Доброго времени суток.
Не могу понять почему для XP/2003 нормально нат работает пинги ходят в мир и
сайтики открываются без проблем, а под win7 только пинг работает причем на
разных ноутбуках с win7 одно и тоже. В другой сети на win7 все ок.
net.inet.ip.fw.one_pass: 1
net.link.ether.ipfw: 1
win7
${FwCMD} add 00452 nat 1 ip from 192.168.1.201 to any out xmit ${LanOut}
2003
${FwCMD} add 00451 nat 1 ip from 192.168.1.200 to any out xmit ${LanOut}
XP
${FwCMD} add 00499 nat 1 ip from 192.168.1.250 to any out xmit ${LanOut}
Правила IPFW
#!/bin/sh
FwCMD="/sbin/ipfw"
LanOut="alc0"
LanIn="fxp0"
LanIn2="fxp1"
IpOut="193.238.aaa.bbb"
NetOut="193.238.zzz.xxx"
NetOutMask="29"
IpIn="192.168.1.240"
NetIn="192.168.1.0"
NetInMask="24"
IpIn2="172.16.0.1"
NetIn2="172.16.0.0"
NetInMask2="12"
${FwCMD} -f flush
#arp
${FwCMD} add 5 allow mac-type 0x0806
${FwCMD} add 10 skipto 500 all from any to any layer2 in
${FwCMD} add 20 skipto 100 all from any to any not layer2 in
${FwCMD} add 30 skipto 100 all from any to any not layer2 out
${FwCMD} add 40 skipto 500 all from any to any layer2 out
${FwCMD} add 00100 check-state
${FwCMD} add 00101 count ip from any to any in via ${LanOut}
${FwCMD} add 00102 count ip from any to any out via ${LanOut}
${FwCMD} add 00103 count ip from any to any in via ${LanIn}
${FwCMD} add 00104 count ip from any to any out via ${LanIn}
${FwCMD} add 00105 count ip from any to any in via ${LanIn2}
${FwCMD} add 00106 count ip from any to any out via ${LanIn2}
#Allow any to any for lo0 and LanIn
${FwCMD} add 00115 allow ip from any to any via lo0
${FwCMD} add 00116 deny ip from ${NetIn}/${NetInMask} to
${NetIn2}/${NetInMask2} via ${LanIn}
${FwCMD} add 00117 deny ip from ${NetIn2}/${NetInMask2} to
${NetIn}/${NetInMask} via ${LanIn}
${FwCMD} add 00118 deny ip from ${NetIn2}/${NetInMask2} to
${NetIn}/${NetInMask} via ${LanIn2}
${FwCMD} add 00119 deny ip from ${NetIn}/${NetInMask} to
${NetIn2}/${NetInMask2} via ${LanIn2}
${FwCMD} add 00120 allow ip from any to any via ${LanIn}
${FwCMD} add 00121 allow ip from any to any via ${LanIn2}
#Service on LanOut
${FwCMD} add 00200 allow tcp from any to ${IpOut} dst-port 2112 via ${LanOut}
keep-state
${FwCMD} add 00205 allow tcp from any to ${IpOut} dst-port 2332 via ${LanOut}
keep-state
${FwCMD} add 00210 allow tcp from any to ${IpOut} dst-port 80 via ${LanOut}
keep-state
${FwCMD} add 00215 allow udp from any to ${IpOut} dst-port 53 via ${LanOut}
keep-state
${FwCMD} add 00220 allow tcp from any to ${IpOut} dst-port 25 via ${LanOut}
keep-state
${FwCMD} add 00290 allow tcp from any to ${IpOut} dst-port 48995-48998 via
${LanOut} keep-state
${FwCMD} add 00295 allow tcp from any to ${IpOut} 49152-65535 via ${LanOut}
keep-state
#Nat
${FwCMD} nat 1 config ip ${IpOut} log reset same_ports deny_in
${FwCMD} add 00400 nat 1 ip from any to ${IpOut} in recv ${LanOut}
${FwCMD} add 00410 nat 1 ip from ${IpOut} to any out xmit ${LanOut}
${FwCMD} add 00415 nat 1 ip from ${NetIn2}/${NetInMask2} to any out xmit
${LanOut}
${FwCMD} add 00450 nat 1 ip from 192.168.1.235 to any out xmit ${LanOut}
${FwCMD} add 00451 nat 1 ip from 192.168.1.200 to any out xmit ${LanOut}
${FwCMD} add 00452 nat 1 ip from 192.168.1.201 to any out xmit ${LanOut}
${FwCMD} add 00453 nat 1 ip from 192.168.1.202 to any out xmit ${LanOut}
${FwCMD} add 00497 nat 1 ip from 192.168.1.248 to any out xmit ${LanOut}
${FwCMD} add 00498 nat 1 ip from 192.168.1.249 to any out xmit ${LanOut}
${FwCMD} add 00499 nat 1 ip from 192.168.1.250 to any out xmit ${LanOut}
###### LAYER 2 #######
#Allow any to any for lo0 and LanOut on Layer2
${FwCMD} add 00500 allow ip from any to me layer2 in recv ${LanOut}
${FwCMD} add 00505 allow ip from me to any layer2 out xmit ${LanOut}
${FwCMD} add 00510 allow ip from any to me layer2 in recv lo0
${FwCMD} add 00515 allow ip from me to any layer2 out xmit lo0
${FwCMD} add 00600 allow ip from any to any layer2 via ${LanIn}
${FwCMD} add 00605 allow ip from any to any layer2 via ${LanIn2}
###########
${FwCMD} add 65533 deny log logamount 0 ip from any to any not layer2
${FwCMD} add 65534 deny log logamount 0 ip from any to any layer2
