Друзья, найдётся ли добрый человек и объяснит ли, что делает мой файрвол и как в нём настроить прохождение icmp пакетов и ssh? Объём благодарности даже выразить нельзя!)))
Код:
Настройка ipfw
eif="reo"
iif="re1"
ipout="87.230.212.135"
$cmd -f flush
$cmd add allow all from any to any via lo0
$cmd add deny ip from any to 127.0.0.0/8
$cmd add deny ip from 127.0.0.0/8 to any
##NAT##
$cmd add pass ip from any to any via $iif
$cmd nat 1 config log if $eif reset same ports
$cmd add nat 1 ip from any to $ipout in recv $eif
##SSH##
$cmd add pass ip from 172.16.7.5 to any ssh via $iif
$cmd add pass ip from me ssh to 172.16.7.5 via $iif
##DNS##
$cmd add pass ip from any 53 to any
$cmd add pass ip from any to any 53
##ICMP##
$cmd add pass icmp from 172.16.7.5 to any via $eif
$cmd add pass icmp from any to 172.16.7.5 via $iif
$cmd add pass icmp from any to 172.16.7.5 via $eif
##INET##
$cmd add nat 1 ip from 172.16.7.5 to any 80,443 out xmit $eif
$cmd add pass ip from any 80,443 to 172.16.7.5 in recv $eif
##Outgoing##
$cmd add pass ip from $ipout to any out xmit $eif
ipfw show
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 455 210554 allow ip from any to any via re1
00500 286 215296 nat 1 ip from any to 87.230.212.135 in recv re0
00600 0 0 allow ip from 172.16.7.5 to any dsr-port 22 via re1
00700 0 0 allow ip from me 22 to 172.16.7.5 via re1
00800 88 37947 allow ip from any 53 to any
00900 89 6947 allow ip from any to any dst-port 53
01000 0 0 allow icmp from 172.16.7.5 to any out xmit re0
01100 0 0 allow icmp from any to 172.16.7.5 out xmit re0
01200 149 20472 nat 1 ip from 172.16.7.5 to any dst-port 80,443 out xmit re0
01300 198 177349 allow ip from any 80,443 to 172.16.7.5 in recv re0
01400 155 20808 allow ip from 87.230.212.135 to any out xmit re0
65535 47019 4724928 deny ip from any to any
