table 2 add 217.106.230.130
${fw} table 2 add 218.172.107.161
${fw} table 2 add 62.105.129.115
${fw} table 2 add 62.105.149.106
${fw} table 2 add 62.212.82.74
#${fw} table 2 add 87.240.131.100
#${fw} table 2 add 87.240.131.97
#${fw} table 2 add 87.240.131.98
#${fw} table 2 add 87.240.131.99
#${fw} table 2 add 87.240.188.249
#${fw} table 2 add 87.240.188.250
${fw} table 2 add 93.186.224.100
#${fw} table 2 add 93.186.224.240
#${fw} table 2 add 93.186.224.243
${fw} table 2 add 93.186.225.211
${fw} table 2 add 93.186.225.212
${fw} table 2 add 93.186.226.130
${fw} table 2 add 93.186.226.4
${fw} table 2 add 93.186.226.5
${fw} table 2 add 93.186.227.123
${fw} table 2 add 93.186.227.124
${fw} table 2 add 93.186.227.125
${fw} table 2 add 93.186.227.126
${fw} table 2 add 93.186.227.129
${fw} table 2 add 93.186.227.130
${fw} table 2 add 93.186.228.129
${fw} table 2 add 93.186.228.130
${fw} table 2 add 93.186.229.129
${fw} table 2 add 93.186.229.130
${fw} table 2 add 93.186.229.2
${fw} table 2 add 93.186.229.3
${fw} table 2 add 93.186.231.218
${fw} table 2 add 93.186.231.219
${fw} table 2 add 93.186.231.220
${fw} table 2 add 93.186.231.221
${fw} table 2 add 93.186.231.222
${fw} table 2 add 93.186.237.2
${fw} table 2 add 93.186.238.24
${fw} table 2 add 93.186.239.253
${fw} table 2 add 95.142.192.85
${fw} table 2 add 95.142.192.87
${fw} table 2 add 95.142.192.88
${fw} table 2 add 95.142.192.89
${fw} table 2 add 95.142.192.90
${fw} table 2 add 95.142.192.91
${fw} table 2 add 94.28.20.6
#666_${fw} add set 2 deny log logamount 100 ip4 from table\(2\) to any
############ DENY !
#${fw} add fwd 192.168.100.1,7000 tcp from 192.168.100.0/24 to any dst-port 80,81,82,88,3128,8080,8101
#${fw} add allow tcp from any to any 80 keep-state
${fw} add pass all from any to any via ${intif}
${fw} add allow all from any to any via tun0
${fw} add allow all from any to any in via tun0
${fw} add allow all from any to any out via tun0
# Pipe rules to drop int speed to 256Kbit
${fw} add pipe 23 ip from any to 192.168.100.15 out
${fw} add pipe 24 ip from 192.168.100.15 to any in
${fw} pipe 23 config bw 256Kbit/s
${fw} pipe 24 config bw 256Kbit/s
${fw} add pipe 40 ip from any to 192.168.100.40 out
${fw} add pipe 41 ip from 192.168.100.40 to any in
${fw} pipe 40 config bw 256Kbit/s
${fw} pipe 41 config bw 160Kbit/s
${fw} add pipe 42 ip from any to 192.168.100.121 out
${fw} add pipe 43 ip from 192.168.100.121 to any in
${fw} pipe 42 config bw 256Kbit/s
${fw} pipe 43 config bw 256Kbit/s
${fw} add pipe 44 ip from 192.168.100.43 to any in
${fw} pipe 44 config bw 256Kbit/s
#${fw} pipe 1 config bw 56Kbit/s
#${fw} queue 1 config pipe 1 weight 50 mask dst-ip 0x00000000
#${fw} queue 2 config pipe 2 weight 75 mask dst-ip 0x00000000
#${fw} add queue 9 ip from any to 192.168.100.15
#${fw} pipe 9 config bw 56Kbit/s
#${fw} add queue 2 ip from any to 192.168.100.122/25
#natd -a ${outip} -p 8888 -redirect_port tcp 192.168.100.100:6666 6666
#${fw} add divert 8888 log ip from ${lmask} to any out via ${outif}
#${fw} add divert 8888 log ip from any to ${outip} in via ${outif}
#${fw} add pass log tcp from ${outip} 6666 to any via ${outif}
#${fw} add pass log tcp from any to ${outip} 6666 via ${outif}
#natd -a ${outip} -p 8887 -redirect_port udp 192.168.100.201:1234 1234
#${fw} add divert 8887 log ip from ${lmask} to any out via ${outif}
#${fw} add divert 8887 log ip from any to ${outip} in via ${outif}
#${fw} add pass log udp from ${outip} 1234 to any via ${outif}
#${fw} add pass log udp from any to ${outip} 1234 via ${outif}
natd -a ${outip} -p 8888 -redirect_port tcp 192.168.100.201:1234 1234
natd -a ${outip} -p 8888 -redirect_port udp 192.168.100.201:1234 1234
${fw} add divert 8888 log ip from ${lmask} to any out via ${outif}
${fw} add divert 8888 log ip from any to ${outip} in via ${outif}
${fw} add pass log tcp from ${outip} 1234 to any via ${outif}
${fw} add pass log tcp from any to ${outip} 1234 via ${outif}
${fw} add pass log udp from ${outip} 1234 to any via ${outif}
${fw} add pass log udp from any to ${outip} 1234 via ${outif}
#close mail to out allow mail in
#${fw} add pass tcp from ${lmask} to ${intip} 25 via ${intif}
#${fw} add pass tcp from ${lmask} to ${outip} 25
#${fw} add deny tcp from ${lmask} to any 25
#${fw} add pass tcp from any to ${outip} 25
# Traffic blocks for users
Vk.com
${fw} add deny all from 192.168.100.7 to 87.240.143.243
${fw} add deny all from 192.168.100.7 to 87.240.143.244
${fw} add deny all from 192.168.100.7 to 87.240.143.245
${fw} add deny all from 192.168.100.7 to 87.240.143.246
${fw} add deny all from 192.168.100.7 to 87.240.143.247
${fw} add deny all from 192.168.100.7 to 87.240.143.248
${fw} add deny all from 192.168.100.7 to 87.240.131.97
${fw} add deny all from 192.168.100.7 to 87.240.131.98
${fw} add deny all from 192.168.100.7 to 87.240.131.99
${fw} add deny all from 192.168.100.7 to 87.240.131.100
${fw} add deny all from 192.168.100.7 to 87.240.131.101
${fw} add deny all from 192.168.100.7 to 87.240.131.102
${fw} add deny all from 192.168.100.7 to 87.240.131.103
${fw} add deny all from 192.168.100.7 to 87.240.131.104
${fw} add deny all from 192.168.100.7 to 87.240.143.241
${fw} add deny all from 192.168.100.7 to 87.240.143.242
# Odnoklassniki.ru
${fw} add deny all from 192.168.100.203 to 217.20.147.94
${fw} add deny all from 192.168.100.203 to 87.240.143.247
${fw} add deny all from 192.168.100.203 to 87.240.188.254
${fw} add deny all from 192.168.100.203 to 89.188.101.77
# End of traffic blocks
#Divert if NAT emplement
