Помогите разобраться с сыкой котарая испl

iliaxxx

$ netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            217.197.255.32     UGS         0 111751935    ng0
127.0.0.1          127.0.0.1          UH          0    62461    lo0
192.168.200.0/24   link#2             UC          0        0   ste0
192.168.200.1      00:15:17:e5:72:77  UHLW        1 209916410   ste0    517
192.168.200.104    00:1d:60:d3:aa:04  UHLW        1   237364   ste0   1119
192.168.201.1      lo0                UHS         0        0    lo0
192.168.201.96     192.168.201.1      UH          0    20699    ng1
217.197.240.43     lo0                UHS         0      126    lo0
217.197.255.32     217.197.240.43     UH          1     4010    ng0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::1                               ::1                           UHL         lo0
fe80::%nfe0/64                    link#1                        UC         nfe0
fe80::21d:60ff:fed3:aa04%nfe0     00:1d:60:d3:aa:04             UHL         lo0
fe80::%ste0/64                    link#2                        UC         ste0
fe80::22cf:30ff:feb6:c1b1%ste0    20:cf:30:b6:c1:b1             UHL         lo0
fe80::%lo0/64                     fe80::1%lo0                   U           lo0
fe80::1%lo0                       link#3                        UHL         lo0
fe80::%ng0/64                     link#7                        UC          ng0
fe80::21d:60ff:fed3:aa04%ng0      link#7                        UHL         lo0
fe80::%ng1/64                     link#8                        UC          ng1
fe80::21d:60ff:fed3:aa04%ng1      link#8                        UHL         lo0
ff01:1::/32                       link#1                        UC         nfe0
ff01:2::/32                       link#2                        UC         ste0
ff01:3::/32                       ::1                           UC          lo0
ff01:7::/32                       link#7                        UC          ng0
ff01:8::/32                       link#8                        UC          ng1
ff02::%nfe0/32                    link#1                        UC         nfe0
ff02::%ste0/32                    link#2                        UC         ste0
ff02::%lo0/32                     ::1                           UC          lo0
ff02::%ng0/32                     link#7                        UC          ng0
ff02::%ng1/32                     link#8                        UC          ng1

$ ifconfig
nfe0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=14b <rxcsum,txcsum,vlan_mtu,polling,tso4>ether 00:1d:60:d3:aa:04
	inet6 fe80::21d:60ff:fed3:aa04%nfe0 prefixlen 64 scopeid 0x1 
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
ste0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=48 <vlan_mtu,polling>ether 20:cf:30:b6:c1:b1
	inet 192.168.200.254 netmask 0xffffff00 broadcast 192.168.200.255
	inet6 fe80::22cf:30ff:feb6:c1b1%ste0 prefixlen 64 scopeid 0x2 
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 
enc0: flags=0<> metric 0 mtu 1536
pflog0: flags=100 <promisc>metric 0 mtu 33204
pfsync0: flags=41 <up,running>metric 0 mtu 1460
	pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
ng0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492
	inet6 fe80::21d:60ff:fed3:aa04%ng0 prefixlen 64 scopeid 0x7 
	inet 217.197.240.43 --> 217.197.255.32 netmask 0xffffffff 
ng1: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1396
	inet 192.168.201.1 --> 192.168.201.96 netmask 0xffffffff 
	inet6 fe80::21d:60ff:fed3:aa04%ng1 prefixlen 64 scopeid 0x8 
ng2: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
ng3: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
ng4: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
ng5: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
ng6: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
ng7: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
ng8: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
ng9: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
ng10: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
ng11: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
ng12: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
ng13: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
ng14: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
ng15: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
ng16: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500</pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></up,pointopoint,running,noarp,simplex,multicast></up,pointopoint,running,noarp,simplex,multicast></up,running></promisc></up,loopback,running,multicast></full-duplex></vlan_mtu,polling></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,polling,tso4></up,broadcast,running,simplex,multicast> 

System logs.

Dec 9 23:41:57 syslogd: kernel boot file is /boot/kernel/kernel 
Dec 9 23:42:14 check_reload_status: starting sshd 
Dec 9 23:42:14 sshd[5809]: Received signal 15; terminating. 
Dec 9 23:42:14 sshd[1069]: Server listening on :: port 22\. 
Dec 9 23:42:14 sshd[1069]: Server listening on 0.0.0.0 port 22\. 
Dec 9 23:42:19 check_reload_status: reloading filter 

Eugene

дык у тебя pptp-сервер запущен на pfSense, он никогда (ну хорошо - врядли) не будет работать вместе с pptp на WAN

iliaxxx

Тоесть если я отключу pptp то у меня всо долно заработать?

iliaxxx

Отключил pptp, не помлгло все то же самое.

$ netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            217.197.255.32     UGS         0 119152632    ng0
127.0.0.1          127.0.0.1          UH          0    63176    lo0
192.168.200.0/24   link#2             UC          0        0   ste0
192.168.200.1      00:15:17:e5:72:77  UHLW        1 215163027   ste0   1118
192.168.200.104    link#2             UHLW        1       56   ste0
217.197.240.43     lo0                UHS         0      252    lo0
217.197.255.32     217.197.240.43     UH          1     6700    ng0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::1                               ::1                           UHL         lo0
fe80::%nfe0/64                    link#1                        UC         nfe0
fe80::21d:60ff:fed3:aa04%nfe0     00:1d:60:d3:aa:04             UHL         lo0
fe80::%ste0/64                    link#2                        UC         ste0
fe80::22cf:30ff:feb6:c1b1%ste0    20:cf:30:b6:c1:b1             UHL         lo0
fe80::%lo0/64                     fe80::1%lo0                   U           lo0
fe80::1%lo0                       link#3                        UHL         lo0
fe80::%ng0/64                     link#7                        UC          ng0
fe80::21d:60ff:fed3:aa04%ng0      link#7                        UHL         lo0
ff01:1::/32                       link#1                        UC         nfe0
ff01:2::/32                       link#2                        UC         ste0
ff01:3::/32                       ::1                           UC          lo0
ff01:7::/32                       link#7                        UC          ng0
ff02::%nfe0/32                    link#1                        UC         nfe0
ff02::%ste0/32                    link#2                        UC         ste0
ff02::%lo0/32                     ::1                           UC          lo0
ff02::%ng0/32                     link#7                        UC          ng0

$ ifconfig
nfe0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=14b <rxcsum,txcsum,vlan_mtu,polling,tso4>ether 00:1d:60:d3:aa:04
	inet6 fe80::21d:60ff:fed3:aa04%nfe0 prefixlen 64 scopeid 0x1 
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
ste0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=48 <vlan_mtu,polling>ether 20:cf:30:b6:c1:b1
	inet 192.168.200.254 netmask 0xffffff00 broadcast 192.168.200.255
	inet6 fe80::22cf:30ff:feb6:c1b1%ste0 prefixlen 64 scopeid 0x2 
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 
enc0: flags=0<> metric 0 mtu 1536
pflog0: flags=100 <promisc>metric 0 mtu 33204
pfsync0: flags=41 <up,running>metric 0 mtu 1460
	pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
ng0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492
	inet6 fe80::21d:60ff:fed3:aa04%ng0 prefixlen 64 scopeid 0x7 
	inet 217.197.240.43 --> 217.197.255.32 netmask 0xffffffff</up,pointopoint,running,noarp,simplex,multicast></up,running></promisc></up,loopback,running,multicast></full-duplex></vlan_mtu,polling></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,polling,tso4></up,broadcast,running,simplex,multicast> 

