Нужно такое:
Шлюз IP 192.168.1.1 rl1
IP 10.0.0.1 rl0Внешний IP 11.0.100.2 ng0
Клиентская сеть 10.0.0.0/8
192.168.1.0/24
ОС FreeBSD 5.3
Нужно организовывать доступ в интернет пользователям с двух сетей с подсчетом трафика через IPA.
Вот мой конфиг ipfw:
#!/bin/sh
ipfw='/sbin/ipfw -f'
${ipfw} flush
${ipfw} add divert natd ip from 192.168.1.0/24 to any out xmit ng0
${ipfw} add divert natd ip from 10.0.0.0/8 to any out xmit ng0
${ipfw} add divert natd ip from any to 11.0.100.2
${ipfw} add allow ip from any to any via lo0
${ipfw} add deny ip from any to 127.0.0.1/8
${ipfw} add deny ip from 127.0.0.1/8 to any
${ipfw} add allow icmp from any to any
${ipfw} add allow ip from me to any keep-state
${ipfw} add allow ip from any to me keep-state
${ipfw} add allow ip from 192.168.1.2 to any keep-state
${ipfw} add allow ip from any to 192.168.1.2 keep-state
${ipfw} add allow ip from 10.0.0.5 to any keep-state
${ipfw} add allow ip from any to 10.0.0.5 keep-state
Вот после некоторых часов работы ipfw show:
00100 40484 2239405 divert 8668 ip from 192.168.1.0/24 to any out xmit ng0
00200 38653 1749946 divert 8668 ip from 10.0.0.0/8 to any out xmit ng0
00300 89075 29025461 divert 8668 ip from any to 11.0.100.2
00400 122 31338 allow ip from any to any via lo0
00500 0 0 deny ip from any to 127.0.0.0/8
00600 0 0 deny ip from 127.0.0.0/8 to any
00700 554 49832 allow icmp from any to any
00800 195365 77656406 allow ip from me to any keep-state
00900 61000 4045434 allow ip from any to me keep-state
01000 118177 13423741 allow ip from 192.168.1.2 to any keep-state
01100 229 11129 allow ip from any to 192.168.1.2 keep-state
01200 113965 12774764 allow ip from 10.0.0.5 to any keep-state
01300 11 440 allow ip from any to 10.0.0.5 keep-state
65535 601 78900 deny ip from any to any
Вопрос почему в правилах 110 и 1300 так мало трафика, этоже не может быть?
