Чудеса c ipfw

Вобщем такая проблемма - после перезагрузки сервера (или перезагрузке noserver.pl), инет у абонов не работает, стоит только зайти по ssh и запустить вручную /etc/rc.firewall то все сразу ок.

Содержимое /etc/rc.firewall:

Код:

#!/bin/sh
f='/sbin/ipfw'

ifOut='fxp0'
ifOut2='tun1'

# Сети, в/из которых трафик блокируем

${f} -f flush

${f} add 20 allow ip from me to any
${f} add 21 allow ip from any to me

${f} pipe 40 config bw 65Mbit/s queue 50
${f} queue 1 config pipe 40 weight 99
${f} queue 2 config pipe 40 weight 75
${f} queue 3 config pipe 40 weight 50
${f} queue 4 config pipe 40 weight 1
${f} add 32540 queue 1 tcp from any 80 to any via fxp0 in
${f} add 32540 queue 1 icmp from any to any via fxp0 in
${f} add 32541 queue 2 udp from any 53,2106,3724,7777,8085,27005,27010,27015,27016 to any via fxp0 in
${f} add 32542 queue 3 tcp from any to any via fxp0 in
${f} add 32543 queue 4 udp from any to any via fxp0 in

${f} add 44 pipe tablearg ip from "table(11)" to any in
${f} add 45 pipe tablearg ip from any to "table(10)" out

${f} add 100 allow ip from me 1812,1813 to 192.168.11.111
${f} add 100 allow ip from 192.168.11.111 to me 1812,1813

${f} add 110 allow ip from any to any via lo0
${f} add 120 skipto 1000 ip from me to any
${f} add 140 deny ip from any to "table(120)"
${f} add 150 deny ip from "table(120)" to any
${f} add 160 skipto 2000 ip from any to me

${f} add 200 skipto 500 ip from any to any via ${ifOut}

${f} add 300 skipto 4500 ip from any to any in

${f} add 400 skipto 450 ip from any to any recv ${ifOut}

${f} add 32500 tee 11100 ip from any to any
${f} add 520 tee 11200 ip from any to any
${f} add 490 allow ip from any to any out

${f} add 500 skipto 32500 ip from any to any in
${f} add 540 allow ip from any to any keep-state

${f} add 1000 allow udp from any 53,7723 to any
${f} add 1010 allow tcp from any to any setup keep-state
${f} add 1020 allow udp from any to any keep-state
${f} add 1100 allow ip from any to any

${f} add 2000 check-state
${f} add 2010 allow icmp from any to any
${f} add 2020 allow tcp from any to any 80,443
${f} add 2030 allow gre from any to any
${f} add 2050 deny ip from any to any via ${ifOut}
${f} add 2050 deny ip from any to any via ${ifOut2}
${f} add 2060 allow udp from any to any 53,7723


${f} add 2100 deny ip from any to any

${f} add 4 count all from any to any via fxp0 in
${f} add 6 count all from any to any via fxp0 out
${f} add 32490 deny ip from any to any

ipfw show сразу после загрузки (инет не пашет):

Код:

