sorry to reply late,my english is pool. no problem to this: ########################## #net.inet.ip.forwarding=1# #pfctl -e # ##########################
########################## # pfctl -v -sr today # ########################## scrub in all fragment reassemble [ Evaluations: 11830670 Packets: 5930890 Bytes: 0 States: 0 ] block return all [ Evaluations: 2973598 Packets: 23016 Bytes: 1745512 States: 0 ] pass quick on lo all [ Evaluations: 2973598 Packets: 122 Bytes: 18622 States: 0 ] pass quick on rl0 all [ Evaluations: 2973476 Packets: 2949784 Bytes: 2295497644 States: 0 ] block drop in quick on ! lo inet from 127.0.0.0/8 to any [ Evaluations: 23692 Packets: 0 Bytes: 0 States: 0 ] block drop in quick on ! lo inet6 from ::1 to any [ Evaluations: 23178 Packets: 0 Bytes: 0 States: 0 ] block drop in quick inet from 127.0.0.1 to any [ Evaluations: 23178 Packets: 0 Bytes: 0 States: 0 ] block drop in quick inet6 from ::1 to any [ Evaluations: 23178 Packets: 0 Bytes: 0 States: 0 ] block drop in quick on lo0 inet6 from fe80::1 to any [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] block drop in quick on ! rl0 inet from 192.168.0.0/24 to any [ Evaluations: 23178 Packets: 0 Bytes: 0 States: 0 ] block drop in quick inet from 192.168.0.254 to any [ Evaluations: 23178 Packets: 0 Bytes: 0 States: 0 ] block drop in quick on rl0 inet6 from fe80::211:d8ff:fe79:d52b to any [ Evaluations: 23178 Packets: 0 Bytes: 0 States: 0 ] pass in log on fxp0 inet proto tcp from any to 219.153.7.245 port = ssh flags S/SA keep state [ Evaluations: 23178 Packets: 4422 Bytes: 568580 States: 1 ] pass in log on fxp0 inet proto tcp from any to 192.168.0.1 port = ftp flags S/SA synproxy state [ Evaluations: 8733 Packets: 0 Bytes: 0 States: 0 ] pass in log on fxp0 inet proto tcp from any to 192.168.0.1 port = 1433 flags S/SA synproxy state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] pass in log on fxp0 inet proto tcp from any to 192.168.0.1 port = 1434 flags S/SA synproxy state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] pass in on fxp0 inet proto tcp from any to 192.168.0.1 port = www flags S/SA synproxy state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] pass in on fxp0 inet proto tcp from any to 192.168.0.1 port = 5631 flags S/SA synproxy state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] pass in on fxp0 inet proto tcp from any to 192.168.0.1 port = domain flags S/SA keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] pass in on fxp0 inet proto udp from any to 192.168.0.1 port = domain keep state [ Evaluations: 14445 Packets: 0 Bytes: 0 States: 0 ] pass out on fxp0 proto tcp all modulate state [ Evaluations: 23692 Packets: 48834 Bytes: 40407410 States: 0 ] pass out on fxp0 proto udp all keep state [ Evaluations: 514 Packets: 24 Bytes: 3090 States: 0 ] pass out on fxp0 proto icmp all keep state [ Evaluations: 514 Packets: 0 Bytes: 0 States: 0 ] you can see all transports into rl0,this NIC is $int_if!!!!! pass quick on rl0 all [ Evaluations: 2973476 Packets: 2949784 Bytes: 2295497644 States: 0 ] pass in on fxp0 inet proto tcp from any to 192.168.0.1 port = www flags S/SA synproxy state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] i change rules: pass quick on lo # int_if ruls pass in on $int_if all pass out on $int_if all and now! pass in log on fxp0 inet proto tcp from any to 192.168.0.1 port = www flags S/SA synproxy state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] pass in on rl0 all [ Evaluations: 1439 Packets: 698 Bytes: 581499 States: 0 ] pass out on rl0 all [ Evaluations: 1434 Packets: 736 Bytes: 89178 States: 0 ] web server works fine! and i try to this: block in on $ext_if inet proto tcp to $web_server port 80 #pass in log on $ext_if inet proto tcp from any to $web_server port 80 flags S/SA synproxy state my god,web server works fine too!!!!!!!! /~*~\\ ---- iGENUS is a free webmail interface, NO fee, download --------------------------------------------------------- please visit http://www.qmail.org