Dec 10 08:42:47	check_reload_status: starting sshd
Dec 10 08:42:48	sshd[2256]: Received signal 15; terminating.
Dec 10 08:42:48	sshd[52354]: Server listening on :: port 22.
Dec 10 08:42:48	sshd[52354]: Server listening on 0.0.0.0 port 22.
Dec 10 08:43:49	mpd: mpd: caught fatal signal term
Dec 10 08:43:49	mpd: [pt0] IPCP: Down event
Dec 10 08:43:49	mpd: [pt0] IFACE: Close event
Dec 10 08:43:49	mpd: [pt1] IPCP: Down event
Dec 10 08:43:49	mpd: [pt1] IFACE: Close event
Dec 10 08:43:49	mpd: [pt2] IPCP: Down event
Dec 10 08:43:49	mpd: [pt2] IFACE: Close event
Dec 10 08:43:49	mpd: [pt3] IPCP: Down event
Dec 10 08:43:49	mpd: [pt3] IFACE: Close event
Dec 10 08:43:49	mpd: [pt4] IPCP: Down event
Dec 10 08:43:49	mpd: [pt4] IFACE: Close event
Dec 10 08:43:49	mpd: [pt5] IPCP: Down event
Dec 10 08:43:49	mpd: [pt5] IFACE: Close event
Dec 10 08:43:49	mpd: [pt6] IPCP: Down event
Dec 10 08:43:49	mpd: [pt6] IFACE: Close event
Dec 10 08:43:49	mpd: [pt7] IPCP: Down event
Dec 10 08:43:49	mpd: [pt7] IFACE: Close event
Dec 10 08:43:49	mpd: [pt8] IPCP: Down event
Dec 10 08:43:49	mpd: [pt8] IFACE: Close event
Dec 10 08:43:49	mpd: [pt9] IPCP: Down event
Dec 10 08:43:49	mpd: [pt9] IFACE: Close event
Dec 10 08:43:49	mpd: [pt10] IPCP: Down event
Dec 10 08:43:49	mpd: [pt10] IFACE: Close event
Dec 10 08:43:49	mpd: [pt11] IPCP: Down event
Dec 10 08:43:49	mpd: [pt11] IFACE: Close event
Dec 10 08:43:49	mpd: [pt12] IPCP: Down event
Dec 10 08:43:49	mpd: [pt12] IFACE: Close event
Dec 10 08:43:49	mpd: [pt13] IPCP: Down event
Dec 10 08:43:49	mpd: [pt13] IFACE: Close event
Dec 10 08:43:49	mpd: [pt14] IPCP: Down event
Dec 10 08:43:49	mpd: [pt14] IFACE: Close event
Dec 10 08:43:49	mpd: [pt15] IPCP: Down event
Dec 10 08:43:49	mpd: [pt15] IFACE: Close event
Dec 10 08:43:51	mpd: mpd: process 10295 terminated
Dec 10 08:43:52	php: /vpn_pptp.php: Could not kill mpd within 3 seconds. Trying again.
Dec 10 08:43:53	check_reload_status: reloading filter
Dec 10 08:48:20	check_reload_status: reloading filter
Dec 10 08:48:21	check_reload_status: starting sshd
Dec 10 08:48:22	sshd[52354]: Received signal 15; terminating.
Dec 10 08:48:22	sshd[54653]: Server listening on :: port 22.
Dec 10 08:48:22	sshd[54653]: Server listening on 0.0.0.0 port 22.
Dec 10 08:50:27	check_reload_status: reloading filter
Dec 10 08:50:29	check_reload_status: starting sshd
Dec 10 08:50:30	sshd[54653]: Received signal 15; terminating.
Dec 10 08:50:30	sshd[55177]: Server listening on :: port 22.
Dec 10 08:50:30	sshd[55177]: Server listening on 0.0.0.0 port 22.

При отключеном pptp, все тоже самое, ни локалки, ни инета  :'(

Eugene

Сейчас всё правильно, как проверяешь локалку и интернет?

Helfer_Panch

@Evgeny:

дык у тебя pptp-сервер запущен на pfSense, он никогда (ну хорошо - врядли) не будет работать вместе с pptp на WAN

все отлично работало.. вот только не помню коннекты были на pptp адрес или на серый

iliaxxx

Я понять ничего не могу, Вы говорите что все нормально. Но когда я снимаю галочку с Disable NAT Reflection, у меня вообще все отваливается и локалка не работает и инет.  :'( Я не понимаю в чем дело. Все настроил, все работает. Но вот локальные ресурсу никак. может Вам сбросить status.php? Там полная картина конфига.

Eugene

@Evgeny:

как проверяешь локалку и интернет?

iliaxxx

параметры сети
192.168.200.0/24
гейт 192.168.200.254 (Онже и pfSense)
DNS 192.168.200.1

Захожу на 192.168.200.254
System: Advanced functions - Снимаю галочку с "Disable NAT Reflection", кликаю на "Save"
Захжу на комп с IP 192.168.200.145. Пытаюсь зайти на www.yandex.ru. Ничего он просто долго тупит…. Но так и не открывает сайт. Пытаюсьзайти на локальные ресурсы. Тоже самое, долго тупит, но страницу в этоге так и не открывает.

Снимаю галочку на "Disable NAT Reflection" кликаю на "Save", интернет тут же появляются, локальные ресурсы все так же не отображаются.

Вто то что я делаю.
Я тут одному знакомому форумчанениу, который настраивал уже у себя этого зверька закинул свой конфиг на анализ status.php. И вот что получил в ответ

Бегло пробежался. На сколько я понял, инет идёт через pppoe. Получается три интерфейса: локалка своя, локалка провайдера и виртуальный интерфейс с инетом. А в конфиге только два. Это уже наводит на мысли.

Кстати, может по этому rip так у мея и не заработал….

Eugene

скинь мне```
ifconfig
netstat -rn
pfctl -sr
pfctl -sn

для двух случаев:
1) когда disable nat reflection галка стоит
2) галка убрана.

iliaxxx

Когда галочка стоит

$ ifconfig
nfe0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=14b <rxcsum,txcsum,vlan_mtu,polling,tso4>ether 00:1d:60:d3:aa:04
	inet6 fe80::21d:60ff:fed3:aa04%nfe0 prefixlen 64 scopeid 0x1 
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
ste0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=48 <vlan_mtu,polling>ether 20:cf:30:b6:c1:b1
	inet6 fe80::22cf:30ff:feb6:c1b1%ste0 prefixlen 64 scopeid 0x2 
	inet 192.168.200.254 netmask 0xffffff00 broadcast 192.168.200.255
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 
enc0: flags=0<> metric 0 mtu 1536
pflog0: flags=100 <promisc>metric 0 mtu 33204
pfsync0: flags=41 <up,running>metric 0 mtu 1460
	pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
ng0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492
	inet6 fe80::21d:60ff:fed3:aa04%ng0 prefixlen 64 scopeid 0x7 
	inet 217.197.240.43 --> 217.197.255.32 netmask 0xffffffff</up,pointopoint,running,noarp,simplex,multicast></up,running></promisc></up,loopback,running,multicast></full-duplex></vlan_mtu,polling></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,polling,tso4></up,broadcast,running,simplex,multicast> 

$ netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            217.197.255.32     UGS         0 61336831    ng0
127.0.0.1          127.0.0.1          UH          0   133499    lo0
192.168.200.0/24   link#2             UC          0        0   ste0
192.168.200.1      00:15:17:e5:72:77  UHLW        1 189537540   ste0    730
192.168.200.105    00:13:e8:9b:b2:15  UHLW        1     4121   ste0    752
217.197.240.43     lo0                UHS         0        0    lo0
217.197.255.32     217.197.240.43     UH          1     1485    ng0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::1                               ::1                           UHL         lo0
fe80::%nfe0/64                    link#1                        UC         nfe0
fe80::21d:60ff:fed3:aa04%nfe0     00:1d:60:d3:aa:04             UHL         lo0
fe80::%ste0/64                    link#2                        UC         ste0
fe80::22cf:30ff:feb6:c1b1%ste0    20:cf:30:b6:c1:b1             UHL         lo0
fe80::%lo0/64                     fe80::1%lo0                   U           lo0
fe80::1%lo0                       link#3                        UHL         lo0
fe80::%ng0/64                     link#7                        UC          ng0
fe80::21d:60ff:fed3:aa04%ng0      link#7                        UHL         lo0
ff01:1::/32                       link#1                        UC         nfe0
ff01:2::/32                       link#2                        UC         ste0
ff01:3::/32                       ::1                           UC          lo0
ff01:7::/32                       link#7                        UC          ng0
ff02::%nfe0/32                    link#1                        UC         nfe0
ff02::%ste0/32                    link#2                        UC         ste0
ff02::%lo0/32                     ::1                           UC          lo0
ff02::%ng0/32                     link#7                        UC          ng0