00004  9208  728033 count ip from any to any via fxp0 in
00006  9419  488929 count ip from any to any via fxp0 out
00020 12240 2005520 allow ip from me to any
00021 11219  943440 allow ip from any to me
00044  1520  100086 pipe tablearg ip from table(11) to any in
00045     0       0 pipe tablearg ip from any to table(10) out
00100     0       0 allow ip from me 1812,1813 to 192.168.11.111
00100     0       0 allow ip from 192.168.11.111 to me dst-port 1812,1813
00110     0       0 allow ip from any to any via lo0
00120     0       0 skipto 1000 ip from me to any
00140     0       0 deny ip from any to table(120)
00150     0       0 deny ip from table(120) to any
00160     0       0 skipto 2000 ip from any to me
00200  2490  158120 skipto 500 ip from any to any via fxp0
00300  2101  253241 skipto 4500 ip from any to any in
00400     0       0 skipto 450 ip from any to any recv fxp0
00490     0       0 allow ip from any to any out
00500  1120   77112 skipto 32500 ip from any to any in
00520  1370   81008 tee 11200 ip from any to any
00540  1370   81008 allow ip from any to any keep-state
01000     0       0 allow udp from any 53,7723 to any
01010     0       0 allow tcp from any to any setup keep-state
01020     0       0 allow udp from any to any keep-state
01100     0       0 allow ip from any to any
02000     0       0 check-state
02010     0       0 allow icmp from any to any
02020     0       0 allow tcp from any to any dst-port 80,443
02030     0       0 allow gre from any to any
02050     0       0 deny ip from any to any via fxp0
02050     0       0 deny ip from any to any via tun1
02060     0       0 allow udp from any to any dst-port 53,7723
02100     0       0 deny ip from any to any
05000     0       0 deny ip from not table(0) to any
05001     0       0 skipto 5010 ip from table(127) to table(126)
05002  2097  252805 skipto 5030 ip from any to not table(2)
05003     0       0 deny ip from any to not table(1)
05004     0       0 pipe tablearg ip from table(21) to any
05005     0       0 deny ip from any to any
05010     0       0 pipe tablearg ip from table(127) to any
05030     0       0 deny tcp from table(15) to any dst-port 25
05400     0       0 pipe tablearg ip from table(11) to any
32000  2097  252805 deny ip from any to any
32490     4     436 deny ip from any to any
32500  1120   77112 tee 11100 ip from any to any
32540   416   19660 queue 1 tcp from any 80 to any via fxp0 in
32540    89    6734 queue 1 icmp from any to any via fxp0 in
32541    30    4404 queue 2 udp from any 53,2106,3724,7777,8085,27005,27010,27015,27016 to any via fxp0 in
32542   386   17870 queue 3 tcp from any to any via fxp0 in
32543   199   28444 queue 4 udp from any to any via fxp0 in
33000     0       0 pipe tablearg ip from table(126) to table(127)
33001     0       0 skipto 33010 ip from not table(2) to any
33002     0       0 pipe tablearg ip from any to table(20)
33003     0       0 deny ip from any to any
33400     0       0 pipe tablearg ip from any to table(10)
65535   130    8215 allow ip from any to any

ipfw show после ручного запуска /etc/rc.firewall (инет пашет):

Код:

00004 12475 7310601 count ip from any to any via fxp0 in
00006 11990 1416800 count ip from any to any via fxp0 out
00020  7320 1893293 allow ip from me to any
00021  5082  559953 allow ip from any to me
00044 10177 1332284 pipe tablearg ip from table(11) to any in
00045 10555 7118831 pipe tablearg ip from any to table(10) out
00100     0       0 allow ip from me 1812,1813 to 192.168.11.111
00100     0       0 allow ip from 192.168.11.111 to me dst-port 1812,1813
00110     0       0 allow ip from any to any via lo0
00120     0       0 skipto 1000 ip from me to any
00140     0       0 deny ip from any to table(120)
00150     0       0 deny ip from table(120) to any
00160     0       0 skipto 2000 ip from any to me
00200 20665 8430124 skipto 500 ip from any to any via fxp0
00300   475   60625 skipto 4500 ip from any to any in
00400     0       0 skipto 450 ip from any to any recv fxp0
00490     2     104 allow ip from any to any out
00500 10552 7114462 skipto 32500 ip from any to any in
00520 10109 1311418 tee 11200 ip from any to any
00540 10109 1311418 allow ip from any to any keep-state
01000     0       0 allow udp from any 53,7723 to any
01010     0       0 allow tcp from any to any setup keep-state
01020     0       0 allow udp from any to any keep-state
01100     0       0 allow ip from any to any
02000     0       0 check-state
02010     0       0 allow icmp from any to any
02020     0       0 allow tcp from any to any dst-port 80,443
02030     0       0 allow gre from any to any
02050     0       0 deny ip from any to any via fxp0
02050     0       0 deny ip from any to any via tun1
02060     0       0 allow udp from any to any dst-port 53,7723
02100     0       0 deny ip from any to any
32490   475   60625 deny ip from any to any
32500 10552 7114462 tee 11100 ip from any to any
32540  6713 5924069 queue 1 tcp from any 80 to any via fxp0 in
32540   138   13495 queue 1 icmp from any to any via fxp0 in
32541     0       0 queue 2 udp from any 53,2106,3724,7777,8085,27005,27010,27015,27016 to any via fxp0 in
32542  2236  863565 queue 3 tcp from any to any via fxp0 in
32543  1470  317914 queue 4 udp from any to any via fxp0 in
65535   142   10020 allow ip from any to any

С таблицам файрвола вроде все ок. Я так понимаю вся проблемма с 5000 по 32000 правило, но они вроде как правильные. Что еще можно посмотреть?
ЗЫ: нодени 50.32