(ipfw, ipfw nat, ipfw fw)
Необходимые опции ядра
Code Block |
---|
|
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPFIREWALL_NAT |
/etc/sysctl.conf
Code Block |
---|
|
net.inet.ip.fw.one_pass=0 |
Скрипт запуска:
Code Block |
---|
|
#!/bin/sh
IPFW="/sbin/ipfw"
EXT_IP="92.242.110.42"
ISP_IP="92.242.110.41"
FWD_NAT_ID=22
USER_TABLE_NUM=34
REDIRECT_IPS="10.0.0.0/24"
#Add NAT IP to table
${IPFW} table 33 add ${EXT_IP} ${FWD_NAT_ID}
${IPFW} nat ${FWD_NAT_ID} config ip ${EXT_IP} log
for ip_mask in ${REDIRECT_IPS} ; do
${IPFW} table ${USER_TABLE_NUM} add ${ip_mask} ${FWD_NAT_ID}
done;
${IPFW} 60010 nat tablearg ip from table\(34\) to any
${IPFW} 60015 add fwd ${ISP_IP} ip from ${EXT_IP} to any
${IPFW} 60020 nat tablearg ip from any to table\(33\) |