$ pfctl -sr
scrub all random-id max-mss 1452 fragment reassemble
anchor "ftpsesame/*" all
anchor "firewallrules" all
block drop quick proto tcp from any port = 0 to any
block drop quick proto udp from any port = 0 to any
block drop quick proto tcp from any to any port = 0
block drop quick proto udp from any to any port = 0
block drop quick from <snort2c> to any label "Block snort2c hosts"
block drop quick from any to <snort2c> label "Block snort2c hosts"
anchor "loopback" all
pass in quick on lo0 all flags S/SA keep state label "pass loopback"
pass out quick on lo0 all flags S/SA keep state label "pass loopback"
anchor "packageearly" all
anchor "carp" all
pass quick inet proto icmp from 217.197.240.43 to any keep state
anchor "dhcpserverlan" all
pass in quick on ste0 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server on LAN"
pass in quick on ste0 inet proto udp from any port = bootpc to 192.168.200.254 port = bootps keep state label "allow access to DHCP server on LAN"
pass out quick on ste0 inet proto udp from 192.168.200.254 port = bootps to any port = bootpc keep state label "allow access to DHCP server on LAN"
block drop in log quick on nfe0 inet proto udp from any port = bootps to 192.168.200.0/24 port = bootpc label "block dhcp client out wan"
block drop in log quick on ng0 inet proto udp from any port = bootps to 192.168.200.0/24 port = bootpc label "block dhcp client out wan"
pass in quick on nfe0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out wan"
pass in quick on ng0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out wan"
block drop in on ! ste0 inet from 192.168.200.0/24 to any
block drop in on ste0 inet6 from fe80::22cf:30ff:feb6:c1b1 to any
block drop in inet from 192.168.200.254 to any
anchor "spoofing" all
anchor "limitingesr" all
block drop in quick from <virusprot> to any label "virusprot overload table"
pass out quick on ste0 proto icmp all keep state label "let out anything from firewall host itself"
pass out quick on nfe0 proto icmp all keep state label "let out anything from firewall host itself"
pass out quick on ng0 proto icmp all keep state label "let out anything from firewall host itself"
pass out quick on ng0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself"
anchor "firewallout" all
pass out quick on nfe0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass out quick on ng0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass out quick on ste0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass out quick on enc0 all flags S/SA keep state label "IPSEC internal host to host"
pass out quick on ng0 proto icmp all keep state label "let out anything from firewall host itself"
anchor "anti-lockout" all
pass in quick on ste0 inet from any to 192.168.200.254 flags S/SA keep state label "anti-lockout web rule"
block drop in log proto tcp from <sshlockout> to any port = ssh label "sshlockout"
anchor "ftpproxy" all
anchor "pftpx/*" all
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = http flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = http keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = http flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = http keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto icmp all keep state label "USER_RULE"
pass in quick on ng0 inet proto icmp all keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27015 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27015 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27015 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27015 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27010 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27010 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27010 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27010 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27011 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27011 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27011 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27011 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27025 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27025 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27025 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27025 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = afs3-prserver flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = afs3-prserver keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = afs3-prserver flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = afs3-prserver keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 6003 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 6003 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 6003 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 6003 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27016 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27016 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27016 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27016 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27960 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27960 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27960 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27960 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27017 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27017 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27017 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27017 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27018 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27018 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27018 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27018 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27030 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27030 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27030 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27030 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27019 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27019 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27019 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27019 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27020 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27020 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27020 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27020 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27021 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27021 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27021 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27021 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27031 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27031 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27031 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27031 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27022 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27022 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27022 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27022 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 52001 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 52001 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 52001 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 52001 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27032 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27032 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27032 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27032 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27033 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27033 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27033 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27033 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27035 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27035 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27035 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27035 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27036 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27036 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27036 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27036 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27037 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27037 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27037 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27037 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27038 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27038 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27038 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27038 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27039 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27039 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27039 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27039 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27041 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27041 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27041 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27041 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27042 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27042 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27042 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27042 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27043 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27043 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27043 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27043 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27044 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27044 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27044 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27044 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27045 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27045 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27045 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27045 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27046 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27046 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27046 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27046 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from 89.20.141.32 to 192.168.200.1 port = ssh flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from 89.20.141.32 to 192.168.200.1 port = ssh keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from 89.20.141.32 to 192.168.200.1 port = ssh flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from 89.20.141.32 to 192.168.200.1 port = ssh keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 10000 flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 10000 keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 10000 flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 10000 keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27047 flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27047 keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27047 flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27047 keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27048 flags S/SA keep state label "USER_RULE: NAT Virtual_Server_CS_27048"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27048 keep state label "USER_RULE: NAT Virtual_Server_CS_27048"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27048 flags S/SA keep state label "USER_RULE: NAT Virtual_Server_CS_27048"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27048 keep state label "USER_RULE: NAT Virtual_Server_CS_27048"
pass in quick on ste0 inet from 192.168.200.0/24 to any flags S/SA keep state label "USER_RULE: Default LAN -> any"
pass in quick on ste0 inet proto tcp from 192.168.200.0/24 to 127.0.0.1 port 7999 >< 8031 flags S/SA keep state label "USER_RULE: FTP-LAN-INNET"
pass in quick on ste0 inet proto udp from 192.168.200.0/24 to 127.0.0.1 port 7999 >< 8031 keep state label "USER_RULE: FTP-LAN-INNET"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = ftp flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = ftp keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = ftp flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = ftp keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto tcp from any to 217.197.240.43 port = ftp flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 217.197.240.43 port = ftp keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 217.197.240.43 port = ftp flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 217.197.240.43 port = ftp keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = ftp-data flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = ftp-data keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = ftp-data flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = ftp-data keep state label "USER_RULE: NAT "
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = ftp-proxy flags S/SA keep state label "FTP PROXY: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = ftp flags S/SA keep state label "FTP PROXY: Allow traffic to localhost"
pass in quick on ng0 inet proto tcp from any port = ftp-data to (ng0) port > 49000 flags S/SA keep state label "FTP PROXY: PASV mode data connection"
pass in quick on ng0 inet proto tcp from any to (ng0) port > 49000 flags S/SA keep state label "FTP PROXY: RFC959 violation workaround"
anchor "imspector" all
anchor "miniupnpd" all
block drop in log quick all label "Default block all just to be sure."
block drop out log quick all label "Default block all just to be sure."</sshlockout></virusprot></snort2c></snort2c>

