Может для кого-то это и элементарный вопрос но у меня все никак не получается.
Ситуация такая: провайдер выдал подсеть 217.x.x.232/29 где 217.x.x.233 является шлюзом. Карточке rl0, которая смотрит на провайдера, прописал адрес 217.x.x.234. Карточке stge0 которая смотрит в локальную сеть (сеть 10.4.0.0/22) прописан адрес 10.4.1.3.
Клиенту прописал адрес 217.x.x.236 и шлюз 10.4.1.3 и естественно ничего не работает потому как шлюз в другой подсети. Если кто сталкивался подскажите как сделать правильно?
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:e0:4c:f0:d3:7e
inet 217.x.x.234 netmask 0xfffffff8 broadcast 217.x.x.239
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
stge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:18:f3:5a:9f:26
inet 10.4.1.3 netmask 0xfffffc00 broadcast 10.4.3.255
media: Ethernet autoselect (100baseTX <full-duplex,flag0,flag1>)
status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:01:29:23:51:47
inet 217.x.x.235 netmask 0xfffffff8 broadcast 217.x.x.239
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet 127.0.0.1 netmask 0xff000000
[root@gw /etc]# ipfw show
00100 10 468 deny tcp from any to any dst-port 445
00110 41990 61135000 allow ip from any to any via lo0
00120 28729 4483005 skipto 1000 ip from me to any
00130 13 728 deny icmp from any to any in icmptypes 5,9,13,14,15,16,17
00140 25552 5585814 deny ip from any to table(120)
00150 77 8758 deny ip from table(120) to any
00160 2400 245833 allow tcp from any to me dst-port 50022
00161 0 0 allow tcp from me 50022 to any
00190 264214 18300992 skipto 2000 ip from any to me
00200 16523514 13298741084 skipto 500 ip from any to any via rl0
00210 0 0 skipto 500 ip from any to any via tun0
00300 7096660 4000676593 skipto 4500 ip from any to any in
00401 9450062 9295595182 skipto 450 ip from any to any recv rl0
00402 0 0 skipto 450 ip from any to any recv tun0
00420 111 17777 divert 1 ip from any to any
00450 9450173 9295612959 divert 2 ip from any to any
00490 9035502 8800878119 allow ip from any to any
00500 9455437 9301482390 skipto 32500 ip from any to any in
00510 7068077 3997258694 divert 1 ip from any to any
00540 7062921 3991519197 allow ip from any to any
01000 14533 2087837 allow udp from any 53,7723 to any
01010 0 0 allow tcp from any to any setup keep-state
01020 15473 2103485 allow udp from any to any keep-state
01100 6453 1826191 allow ip from any to any
02000 0 0 check-state
02010 795 57285 allow icmp from any to any
02050 82 4367 allow tcp from any to any dst-port 80
02051 690 57075 allow tcp from any to any dst-port 443
02053 8009 504434 allow udp from any to any dst-port 53
02082 9104 435292 allow udp from any to any dst-port 53,7723
02100 237804 15708031 deny ip from any to any
05000 20359 1901732 deny ip from not table(0) to any
05001 5256645 3228354458 skipto 5010 ip from table(127) to table(126)
05002 1818183 770311833 skipto 5030 ip from any to not table(2)
05003 66 8262 deny ip from any to not table(1)
05004 110 17713 pipe tablearg ip from table(21) to any
05005 0 0 deny ip from any to any
05010 5256645 3228354458 pipe tablearg ip from table(127) to any
05030 0 0 deny tcp from table(15) to any dst-port 25
05226 0 0 allow ip from table(127) to table(126)
05400 192 118689 pipe tablearg ip from table(11) to any
05526 41 5176 allow ip from 10.4.1.57 to 10.4.0.0/22
05526 458 40814 pipe 1105 ip from 10.4.1.57 to any
05529 0 0 allow ip from 217.x.x.236 to 10.4.0.0/22
05529 183 8784 pipe 1005 ip from 217.x.x.236 to any
32000 2 96 deny ip from any to any
32490 1297 82595 deny ip from any to any
33000 7755111 7746651302 pipe tablearg ip from table(126) to table(127)
33001 1700326 1554831088 skipto 33010 ip from not table(2) to any
33002 0 0 pipe tablearg ip from any to table(20)
33003 0 0 deny ip from any to any
33226 0 0 allow ip from table(126) to table(127)
33400 111 60416 pipe tablearg ip from any to table(10)
33526 0 0 allow ip from 10.4.0.0/22 to 10.4.1.57
33526 730 945754 pipe 1104 ip from any to 10.4.1.57
33529 0 0 allow ip from 10.4.0.0/22 to 217.x.x.236
33529 0 0 pipe 1004 ip from any to 217.x.x.236
pf.conf
lan_net = "10.4.0.0/22"
int_if = "stge0"
ext_if1 = "rl0"
nat on $ext_if1 from $lan_net to any -> ($ext_if1)
# Не фильтровать трафик на lo интерфейсах.
set skip on lo
