Помогите разобраться с сыкой котарая испl
-
дык у тебя pptp-сервер запущен на pfSense, он никогда (ну хорошо - врядли) не будет работать вместе с pptp на WAN
-
Тоесть если я отключу pptp то у меня всо долно заработать?
-
Отключил pptp, не помлгло все то же самое.
$ netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 217.197.255.32 UGS 0 119152632 ng0 127.0.0.1 127.0.0.1 UH 0 63176 lo0 192.168.200.0/24 link#2 UC 0 0 ste0 192.168.200.1 00:15:17:e5:72:77 UHLW 1 215163027 ste0 1118 192.168.200.104 link#2 UHLW 1 56 ste0 217.197.240.43 lo0 UHS 0 252 lo0 217.197.255.32 217.197.240.43 UH 1 6700 ng0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UHL lo0 fe80::%nfe0/64 link#1 UC nfe0 fe80::21d:60ff:fed3:aa04%nfe0 00:1d:60:d3:aa:04 UHL lo0 fe80::%ste0/64 link#2 UC ste0 fe80::22cf:30ff:feb6:c1b1%ste0 20:cf:30:b6:c1:b1 UHL lo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#3 UHL lo0 fe80::%ng0/64 link#7 UC ng0 fe80::21d:60ff:fed3:aa04%ng0 link#7 UHL lo0 ff01:1::/32 link#1 UC nfe0 ff01:2::/32 link#2 UC ste0 ff01:3::/32 ::1 UC lo0 ff01:7::/32 link#7 UC ng0 ff02::%nfe0/32 link#1 UC nfe0 ff02::%ste0/32 link#2 UC ste0 ff02::%lo0/32 ::1 UC lo0 ff02::%ng0/32 link#7 UC ng0$ ifconfig nfe0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=14b <rxcsum,txcsum,vlan_mtu,polling,tso4>ether 00:1d:60:d3:aa:04 inet6 fe80::21d:60ff:fed3:aa04%nfe0 prefixlen 64 scopeid 0x1 media: Ethernet autoselect (100baseTX <full-duplex>) status: active ste0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=48 <vlan_mtu,polling>ether 20:cf:30:b6:c1:b1 inet 192.168.200.254 netmask 0xffffff00 broadcast 192.168.200.255 inet6 fe80::22cf:30ff:feb6:c1b1%ste0 prefixlen 64 scopeid 0x2 media: Ethernet autoselect (100baseTX <full-duplex>) status: active lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 enc0: flags=0<> metric 0 mtu 1536 pflog0: flags=100 <promisc>metric 0 mtu 33204 pfsync0: flags=41 <up,running>metric 0 mtu 1460 pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128 ng0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492 inet6 fe80::21d:60ff:fed3:aa04%ng0 prefixlen 64 scopeid 0x7 inet 217.197.240.43 --> 217.197.255.32 netmask 0xffffffff</up,pointopoint,running,noarp,simplex,multicast></up,running></promisc></up,loopback,running,multicast></full-duplex></vlan_mtu,polling></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,polling,tso4></up,broadcast,running,simplex,multicast>Dec 10 08:42:47 check_reload_status: starting sshd Dec 10 08:42:48 sshd[2256]: Received signal 15; terminating. Dec 10 08:42:48 sshd[52354]: Server listening on :: port 22. Dec 10 08:42:48 sshd[52354]: Server listening on 0.0.0.0 port 22. Dec 10 08:43:49 mpd: mpd: caught fatal signal term Dec 10 08:43:49 mpd: [pt0] IPCP: Down event Dec 10 08:43:49 mpd: [pt0] IFACE: Close event Dec 10 08:43:49 mpd: [pt1] IPCP: Down event Dec 10 08:43:49 mpd: [pt1] IFACE: Close event Dec 10 08:43:49 mpd: [pt2] IPCP: Down event Dec 10 08:43:49 mpd: [pt2] IFACE: Close event Dec 10 08:43:49 mpd: [pt3] IPCP: Down event Dec 10 08:43:49 mpd: [pt3] IFACE: Close event Dec 10 08:43:49 mpd: [pt4] IPCP: Down event Dec 10 08:43:49 mpd: [pt4] IFACE: Close event Dec 10 08:43:49 mpd: [pt5] IPCP: Down event Dec 10 08:43:49 mpd: [pt5] IFACE: Close event Dec 10 08:43:49 mpd: [pt6] IPCP: Down event Dec 10 08:43:49 