$ pfctl -sn
nat-anchor "pftpx/*" all
nat-anchor "natearly/*" all
nat-anchor "natrules/*" all
nat on nfe0 inet from 192.168.200.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin
nat on ng0 inet from 192.168.200.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin
nat on nfe0 inet from 192.168.200.0/24 port = 5060 to any port = 5060 -> (ng0) port 5060 round-robin
nat on ng0 inet from 192.168.200.0/24 port = 5060 to any port = 5060 -> (ng0) port 5060 round-robin
nat on nfe0 inet from 192.168.200.0/24 to any -> (ng0) round-robin
nat on ng0 inet from 192.168.200.0/24 to any -> (ng0) round-robin
rdr-anchor "pftpx/*" all
rdr-anchor "slb" all
no rdr on ste0 proto tcp from any to <vpns> port = ftp
rdr on ste0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8021
rdr on ng0 inet proto tcp from any to any port = http -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = http -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27015 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27015 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27010 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27010 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27011 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27040 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27040 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27025 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27025 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = afs3-prserver -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = afs3-prserver -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 6003 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 6003 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27016 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27016 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to 217.197.240.43 port = 27960 -> 192.168.200.1
rdr on ng0 inet proto udp from any to 217.197.240.43 port = 27960 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27017 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27017 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27018 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27018 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27019 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27019 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27020 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27020 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27030 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27030 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27021 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27021 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27031 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27031 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27022 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27022 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 52001 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 52001 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27032 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27032 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27033 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27033 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27035 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27035 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27036 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27036 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27037 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27037 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27038 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27038 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27039 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27039 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27041 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27041 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27042 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27042 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27043 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27043 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27044 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27044 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27045 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27045 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27046 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27046 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27047 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27047 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 27048 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27048 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = ssh -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = ssh -> 192.168.200.1
rdr on ng0 inet proto tcp from any to any port = 10000 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 10000 -> 192.168.200.1
rdr on ng0 inet proto tcp from any to 217.197.240.43 port = ftp-data -> 192.168.200.1
rdr on ng0 inet proto udp from any to 217.197.240.43 port = ftp-data -> 192.168.200.1
rdr-anchor "imspector" all
rdr-anchor "miniupnpd" all
rdr on ste0 inet proto tcp from any to (ste0) port = 3128 -> 127.0.0.1 port 3128
rdr on ng0 inet proto tcp from any to (ng0) port = 3128 -> 127.0.0.1 port 3128</vpns>

iliaxxx

Когда галочка снята

$ ifconfig
nfe0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=14b <rxcsum,txcsum,vlan_mtu,polling,tso4>ether 00:1d:60:d3:aa:04
	inet6 fe80::21d:60ff:fed3:aa04%nfe0 prefixlen 64 scopeid 0x1 
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
ste0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=48 <vlan_mtu,polling>ether 20:cf:30:b6:c1:b1
	inet6 fe80::22cf:30ff:feb6:c1b1%ste0 prefixlen 64 scopeid 0x2 
	inet 192.168.200.254 netmask 0xffffff00 broadcast 192.168.200.255
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 
enc0: flags=0<> metric 0 mtu 1536
pflog0: flags=100 <promisc>metric 0 mtu 33204
pfsync0: flags=41 <up,running>metric 0 mtu 1460
	pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
ng0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492
	inet6 fe80::21d:60ff:fed3:aa04%ng0 prefixlen 64 scopeid 0x7 
	inet 217.197.240.43 --> 217.197.255.32 netmask 0xffffffff</up,pointopoint,running,noarp,simplex,multicast></up,running></promisc></up,loopback,running,multicast></full-duplex></vlan_mtu,polling></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,polling,tso4></up,broadcast,running,simplex,multicast> 

$ netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            217.197.255.32     UGS         0 62701504    ng0
127.0.0.1          127.0.0.1          UH          0   133499    lo0
192.168.200.0/24   link#2             UC          0        0   ste0
192.168.200.1      00:15:17:e5:72:77  UHLW        1 190708362   ste0    330
192.168.200.105    00:13:e8:9b:b2:15  UHLW        1     4968   ste0    352
217.197.240.43     lo0                UHS         0        0    lo0
217.197.255.32     217.197.240.43     UH          1     1520    ng0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::1                               ::1                           UHL         lo0
fe80::%nfe0/64                    link#1                        UC         nfe0
fe80::21d:60ff:fed3:aa04%nfe0     00:1d:60:d3:aa:04             UHL         lo0
fe80::%ste0/64                    link#2                        UC         ste0
fe80::22cf:30ff:feb6:c1b1%ste0    20:cf:30:b6:c1:b1             UHL         lo0
fe80::%lo0/64                     fe80::1%lo0                   U           lo0
fe80::1%lo0                       link#3                        UHL         lo0
fe80::%ng0/64                     link#7                        UC          ng0
fe80::21d:60ff:fed3:aa04%ng0      link#7                        UHL         lo0
ff01:1::/32                       link#1                        UC         nfe0
ff01:2::/32                       link#2                        UC         ste0
ff01:3::/32                       ::1                           UC          lo0
ff01:7::/32                       link#7                        UC          ng0
ff02::%nfe0/32                    link#1                        UC         nfe0
ff02::%ste0/32                    link#2                        UC         ste0
ff02::%lo0/32                     ::1                           UC          lo0
ff02::%ng0/32                     link#7                        UC          ng0

$ pfctl -sr
scrub all random-id max-mss 1452 fragment reassemble
anchor "ftpsesame/*" all
anchor "firewallrules" all
block drop quick proto tcp from any port = 0 to any
block drop quick proto udp from any port = 0 to any
block drop quick proto tcp from any to any port = 0
block drop quick proto udp from any to any port = 0
block drop quick from <snort2c> to any label "Block snort2c hosts"
block drop quick from any to <snort2c> label "Block snort2c hosts"
anchor "loopback" all
pass in quick on lo0 all flags S/SA keep state label "pass loopback"
pass out quick on lo0 all flags S/SA keep state label "pass loopback"
anchor "packageearly" all
anchor "carp" all
pass quick inet proto icmp from 217.197.240.43 to any keep state
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19000 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19001 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19002 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19003 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19004 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19005 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19006 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19007 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19008 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19009 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19010 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19011 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19012 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19013 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19014 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19015 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19016 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19017 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19018 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19019 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19020 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19021 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19022 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19023 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19024 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19025 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19026 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19027 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19028 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19029 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19030 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19031 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19032 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19033 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19034 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19035 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19036 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19037 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19038 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19039 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19040 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19041 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19042 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19043 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19044 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19045 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19046 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19047 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19048 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19049 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19050 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19051 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19052 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19053 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19054 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19055 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19056 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19057 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19058 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19059 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19060 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19061 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19062 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19063 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19064 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19065 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19066 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19067 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19068 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19069 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19070 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19071 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19072 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19073 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19074 keep state label "NAT REFLECT: Allow traffic to localhost"
