есть задача раскидать юзеров
есть много реальников(относительно много)
вот на чем остановился
ext_if = "igb0"
ext_ip = "111.111.111.149"
set limit states 128000
set optimization aggressive
scrub in all fragment reassemble
scrub out all random-id max-mss 1450
nat pass on $ext_if from 10.126.27.0/24 to any -> 111.111.111.131
nat pass on $ext_if from 10.126.22.0/24 to any -> 111.111.111.131
nat pass on $ext_if from '10.126.21.1 - 10.126.21.125' to any -> 111.111.111.132
nat pass on $ext_if from '10.126.21.126 - 10.126.21.254' to any -> 111.111.111.137
nat pass on $ext_if from '10.126.18.1 -10.126.18.85' to any -> 111.111.111.134
nat pass on $ext_if from '10.126.18.86 -10.126.18.172' to any -> 111.111.111.135
nat pass on $ext_if from '10.126.18.173 -10.126.18.254' to any -> 111.111.111.136
nat pass on $ext_if from 10.125.20.0/24 to any -> 111.111.111.136
#nat pass on $ext_if from 10.0.0.0/8 to any -> ($ext_if)
#nat pass on $ext_if from 10.125.20.0/24 to any -> 111.111.111.136
nat pass on $ext_if from 172.16.0/16 to any -> ($ext_if)
igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=401bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO>
ether 00:1b:21:4d:02:08
inet 111.111.111.83 netmask 0xffffffc0 broadcast 111.111.111.127
inet6 fe80::21b:21ff:fe4d:208%igb0 prefixlen 64 scopeid 0x1
inet 111.111.111.149 netmask 0xffffff00 broadcast 111.111.111.255
inet 111.111.111.131 netmask 0xffffff00 broadcast 111.111.111.255
inet 111.111.111.132 netmask 0xffffff00 broadcast 111.111.111.255
inet 111.111.111.133 netmask 0xffffff00 broadcast 111.111.111.255
inet 111.111.111.134 netmask 0xffffff00 broadcast 111.111.111.255
inet 111.111.111.135 netmask 0xffffff00 broadcast 111.111.111.255
inet 111.111.111.136 netmask 0xffffff00 broadcast 111.111.111.255
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
и не работает, подскажите куда капнуть то?