mpd: [pt6] IFACE: Close event Dec 10 08:43:49 mpd: [pt7] IPCP: Down event Dec 10 08:43:49 mpd: [pt7] IFACE: Close event Dec 10 08:43:49 mpd: [pt8] IPCP: Down event Dec 10 08:43:49 mpd: [pt8] IFACE: Close event Dec 10 08:43:49 mpd: [pt9] IPCP: Down event Dec 10 08:43:49 mpd: [pt9] IFACE: Close event Dec 10 08:43:49 mpd: [pt10] IPCP: Down event Dec 10 08:43:49 mpd: [pt10] IFACE: Close event Dec 10 08:43:49 mpd: [pt11] IPCP: Down event Dec 10 08:43:49 mpd: [pt11] IFACE: Close event Dec 10 08:43:49 mpd: [pt12] IPCP: Down event Dec 10 08:43:49 mpd: [pt12] IFACE: Close event Dec 10 08:43:49 mpd: [pt13] IPCP: Down event Dec 10 08:43:49 mpd: [pt13] IFACE: Close event Dec 10 08:43:49 mpd: [pt14] IPCP: Down event Dec 10 08:43:49 mpd: [pt14] IFACE: Close event Dec 10 08:43:49 mpd: [pt15] IPCP: Down event Dec 10 08:43:49 mpd: [pt15] IFACE: Close event Dec 10 08:43:51 mpd: mpd: process 10295 terminated Dec 10 08:43:52 php: /vpn_pptp.php: Could not kill mpd within 3 seconds. Trying again. Dec 10 08:43:53 check_reload_status: reloading filter Dec 10 08:48:20 check_reload_status: reloading filter Dec 10 08:48:21 check_reload_status: starting sshd Dec 10 08:48:22 sshd[52354]: Received signal 15; terminating. Dec 10 08:48:22 sshd[54653]: Server listening on :: port 22. Dec 10 08:48:22 sshd[54653]: Server listening on 0.0.0.0 port 22. Dec 10 08:50:27 check_reload_status: reloading filter Dec 10 08:50:29 check_reload_status: starting sshd Dec 10 08:50:30 sshd[54653]: Received signal 15; terminating. Dec 10 08:50:30 sshd[55177]: Server listening on :: port 22. Dec 10 08:50:30 sshd[55177]: Server listening on 0.0.0.0 port 22.При отключеном pptp, все тоже самое, ни локалки, ни инета :'(
-
Сейчас всё правильно, как проверяешь локалку и интернет?
-
дык у тебя pptp-сервер запущен на pfSense, он никогда (ну хорошо - врядли) не будет работать вместе с pptp на WAN
все отлично работало.. вот только не помню коннекты были на pptp адрес или на серый
-
Я понять ничего не могу, Вы говорите что все нормально. Но когда я снимаю галочку с Disable NAT Reflection, у меня вообще все отваливается и локалка не работает и инет. :'( Я не понимаю в чем дело. Все настроил, все работает. Но вот локальные ресурсу никак. может Вам сбросить status.php? Там полная картина конфига.
-
как проверяешь локалку и интернет?
-
параметры сети
192.168.200.0/24
гейт 192.168.200.254 (Онже и pfSense)
DNS 192.168.200.1Захожу на 192.168.200.254
System: Advanced functions - Снимаю галочку с "Disable NAT Reflection", кликаю на "Save"
Захжу на комп с IP 192.168.200.145. Пытаюсь зайти на www.yandex.ru. Ничего он просто долго тупит…. Но так и не открывает сайт. Пытаюсьзайти на локальные ресурсы. Тоже самое, долго тупит, но страницу в этоге так и не открывает.Снимаю галочку на "Disable NAT Reflection" кликаю на "Save", интернет тут же появляются, локальные ресурсы все так же не отображаются.
Вто то что я делаю.
Я тут одному знакомому форумчанениу, который настраивал уже у себя этого зверька закинул свой конфиг на анализ status.php. И вот что получил в ответБегло пробежался. На сколько я понял, инет идёт через pppoe. Получается три интерфейса: локалка своя, локалка провайдера и виртуальный интерфейс с инетом. А в конфиге только два. Это уже наводит на мысли.
Кстати, может по этому rip так у мея и не заработал….