anchor "dhcpserverlan" all
pass in quick on ste0 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server on LAN"
pass in quick on ste0 inet proto udp from any port = bootpc to 192.168.200.254 port = bootps keep state label "allow access to DHCP server on LAN"
pass out quick on ste0 inet proto udp from 192.168.200.254 port = bootps to any port = bootpc keep state label "allow access to DHCP server on LAN"
block drop in log quick on nfe0 inet proto udp from any port = bootps to 192.168.200.0/24 port = bootpc label "block dhcp client out wan"
block drop in log quick on ng0 inet proto udp from any port = bootps to 192.168.200.0/24 port = bootpc label "block dhcp client out wan"
pass in quick on nfe0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out wan"
pass in quick on ng0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out wan"
block drop in on ! ste0 inet from 192.168.200.0/24 to any
block drop in on ste0 inet6 from fe80::22cf:30ff:feb6:c1b1 to any
block drop in inet from 192.168.200.254 to any
anchor "spoofing" all
anchor "limitingesr" all
block drop in quick from <virusprot> to any label "virusprot overload table"
pass out quick on ste0 proto icmp all keep state label "let out anything from firewall host itself"
pass out quick on nfe0 proto icmp all keep state label "let out anything from firewall host itself"
pass out quick on ng0 proto icmp all keep state label "let out anything from firewall host itself"
pass out quick on ng0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself"
anchor "firewallout" all
pass out quick on nfe0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass out quick on ng0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass out quick on ste0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass out quick on enc0 all flags S/SA keep state label "IPSEC internal host to host"
pass out quick on ng0 proto icmp all keep state label "let out anything from firewall host itself"
anchor "anti-lockout" all
pass in quick on ste0 inet from any to 192.168.200.254 flags S/SA keep state label "anti-lockout web rule"
block drop in log proto tcp from <sshlockout> to any port = ssh label "sshlockout"
anchor "ftpproxy" all
anchor "pftpx/*" all
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = http flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = http keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = http flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = http keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto icmp all keep state label "USER_RULE"
pass in quick on ng0 inet proto icmp all keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27015 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27015 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27015 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27015 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27010 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27010 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27010 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27010 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27011 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27011 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27011 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27011 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27025 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27025 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27025 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27025 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = afs3-prserver flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = afs3-prserver keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = afs3-prserver flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = afs3-prserver keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 6003 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 6003 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 6003 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 6003 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27016 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27016 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27016 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27016 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27960 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27960 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27960 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27960 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27017 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27017 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27017 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27017 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27018 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27018 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27018 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27018 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27030 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27030 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27030 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27030 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27019 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27019 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27019 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27019 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27020 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27020 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27020 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27020 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27021 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27021 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27021 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27021 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27031 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27031 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27031 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27031 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27022 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27022 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27022 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27022 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 52001 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 52001 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 52001 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 52001 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27032 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27032 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27032 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27032 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27033 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27033 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27033 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27033 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27035 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27035 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27035 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27035 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27036 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27036 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27036 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27036 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27037 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27037 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27037 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27037 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27038 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27038 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27038 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27038 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27039 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27039 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27039 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27039 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27041 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27041 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27041 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27041 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27042 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27042 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27042 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27042 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27043 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27043 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27043 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27043 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27044 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27044 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27044 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27044 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27045 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27045 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27045 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27045 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27046 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27046 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27046 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27046 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from 89.20.141.32 to 192.168.200.1 port = ssh flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from 89.20.141.32 to 192.168.200.1 port = ssh keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from 89.20.141.32 to 192.168.200.1 port = ssh flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from 89.20.141.32 to 192.168.200.1 port = ssh keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 10000 flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 10000 keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 10000 flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 10000 keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27047 flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27047 keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27047 flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27047 keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27048 flags S/SA keep state label "USER_RULE: NAT Virtual_Server_CS_27048"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27048 keep state label "USER_RULE: NAT Virtual_Server_CS_27048"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27048 flags S/SA keep state label "USER_RULE: NAT Virtual_Server_CS_27048"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27048 keep state label "USER_RULE: NAT Virtual_Server_CS_27048"
pass in quick on ste0 inet from 192.168.200.0/24 to any flags S/SA keep state label "USER_RULE: Default LAN -> any"
pass in quick on ste0 inet proto tcp from 192.168.200.0/24 to 127.0.0.1 port 7999 >< 8031 flags S/SA keep state label "USER_RULE: FTP-LAN-INNET"
pass in quick on ste0 inet proto udp from 192.168.200.0/24 to 127.0.0.1 port 7999 >< 8031 keep state label "USER_RULE: FTP-LAN-INNET"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = ftp flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = ftp keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = ftp flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = ftp keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto tcp from any to 217.197.240.43 port = ftp flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 217.197.240.43 port = ftp keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 217.197.240.43 port = ftp flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 217.197.240.43 port = ftp keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = ftp-data flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = ftp-data keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = ftp-data flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = ftp-data keep state label "USER_RULE: NAT "
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = ftp-proxy flags S/SA keep state label "FTP PROXY: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = ftp flags S/SA keep state label "FTP PROXY: Allow traffic to localhost"
pass in quick on ng0 inet proto tcp from any port = ftp-data to (ng0) port > 49000 flags S/SA keep state label "FTP PROXY: PASV mode data connection"
pass in quick on ng0 inet proto tcp from any to (ng0) port > 49000 flags S/SA keep state label "FTP PROXY: RFC959 violation workaround"
anchor "imspector" all
anchor "miniupnpd" all
block drop in log quick all label "Default block all just to be sure."
block drop out log quick all label "Default block all just to be sure."</sshlockout></virusprot></snort2c></snort2c>

