Записки старого админа

# cat /etc/static_ipfw.sh
 
#!/bin/sh
 
##FW
gw="88.99.131.xxx"
statIP="88.99.131.xxx/32"
statLAN="88.99.132"
pool="${statLAN}.1,${statLAN}.2,${statLAN}.3,${statLAN}.4,${statLAN}.5,${statLAN}.6,${statLAN}.7"
sosedi="192.168.0.0/24"
 
/sbin/ipfw -q flush
/sbin/ipfw -q pipe flush
 
###config
/sbin/ipfw add 10 allow ip from any to any via lo0
/sbin/ipfw add 20 divert 8700 tcp from me to not ${statLAN}.0/24 25
/sbin/ipfw add 30 fwd ${gw} tcp from ${statIP} to not ${statLAN}.0/24 25
/sbin/ipfw add 40 fwd ${gw} tcp from ${pool} 80,22,21,443 to ${statLAN}.0/24
/sbin/ipfw add 50 fwd ${gw} icmp from ${statLAN}.0/24 to any not dst-ip ${statIP}, ${statLAN}.0/24
/sbin/ipfw add 60 fwd ${gw} tcp from ${statIP} 22,80,443,25,110 to ${statLAN}.0/24
/sbin/ipfw add 70 fwd ${gw} tcp from  ${statLAN}.0/24 22,80,443,25,110 to ${sosedi}
/sbin/ipfw add 80 fwd ${gw} tcp from ${statLAN}.0/24 22,80,443,25,110 to not ${statLAN}.0/24
/sbin/ipfw add 90 fwd ${gw} tcp from ${pool} to any 5190
 
/sbin/ipfw add 110 pipe 1 tcp from not ${statLAN}.0/24 to ${statIP} 25 via rl0
/sbin/ipfw add 120 reject tcp  from any to any 135-139 via rl0
/sbin/ipfw add 130 reject udp  from any to any 135-139 via rl0
/sbin/ipfw add 140 fwd 127.0.0.1,3128 tcp from ${pool} to not ${statLAN}.0/24 80 via rl0
 
# NAT
/sbin/natd -p 8700 -n rl0
#from_ADSL
/sbin/natd -p 8701 -n tun0
 
##Sosedi
/sbin/ipfw pipe 1 config bw 2Mbit/s
/sbin/ipfw add 160 pipe 1 ip from ${sosedi} to any via rl1
/sbin/ipfw add 170 divert 8700 ip from any to any via rl0
/sbin/ipfw add 180 divert 8701 ip from any to any via tun0
/sbin/ipfw add 190 pipe 1 ip from any to ${sosedi} via rl1
 
/sbin/ipfw add 210 deny ip from ${statLAN}.0/24 to ${sosedi} via rl1
/sbin/ipfw add 220 deny ip from ${sosedi} to ${statLAN}.0/24 via rl1