-
скинь мне```
ifconfig
netstat -rn
pfctl -sr
pfctl -snдля двух случаев: 1) когда disable nat reflection галка стоит 2) галка убрана. -
Когда галочка стоит
$ ifconfig nfe0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=14b <rxcsum,txcsum,vlan_mtu,polling,tso4>ether 00:1d:60:d3:aa:04 inet6 fe80::21d:60ff:fed3:aa04%nfe0 prefixlen 64 scopeid 0x1 media: Ethernet autoselect (100baseTX <full-duplex>) status: active ste0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=48 <vlan_mtu,polling>ether 20:cf:30:b6:c1:b1 inet6 fe80::22cf:30ff:feb6:c1b1%ste0 prefixlen 64 scopeid 0x2 inet 192.168.200.254 netmask 0xffffff00 broadcast 192.168.200.255 media: Ethernet autoselect (100baseTX <full-duplex>) status: active lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 enc0: flags=0<> metric 0 mtu 1536 pflog0: flags=100 <promisc>metric 0 mtu 33204 pfsync0: flags=41 <up,running>metric 0 mtu 1460 pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128 ng0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492 inet6 fe80::21d:60ff:fed3:aa04%ng0 prefixlen 64 scopeid 0x7 inet 217.197.240.43 --> 217.197.255.32 netmask 0xffffffff</up,pointopoint,running,noarp,simplex,multicast></up,running></promisc></up,loopback,running,multicast></full-duplex></vlan_mtu,polling></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,polling,tso4></up,broadcast,running,simplex,multicast>$ netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 217.197.255.32 UGS 0 61336831 ng0 127.0.0.1 127.0.0.1 UH 0 133499 lo0 192.168.200.0/24 link#2 UC 0 0 ste0 192.168.200.1 00:15:17:e5:72:77 UHLW 1 189537540 ste0 730 192.168.200.105 00:13:e8:9b:b2:15 UHLW 1 4121 ste0 752 217.197.240.43 lo0 UHS 0 0 lo0 217.197.255.32 217.197.240.43 UH 1 1485 ng0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UHL lo0 fe80::%nfe0/64 link#1 UC nfe0 fe80::21d:60ff:fed3:aa04%nfe0 00:1d:60:d3:aa:04 UHL lo0 fe80::%ste0/64 link#2 UC ste0 fe80::22cf:30ff:feb6:c1b1%ste0 20:cf:30:b6:c1:b1 UHL lo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#3 UHL lo0 fe80::%ng0/64 link#7 UC ng0 fe80::21d:60ff:fed3:aa04%ng0 link#7 UHL lo0 ff01:1::/32 link#1 UC nfe0 ff01:2::/32 link#2 UC ste0 ff01:3::/32 ::1 UC lo0 ff01:7::/32 link#7 UC ng0 ff02::%nfe0/32 link#1 UC nfe0 ff02::%ste0/32 link#2 UC ste0 ff02::%lo0/32 ::1 UC lo0 ff02::%ng0/32 link#7 UC ng0$ pfctl -sr scrub all random-id max-mss 1452 fragment reassemble anchor "ftpsesame/*" all anchor "firewallrules" all block drop quick proto tcp from any port = 0 to any block drop quick proto udp from any port = 0 to any block drop quick proto tcp from any to any port = 0 block drop quick proto udp from any to any port = 0 block drop quick from <snort2c> to any label "Block snort2c hosts" block drop quick from any to <snort2c> label "Block snort2c hosts" anchor "loopback" all pass in quick on lo0 all flags S/SA keep state label "pass loopback" pass out quick on lo0 all flags S/SA keep state label "pass loopback" anchor "packageearly" all anchor "carp" all pass quick inet proto icmp from 217.197.240.43 to any keep state anchor "dhcpserverlan" all pass in quick on ste0 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server on LAN" pass in quick on ste0 inet proto udp from any port = bootpc to 192.168.200.254 port = bootps keep state label "allow access to DHCP server on LAN" pass out quick on ste0 inet proto udp from 192.168.200.254 port = bootps to any port = bootpc keep state label "allow access to DHCP server on LAN" block drop in log quick on nfe0 inet proto udp from any port = bootps to 192.168.200.0/24 port = bootpc label "block dhcp client out wan" block drop in log quick on ng0 inet proto udp from any port = bootps to 192.168.200.0/24 port = bootpc label "block dhcp client out wan" pass in quick on nfe0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out wan" pass in quick on ng0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out wan" block drop in on ! ste0 inet from 192.168.200.0/24 to any block drop in on ste0 inet6 from fe80::22cf:30ff:feb6:c1b1 to any block drop in inet from 192.168.200.254 to any anchor "spoofing" all anchor "limitingesr" all block drop in quick from <virusprot> to any label "virusprot overload table" pass out quick on ste0 proto icmp all keep state label "let out anything from firewall host itself" pass out quick on nfe0 proto icmp all keep state label "let out anything from firewall host itself" pass out quick on ng0 proto icmp all keep state label "let out anything from firewall host itself" pass out quick on ng0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself" anchor "firewallout" all pass out quick on nfe0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass out quick on ng0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass out quick on ste0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass out quick on enc0 all flags S/SA keep state label "IPSEC internal host to host" pass out quick on ng0 proto icmp all keep state label "let out anything from firewall host itself" anchor "anti-lockout" all pass in quick on ste0 inet from any to 192.168.200.254 flags S/SA keep state label "anti-lockout web rule" block drop in log proto tcp from <sshlockout> to any port = ssh label "sshlockout" anchor "ftpproxy" all anchor "pftpx/*" all pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = http flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = http keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = http flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = http keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto icmp all keep state label "USER_RULE" pass in quick on ng0 inet proto icmp all keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27015 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27015 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27015 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27015 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27010 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27010 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27010 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27010 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27011 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27011 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27011 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27011 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27025 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27025 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27025 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27025 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = afs3-prserver flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = afs3-prserver keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = afs3-prserver flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = afs3-prserver keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 6003 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 6003 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 6003 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 6003 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27016 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27016 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27016 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27016 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27960 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27960 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27960 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27960 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27017 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27017 