$ pfctl -sn
nat-anchor "pftpx/*" all
nat-anchor "natearly/*" all
nat-anchor "natrules/*" all
nat on nfe0 inet from 192.168.200.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin
nat on ng0 inet from 192.168.200.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin
nat on nfe0 inet from 192.168.200.0/24 port = 5060 to any port = 5060 -> (ng0) port 5060 round-robin
nat on ng0 inet from 192.168.200.0/24 port = 5060 to any port = 5060 -> (ng0) port 5060 round-robin
nat on nfe0 inet from 192.168.200.0/24 to any -> (ng0) round-robin
nat on ng0 inet from 192.168.200.0/24 to any -> (ng0) round-robin
rdr-anchor "pftpx/*" all
rdr-anchor "slb" all
no rdr on ste0 proto tcp from any to <vpns> port = ftp
rdr on ste0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8021
rdr on ng0 inet proto tcp from any to any port = http -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = http -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = http -> 127.0.0.1 port 19000
rdr on ste0 inet proto udp from any to any port = http -> 127.0.0.1 port 19001
rdr on ng0 inet proto tcp from any to any port = 27015 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27015 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27015 -> 127.0.0.1 port 19002
rdr on ste0 inet proto udp from any to any port = 27015 -> 127.0.0.1 port 19003
rdr on ng0 inet proto tcp from any to any port = 27010 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27010 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27010 -> 127.0.0.1 port 19004
rdr on ste0 inet proto udp from any to any port = 27010 -> 127.0.0.1 port 19005
rdr on ng0 inet proto tcp from any to any port = 27011 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27011 -> 127.0.0.1 port 19006
rdr on ng0 inet proto tcp from any to any port = 27040 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27040 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27040 -> 127.0.0.1 port 19007
rdr on ste0 inet proto udp from any to any port = 27040 -> 127.0.0.1 port 19008
rdr on ng0 inet proto tcp from any to any port = 27025 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27025 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27025 -> 127.0.0.1 port 19009
rdr on ste0 inet proto udp from any to any port = 27025 -> 127.0.0.1 port 19010
rdr on ng0 inet proto tcp from any to any port = afs3-prserver -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = afs3-prserver -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = afs3-prserver -> 127.0.0.1 port 19011
rdr on ste0 inet proto udp from any to any port = afs3-prserver -> 127.0.0.1 port 19012
rdr on ng0 inet proto tcp from any to any port = 6003 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 6003 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 6003 -> 127.0.0.1 port 19013
rdr on ste0 inet proto udp from any to any port = 6003 -> 127.0.0.1 port 19014
rdr on ng0 inet proto tcp from any to any port = 27016 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27016 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27016 -> 127.0.0.1 port 19015
rdr on ste0 inet proto udp from any to any port = 27016 -> 127.0.0.1 port 19016
rdr on ng0 inet proto tcp from any to 217.197.240.43 port = 27960 -> 192.168.200.1
rdr on ng0 inet proto udp from any to 217.197.240.43 port = 27960 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to 217.197.240.43 port = 27960 -> 127.0.0.1 port 19017
rdr on ste0 inet proto udp from any to 217.197.240.43 port = 27960 -> 127.0.0.1 port 19018
rdr on ng0 inet proto tcp from any to any port = 27017 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27017 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27017 -> 127.0.0.1 port 19019
rdr on ste0 inet proto udp from any to any port = 27017 -> 127.0.0.1 port 19020
rdr on ng0 inet proto tcp from any to any port = 27018 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27018 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27018 -> 127.0.0.1 port 19021
rdr on ste0 inet proto udp from any to any port = 27018 -> 127.0.0.1 port 19022
rdr on ng0 inet proto tcp from any to any port = 27019 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27019 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27019 -> 127.0.0.1 port 19023
rdr on ste0 inet proto udp from any to any port = 27019 -> 127.0.0.1 port 19024
rdr on ng0 inet proto tcp from any to any port = 27020 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27020 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27020 -> 127.0.0.1 port 19025
rdr on ste0 inet proto udp from any to any port = 27020 -> 127.0.0.1 port 19026
rdr on ng0 inet proto tcp from any to any port = 27030 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27030 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27030 -> 127.0.0.1 port 19027
rdr on ste0 inet proto udp from any to any port = 27030 -> 127.0.0.1 port 19028
rdr on ng0 inet proto tcp from any to any port = 27021 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27021 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27021 -> 127.0.0.1 port 19029
rdr on ste0 inet proto udp from any to any port = 27021 -> 127.0.0.1 port 19030
rdr on ng0 inet proto tcp from any to any port = 27031 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27031 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27031 -> 127.0.0.1 port 19031
rdr on ste0 inet proto udp from any to any port = 27031 -> 127.0.0.1 port 19032
rdr on ng0 inet proto tcp from any to any port = 27022 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27022 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27022 -> 127.0.0.1 port 19033
rdr on ste0 inet proto udp from any to any port = 27022 -> 127.0.0.1 port 19034
rdr on ng0 inet proto tcp from any to any port = 52001 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 52001 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 52001 -> 127.0.0.1 port 19035
rdr on ste0 inet proto udp from any to any port = 52001 -> 127.0.0.1 port 19036
rdr on ng0 inet proto tcp from any to any port = 27032 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27032 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27032 -> 127.0.0.1 port 19037
rdr on ste0 inet proto udp from any to any port = 27032 -> 127.0.0.1 port 19038
rdr on ng0 inet proto tcp from any to any port = 27033 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27033 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27033 -> 127.0.0.1 port 19039
rdr on ste0 inet proto udp from any to any port = 27033 -> 127.0.0.1 port 19040
rdr on ng0 inet proto tcp from any to any port = 27035 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27035 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27035 -> 127.0.0.1 port 19041
rdr on ste0 inet proto udp from any to any port = 27035 -> 127.0.0.1 port 19042
rdr on ng0 inet proto tcp from any to any port = 27036 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27036 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27036 -> 127.0.0.1 port 19043
rdr on ste0 inet proto udp from any to any port = 27036 -> 127.0.0.1 port 19044
rdr on ng0 inet proto tcp from any to any port = 27037 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27037 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27037 -> 127.0.0.1 port 19045
rdr on ste0 inet proto udp from any to any port = 27037 -> 127.0.0.1 port 19046
rdr on ng0 inet proto tcp from any to any port = 27038 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27038 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27038 -> 127.0.0.1 port 19047
rdr on ste0 inet proto udp from any to any port = 27038 -> 127.0.0.1 port 19048
rdr on ng0 inet proto tcp from any to any port = 27039 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27039 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27039 -> 127.0.0.1 port 19049
rdr on ste0 inet proto udp from any to any port = 27039 -> 127.0.0.1 port 19050
rdr on ng0 inet proto tcp from any to any port = 27041 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27041 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27041 -> 127.0.0.1 port 19051
rdr on ste0 inet proto udp from any to any port = 27041 -> 127.0.0.1 port 19052
rdr on ng0 inet proto tcp from any to any port = 27042 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27042 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27042 -> 127.0.0.1 port 19053
rdr on ste0 inet proto udp from any to any port = 27042 -> 127.0.0.1 port 19054
rdr on ng0 inet proto tcp from any to any port = 27043 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27043 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27043 -> 127.0.0.1 port 19055
rdr on ste0 inet proto udp from any to any port = 27043 -> 127.0.0.1 port 19056
rdr on ng0 inet proto tcp from any to any port = 27044 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27044 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27044 -> 127.0.0.1 port 19057
rdr on ste0 inet proto udp from any to any port = 27044 -> 127.0.0.1 port 19058
rdr on ng0 inet proto tcp from any to any port = 27045 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27045 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27045 -> 127.0.0.1 port 19059
rdr on ste0 inet proto udp from any to any port = 27045 -> 127.0.0.1 port 19060
rdr on ng0 inet proto tcp from any to any port = 27046 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27046 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27046 -> 127.0.0.1 port 19061
rdr on ste0 inet proto udp from any to any port = 27046 -> 127.0.0.1 port 19062
rdr on ng0 inet proto tcp from any to any port = 27047 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27047 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27047 -> 127.0.0.1 port 19063
rdr on ste0 inet proto udp from any to any port = 27047 -> 127.0.0.1 port 19064
rdr on ng0 inet proto tcp from any to any port = 27048 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27048 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27048 -> 127.0.0.1 port 19065
rdr on ste0 inet proto udp from any to any port = 27048 -> 127.0.0.1 port 19066
rdr on ng0 inet proto tcp from any to any port = ssh -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = ssh -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = ssh -> 127.0.0.1 port 19067
rdr on ste0 inet proto udp from any to any port = ssh -> 127.0.0.1 port 19068
rdr on ng0 inet proto tcp from any to any port = 10000 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 10000 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 10000 -> 127.0.0.1 port 19069
rdr on ste0 inet proto udp from any to any port = 10000 -> 127.0.0.1 port 19070
rdr on ng0 inet proto tcp from any to 217.197.240.43 port = ftp-data -> 192.168.200.1
rdr on ng0 inet proto udp from any to 217.197.240.43 port = ftp-data -> 192.168.200.1
rdr on ste0 inet proto tcp from any to 217.197.240.43 port = ftp-data -> 127.0.0.1 port 19071
rdr on ste0 inet proto udp from any to 217.197.240.43 port = ftp-data -> 127.0.0.1 port 19072
rdr-anchor "imspector" all
rdr-anchor "miniupnpd" all
rdr on ste0 inet proto tcp from any to (ste0) port = 3128 -> 127.0.0.1 port 3128
rdr on ng0 inet proto tcp from any to (ng0) port = 3128 -> 127.0.0.1 port 3128</vpns>