${fw} add divert natd all from 192.168.100.1 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.2 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.3 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.4 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.5 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.6 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.7 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.8 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.9 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.10 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.11 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.12 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.16 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.17 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.18 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.19 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.20 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.23 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.24 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.33 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.36 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.41 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.42 to any out recv ${intif} xmit ${outif}
#${fw} add divert natd all from 192.168.100.43 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.52 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.93 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.102 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.106 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.115 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.120 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.123 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.128 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.131 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.133 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.139 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.159 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.174 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.188 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.199 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.201 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.203 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.232 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.244 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.246 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.247 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.248 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.249 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.250 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.251 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.252 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from 192.168.100.254 to any out recv ${intif} xmit ${outif}
${fw} add divert natd all from not 192.168.100.1 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.2 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.3 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.4 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.5 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.6 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.7 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.8 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.9 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.10 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.11 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.12 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.16 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.17 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.18 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.19 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.20 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.23 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.24 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.33 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.36 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.41 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.42 to ${outip} recv ${outif}
#${fw} add divert natd all from not 192.168.100.43 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.52 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.93 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.102 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.106 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.115 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.120 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.123 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.128 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.131 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.133 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.139 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.159 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.174 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.188 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.199 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.201 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.203 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.232 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.244 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.246 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.247 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.248 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.249 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.250 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.251 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.252 to ${outip} recv ${outif}
${fw} add divert natd all from not 192.168.100.254 to ${outip} recv ${outif}
${fw} add allow ip from any to any
${fw} add allow all from any to any
Версия для распечатки
FreeBSD шлюз не видит инет локально, 
Flamp, 13-Дек-12, 13:13 [смотреть все]