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27017 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27017 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27018 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27018 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27018 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27018 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27030 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27030 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27030 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27030 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27019 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27019 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27019 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27019 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27020 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27020 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27020 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27020 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27021 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27021 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27021 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27021 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27031 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27031 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27031 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27031 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27022 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27022 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27022 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27022 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 52001 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 52001 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 52001 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 52001 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27032 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27032 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27032 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27032 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27033 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27033 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27033 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27033 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27035 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27035 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27035 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27035 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27036 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27036 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27036 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27036 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27037 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27037 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27037 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27037 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27038 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27038 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27038 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27038 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27039 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27039 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27039 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27039 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27041 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27041 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27041 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27041 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27042 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27042 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27042 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27042 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27043 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27043 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27043 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27043 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27044 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27044 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27044 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27044 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27045 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27045 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27045 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27045 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27046 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27046 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27046 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27046 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from 89.20.141.32 to 192.168.200.1 port = ssh flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from 89.20.141.32 to 192.168.200.1 port = ssh keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from 89.20.141.32 to 192.168.200.1 port = ssh flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from 89.20.141.32 to 192.168.200.1 port = ssh keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 10000 flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 10000 keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 10000 flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 10000 keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27047 flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27047 keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27047 flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27047 keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27048 flags S/SA keep state label "USER_RULE: NAT Virtual_Server_CS_27048" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27048 keep state label "USER_RULE: NAT Virtual_Server_CS_27048" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27048 flags S/SA keep state label "USER_RULE: NAT Virtual_Server_CS_27048" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27048 keep state label "USER_RULE: NAT Virtual_Server_CS_27048" pass in quick on ste0 inet from 192.168.200.0/24 to any flags S/SA keep state label "USER_RULE: Default LAN -> any" pass in quick on ste0 inet proto tcp from 192.168.200.0/24 to 127.0.0.1 port 7999 >< 8031 flags S/SA keep state label "USER_RULE: FTP-LAN-INNET" pass in quick on ste0 inet proto udp from 192.168.200.0/24 to 127.0.0.1 port 7999 >< 8031 keep state label "USER_RULE: FTP-LAN-INNET" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = ftp flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = ftp keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = ftp flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = ftp keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto tcp from any to 217.197.240.43 port = ftp flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 217.197.240.43 port = ftp keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 217.197.240.43 port = ftp flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 217.197.240.43 port = ftp keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = ftp-data flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = ftp-data keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = ftp-data flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = ftp-data keep state label "USER_RULE: NAT " pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = ftp-proxy flags S/SA keep state label "FTP PROXY: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = ftp flags S/SA keep state label "FTP PROXY: Allow traffic to localhost" pass in quick on ng0 inet proto tcp from any port = ftp-data to (ng0) port > 49000 flags S/SA keep state label "FTP PROXY: PASV mode data connection" pass in quick on ng0 inet proto tcp from any to (ng0) port > 49000 flags S/SA keep state label "FTP PROXY: RFC959 violation workaround" anchor "imspector" all anchor "miniupnpd" all block drop in log quick all label "Default block all just to be sure." block drop out log quick all label "Default block all just to be sure."