Eugene

Забавно… а скриншот nat port-forward пожалуйста

iliaxxx

он у меня большой

http://cs.ms-home.ru/01.jpeg
http://cs.ms-home.ru/02.jpeg
http://cs.ms-home.ru/03.jpeg

Eugene

замени any на wan interface в Nat->port forwad

iliaxxx

замени any на wan interface в Nat->port forwad

Заменить any на interface address?
Я заменил, снял галочку с Disable NAT Reflection.
Интерент появился. А вот локальные ресурсы нет.

Eugene

@iliaxxx:

Интерент появился. А вот локальные ресурсы нет.

подробнее пожалуйста, как тестируем локальные ресурсы?

iliaxxx

Захожу на комп, который находится в локальной сети. Проверяю инет, есть. Набираю сайт который находится на сервере 192.168.200.1.
(Но при наборе ping  с этого же компа, который находится в локальной сети. Я получаю не ip 192.168.200.1, а прямой ip который я арендую.)
Сайт не виден… Он долго думает, а потом пишет: Невозможно отобразить страницу

Eugene

тогда ещё разок
скинь мне

pfctl -sr
pfctl -sn

галка убрана.

iliaxxx

$ pfctl -sr
scrub all random-id max-mss 1452 fragment reassemble
anchor "ftpsesame/*" all
anchor "firewallrules" all
block drop quick proto tcp from any port = 0 to any
block drop quick proto udp from any port = 0 to any
block drop quick proto tcp from any to any port = 0
block drop quick proto udp from any to any port = 0
block drop quick from <snort2c> to any label "Block snort2c hosts"
block drop quick from any to <snort2c> label "Block snort2c hosts"
anchor "loopback" all
pass in quick on lo0 all flags S/SA keep state label "pass loopback"
pass out quick on lo0 all flags S/SA keep state label "pass loopback"
anchor "packageearly" all
anchor "carp" all
pass quick inet proto icmp from 217.197.240.43 to any keep state
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19000 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19001 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19002 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19003 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19004 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19005 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19006 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19007 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19008 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19009 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19010 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19011 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19012 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19013 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19014 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19015 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19016 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19017 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19018 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19019 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19020 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19021 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19022 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19023 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19024 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19025 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19026 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19027 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19028 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19029 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19030 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19031 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19032 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19033 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19034 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19035 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19036 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19037 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19038 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19039 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19040 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19041 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19042 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19043 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19044 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19045 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19046 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19047 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19048 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19049 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19050 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19051 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19052 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19053 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19054 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19055 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19056 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19057 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19058 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19059 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19060 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19061 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19062 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19063 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19064 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19065 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19066 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19067 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19068 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19069 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19070 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19071 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19072 keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19073 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost"
pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19074 keep state label "NAT REFLECT: Allow traffic to localhost"
anchor "dhcpserverlan" all
pass in quick on ste0 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server on LAN"
pass in quick on ste0 inet proto udp from any port = bootpc to 192.168.200.254 port = bootps keep state label "allow access to DHCP server on LAN"
pass out quick on ste0 inet proto udp from 192.168.200.254 port = bootps to any port = bootpc keep state label "allow access to DHCP server on LAN"
block drop in log quick on nfe0 inet proto udp from any port = bootps to 192.168.200.0/24 port = bootpc label "block dhcp client out wan"
block drop in log quick on ng0 inet proto udp from any port = bootps to 192.168.200.0/24 port = bootpc label "block dhcp client out wan"
pass in quick on nfe0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out wan"
pass in quick on ng0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out wan"
block drop in on ! ste0 inet from 192.168.200.0/24 to any
block drop in on ste0 inet6 from fe80::22cf:30ff:feb6:c1b1 to any
block drop in inet from 192.168.200.254 to any
anchor "spoofing" all
anchor "limitingesr" all
block drop in quick from <virusprot> to any label "virusprot overload table"
pass out quick on ste0 proto icmp all keep state label "let out anything from firewall host itself"
pass out quick on nfe0 proto icmp all keep state label "let out anything from firewall host itself"
pass out quick on ng0 proto icmp all keep state label "let out anything from firewall host itself"
pass out quick on ng0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself"
anchor "firewallout" all
pass out quick on nfe0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass out quick on ng0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass out quick on ste0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass out quick on enc0 all flags S/SA keep state label "IPSEC internal host to host"
pass out quick on ng0 proto icmp all keep state label "let out anything from firewall host itself"
anchor "anti-lockout" all
pass in quick on ste0 inet from any to 192.168.200.254 flags S/SA keep state label "anti-lockout web rule"
block drop in log proto tcp from <sshlockout> to any port = ssh label "sshlockout"
anchor "ftpproxy" all
anchor "pftpx/*" all
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = http flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = http keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = http flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = http keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto icmp all keep state label "USER_RULE"
pass in quick on ng0 inet proto icmp all keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27015 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27015 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27015 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27015 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27010 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27010 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27010 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27010 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27011 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27011 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27011 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27011 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27025 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27025 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27025 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27025 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = afs3-prserver flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = afs3-prserver keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = afs3-prserver flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = afs3-prserver keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 6003 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 6003 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 6003 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 6003 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27016 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27016 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27016 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27016 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27960 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27960 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27960 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27960 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27017 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27017 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27017 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27017 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27018 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27018 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27018 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27018 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27030 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27030 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27030 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27030 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27019 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27019 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27019 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27019 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27020 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27020 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27020 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27020 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27021 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27021 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27021 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27021 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27031 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27031 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27031 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27031 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27022 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27022 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27022 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27022 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 52001 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 52001 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 52001 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 52001 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27032 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27032 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27032 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27032 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27033 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27033 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27033 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27033 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27035 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27035 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27035 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27035 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27036 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27036 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27036 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27036 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27037 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27037 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27037 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27037 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27038 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27038 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27038 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27038 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27039 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27039 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27039 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27039 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27041 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27041 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27041 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27041 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27042 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27042 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27042 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27042 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27043 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27043 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27043 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27043 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27044 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27044 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27044 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27044 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27045 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27045 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27045 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27045 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27046 flags S/SA keep state label "USER_RULE"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27046 keep state label "USER_RULE"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27046 flags S/SA keep state label "USER_RULE"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27046 keep state label "USER_RULE"
pass in quick on nfe0 inet proto tcp from 89.20.141.32 to 192.168.200.1 port = ssh flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from 89.20.141.32 to 192.168.200.1 port = ssh keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from 89.20.141.32 to 192.168.200.1 port = ssh flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from 89.20.141.32 to 192.168.200.1 port = ssh keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 10000 flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 10000 keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 10000 flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 10000 keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27047 flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27047 keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27047 flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27047 keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27048 flags S/SA keep state label "USER_RULE: NAT Virtual_Server_CS_27048"
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27048 keep state label "USER_RULE: NAT Virtual_Server_CS_27048"
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27048 flags S/SA keep state label "USER_RULE: NAT Virtual_Server_CS_27048"
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27048 keep state label "USER_RULE: NAT Virtual_Server_CS_27048"
pass in quick on ste0 inet from 192.168.200.0/24 to any flags S/SA keep state label "USER_RULE: Default LAN -> any"
pass in quick on ste0 inet proto tcp from 192.168.200.0/24 to 127.0.0.1 port 7999 >< 8031 flags S/SA keep state label "USER_RULE: FTP-LAN-INNET"
pass in quick on ste0 inet proto udp from 192.168.200.0/24 to 127.0.0.1 port 7999 >< 8031 keep state label "USER_RULE: FTP-LAN-INNET"
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = ftp flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = ftp keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = ftp flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = ftp keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto tcp from any to 217.197.240.43 port = ftp flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 217.197.240.43 port = ftp keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 217.197.240.43 port = ftp flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 217.197.240.43 port = ftp keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = ftp-data flags S/SA keep state label "USER_RULE: NAT "
pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = ftp-data keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = ftp-data flags S/SA keep state label "USER_RULE: NAT "
pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = ftp-data keep state label "USER_RULE: NAT "
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = ftp-proxy flags S/SA keep state label "FTP PROXY: Allow traffic to localhost"
pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = ftp flags S/SA keep state label "FTP PROXY: Allow traffic to localhost"
pass in quick on ng0 inet proto tcp from any port = ftp-data to (ng0) port > 49000 flags S/SA keep state label "FTP PROXY: PASV mode data connection"
pass in quick on ng0 inet proto tcp from any to (ng0) port > 49000 flags S/SA keep state label "FTP PROXY: RFC959 violation workaround"
anchor "imspector" all
anchor "miniupnpd" all
block drop in log quick all label "Default block all just to be sure."
block drop out log quick all label "Default block all just to be sure."</sshlockout></virusprot></snort2c></snort2c>

$ pfctl -sn
nat-anchor "pftpx/*" all
nat-anchor "natearly/*" all
nat-anchor "natrules/*" all
nat on nfe0 inet from 192.168.200.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin
nat on ng0 inet from 192.168.200.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin
nat on nfe0 inet from 192.168.200.0/24 port = 5060 to any port = 5060 -> (ng0) port 5060 round-robin
nat on ng0 inet from 192.168.200.0/24 port = 5060 to any port = 5060 -> (ng0) port 5060 round-robin
nat on nfe0 inet from 192.168.200.0/24 to any -> (ng0) round-robin
nat on ng0 inet from 192.168.200.0/24 to any -> (ng0) round-robin
rdr-anchor "pftpx/*" all
rdr-anchor "slb" all
no rdr on ste0 proto tcp from any to <vpns> port = ftp
rdr on ste0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8021
rdr on ng0 inet proto tcp from any to 217.197.240.43 port = http -> 192.168.200.1
rdr on ng0 inet proto udp from any to 217.197.240.43 port = http -> 192.168.200.1
rdr on ste0 inet proto tcp from any to 217.197.240.43 port = http -> 127.0.0.1 port 19000
rdr on ste0 inet proto udp from any to 217.197.240.43 port = http -> 127.0.0.1 port 19001
rdr on ng0 inet proto tcp from any to any port = 27015 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27015 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27015 -> 127.0.0.1 port 19002
rdr on ste0 inet proto udp from any to any port = 27015 -> 127.0.0.1 port 19003
rdr on ng0 inet proto tcp from any to any port = 27010 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27010 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27010 -> 127.0.0.1 port 19004
rdr on ste0 inet proto udp from any to any port = 27010 -> 127.0.0.1 port 19005
rdr on ng0 inet proto tcp from any to any port = 27011 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27011 -> 127.0.0.1 port 19006
rdr on ng0 inet proto tcp from any to any port = 27040 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27040 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27040 -> 127.0.0.1 port 19007
rdr on ste0 inet proto udp from any to any port = 27040 -> 127.0.0.1 port 19008
rdr on ng0 inet proto tcp from any to any port = 27025 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27025 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27025 -> 127.0.0.1 port 19009
rdr on ste0 inet proto udp from any to any port = 27025 -> 127.0.0.1 port 19010
rdr on ng0 inet proto tcp from any to any port = afs3-prserver -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = afs3-prserver -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = afs3-prserver -> 127.0.0.1 port 19011
rdr on ste0 inet proto udp from any to any port = afs3-prserver -> 127.0.0.1 port 19012
rdr on ng0 inet proto tcp from any to any port = 6003 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 6003 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 6003 -> 127.0.0.1 port 19013
rdr on ste0 inet proto udp from any to any port = 6003 -> 127.0.0.1 port 19014
rdr on ng0 inet proto tcp from any to any port = 27016 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27016 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27016 -> 127.0.0.1 port 19015
rdr on ste0 inet proto udp from any to any port = 27016 -> 127.0.0.1 port 19016
rdr on ng0 inet proto tcp from any to 217.197.240.43 port = 27960 -> 192.168.200.1
rdr on ng0 inet proto udp from any to 217.197.240.43 port = 27960 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to 217.197.240.43 port = 27960 -> 127.0.0.1 port 19017
rdr on ste0 inet proto udp from any to 217.197.240.43 port = 27960 -> 127.0.0.1 port 19018
rdr on ng0 inet proto tcp from any to any port = 27017 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27017 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27017 -> 127.0.0.1 port 19019
rdr on ste0 inet proto udp from any to any port = 27017 -> 127.0.0.1 port 19020
rdr on ng0 inet proto tcp from any to any port = 27018 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27018 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27018 -> 127.0.0.1 port 19021
rdr on ste0 inet proto udp from any to any port = 27018 -> 127.0.0.1 port 19022
rdr on ng0 inet proto tcp from any to any port = 27019 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27019 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27019 -> 127.0.0.1 port 19023
rdr on ste0 inet proto udp from any to any port = 27019 -> 127.0.0.1 port 19024
rdr on ng0 inet proto tcp from any to any port = 27020 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27020 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27020 -> 127.0.0.1 port 19025
rdr on ste0 inet proto udp from any to any port = 27020 -> 127.0.0.1 port 19026
rdr on ng0 inet proto tcp from any to any port = 27030 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27030 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27030 -> 127.0.0.1 port 19027
rdr on ste0 inet proto udp from any to any port = 27030 -> 127.0.0.1 port 19028
rdr on ng0 inet proto tcp from any to any port = 27021 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27021 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27021 -> 127.0.0.1 port 19029
rdr on ste0 inet proto udp from any to any port = 27021 -> 127.0.0.1 port 19030
rdr on ng0 inet proto tcp from any to any port = 27031 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27031 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27031 -> 127.0.0.1 port 19031
rdr on ste0 inet proto udp from any to any port = 27031 -> 127.0.0.1 port 19032
rdr on ng0 inet proto tcp from any to any port = 27022 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27022 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27022 -> 127.0.0.1 port 19033
rdr on ste0 inet proto udp from any to any port = 27022 -> 127.0.0.1 port 19034
rdr on ng0 inet proto tcp from any to any port = 52001 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 52001 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 52001 -> 127.0.0.1 port 19035
rdr on ste0 inet proto udp from any to any port = 52001 -> 127.0.0.1 port 19036
rdr on ng0 inet proto tcp from any to any port = 27032 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27032 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27032 -> 127.0.0.1 port 19037
rdr on ste0 inet proto udp from any to any port = 27032 -> 127.0.0.1 port 19038
rdr on ng0 inet proto tcp from any to any port = 27033 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27033 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27033 -> 127.0.0.1 port 19039
rdr on ste0 inet proto udp from any to any port = 27033 -> 127.0.0.1 port 19040
rdr on ng0 inet proto tcp from any to any port = 27035 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27035 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27035 -> 127.0.0.1 port 19041
rdr on ste0 inet proto udp from any to any port = 27035 -> 127.0.0.1 port 19042
rdr on ng0 inet proto tcp from any to any port = 27036 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27036 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27036 -> 127.0.0.1 port 19043
rdr on ste0 inet proto udp from any to any port = 27036 -> 127.0.0.1 port 19044
rdr on ng0 inet proto tcp from any to any port = 27037 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27037 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27037 -> 127.0.0.1 port 19045
rdr on ste0 inet proto udp from any to any port = 27037 -> 127.0.0.1 port 19046
rdr on ng0 inet proto tcp from any to any port = 27038 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27038 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27038 -> 127.0.0.1 port 19047
rdr on ste0 inet proto udp from any to any port = 27038 -> 127.0.0.1 port 19048
rdr on ng0 inet proto tcp from any to any port = 27039 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27039 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27039 -> 127.0.0.1 port 19049
rdr on ste0 inet proto udp from any to any port = 27039 -> 127.0.0.1 port 19050
rdr on ng0 inet proto tcp from any to any port = 27041 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27041 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27041 -> 127.0.0.1 port 19051
rdr on ste0 inet proto udp from any to any port = 27041 -> 127.0.0.1 port 19052
rdr on ng0 inet proto tcp from any to any port = 27042 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27042 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27042 -> 127.0.0.1 port 19053
rdr on ste0 inet proto udp from any to any port = 27042 -> 127.0.0.1 port 19054
rdr on ng0 inet proto tcp from any to any port = 27043 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27043 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27043 -> 127.0.0.1 port 19055
rdr on ste0 inet proto udp from any to any port = 27043 -> 127.0.0.1 port 19056
rdr on ng0 inet proto tcp from any to any port = 27044 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27044 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27044 -> 127.0.0.1 port 19057
rdr on ste0 inet proto udp from any to any port = 27044 -> 127.0.0.1 port 19058
rdr on ng0 inet proto tcp from any to any port = 27045 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27045 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27045 -> 127.0.0.1 port 19059
rdr on ste0 inet proto udp from any to any port = 27045 -> 127.0.0.1 port 19060
rdr on ng0 inet proto tcp from any to any port = 27046 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27046 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27046 -> 127.0.0.1 port 19061
rdr on ste0 inet proto udp from any to any port = 27046 -> 127.0.0.1 port 19062
rdr on ng0 inet proto tcp from any to any port = 27047 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27047 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27047 -> 127.0.0.1 port 19063
rdr on ste0 inet proto udp from any to any port = 27047 -> 127.0.0.1 port 19064
rdr on ng0 inet proto tcp from any to any port = 27048 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 27048 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 27048 -> 127.0.0.1 port 19065
rdr on ste0 inet proto udp from any to any port = 27048 -> 127.0.0.1 port 19066
rdr on ng0 inet proto tcp from any to any port = ssh -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = ssh -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = ssh -> 127.0.0.1 port 19067
rdr on ste0 inet proto udp from any to any port = ssh -> 127.0.0.1 port 19068
rdr on ng0 inet proto tcp from any to any port = 10000 -> 192.168.200.1
rdr on ng0 inet proto udp from any to any port = 10000 -> 192.168.200.1
rdr on ste0 inet proto tcp from any to any port = 10000 -> 127.0.0.1 port 19069
rdr on ste0 inet proto udp from any to any port = 10000 -> 127.0.0.1 port 19070
rdr on ng0 inet proto tcp from any to 217.197.240.43 port = ftp-data -> 192.168.200.1
rdr on ng0 inet proto udp from any to 217.197.240.43 port = ftp-data -> 192.168.200.1
rdr on ste0 inet proto tcp from any to 217.197.240.43 port = ftp-data -> 127.0.0.1 port 19071
rdr on ste0 inet proto udp from any to 217.197.240.43 port = ftp-data -> 127.0.0.1 port 19072
rdr-anchor "imspector" all
rdr-anchor "miniupnpd" all
rdr on ste0 inet proto tcp from any to (ste0) port = 3128 -> 127.0.0.1 port 3128
rdr on ng0 inet proto tcp from any to (ng0) port = 3128 -> 127.0.0.1 port 3128</vpns>