</sshlockout></virusprot></snort2c></snort2c>$ pfctl -sn nat-anchor "pftpx/*" all nat-anchor "natearly/*" all nat-anchor "natrules/*" all nat on nfe0 inet from 192.168.200.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin nat on ng0 inet from 192.168.200.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin nat on nfe0 inet from 192.168.200.0/24 port = 5060 to any port = 5060 -> (ng0) port 5060 round-robin nat on ng0 inet from 192.168.200.0/24 port = 5060 to any port = 5060 -> (ng0) port 5060 round-robin nat on nfe0 inet from 192.168.200.0/24 to any -> (ng0) round-robin nat on ng0 inet from 192.168.200.0/24 to any -> (ng0) round-robin rdr-anchor "pftpx/*" all rdr-anchor "slb" all no rdr on ste0 proto tcp from any to <vpns> port = ftp rdr on ste0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8021 rdr on ng0 inet proto tcp from any to any port = http -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = http -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27015 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27015 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27010 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27010 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27011 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27040 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27040 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27025 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27025 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = afs3-prserver -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = afs3-prserver -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 6003 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 6003 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27016 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27016 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to 217.197.240.43 port = 27960 -> 192.168.200.1 rdr on ng0 inet proto udp from any to 217.197.240.43 port = 27960 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27017 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27017 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27018 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27018 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27019 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27019 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27020 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27020 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27030 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27030 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27021 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27021 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27031 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27031 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27022 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27022 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 52001 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 52001 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27032 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27032 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27033 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27033 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27035 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27035 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27036 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27036 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27037 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27037 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27038 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27038 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27039 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27039 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27041 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27041 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27042 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27042 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27043 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27043 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27044 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27044 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27045 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27045 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27046 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27046 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27047 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27047 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 27048 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27048 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = ssh -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = ssh -> 192.168.200.1 rdr on ng0 inet proto tcp from any to any port = 10000 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 10000 -> 192.168.200.1 rdr on ng0 inet proto tcp from any to 217.197.240.43 port = ftp-data -> 192.168.200.1 rdr on ng0 inet proto udp from any to 217.197.240.43 port = ftp-data -> 192.168.200.1 rdr-anchor "imspector" all rdr-anchor "miniupnpd" all rdr on ste0 inet proto tcp from any to (ste0) port = 3128 -> 127.0.0.1 port 3128 rdr on ng0 inet proto tcp from any to (ng0) port = 3128 -> 127.0.0.1 port 3128</vpns> -
Когда галочка снята
$ ifconfig nfe0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=14b <rxcsum,txcsum,vlan_mtu,polling,tso4>ether 00:1d:60:d3:aa:04 inet6 fe80::21d:60ff:fed3:aa04%nfe0 prefixlen 64 scopeid 0x1 media: Ethernet autoselect (100baseTX <full-duplex>) status: active ste0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=48 <vlan_mtu,polling>ether 20:cf:30:b6:c1:b1 inet6 fe80::22cf:30ff:feb6:c1b1%ste0 prefixlen 64 scopeid 0x2 inet 192.168.200.254 netmask 0xffffff00 broadcast 192.168.200.255 media: Ethernet autoselect (100baseTX <full-duplex>) status: active lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 enc0: flags=0<> metric 0 mtu 1536 pflog0: flags=100 <promisc>metric 0 mtu 33204 pfsync0: flags=41 <up,running>metric 0 mtu 1460 pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128 ng0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492 inet6 fe80::21d:60ff:fed3:aa04%ng0 prefixlen 64 scopeid 0x7 inet 217.197.240.43 --> 217.197.255.32 netmask 0xffffffff</up,pointopoint,running,noarp,simplex,multicast></up,running></promisc></up,loopback,running,multicast></full-duplex></vlan_mtu,polling></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,polling,tso4></up,broadcast,running,simplex,multicast>$ netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 217.197.255.32 UGS 0 62701504 ng0 127.0.0.1 127.0.0.1 UH 0 133499 lo0 192.168.200.0/24 link#2 UC 0 0 ste0 192.168.200.1 00:15:17:e5:72:77 UHLW 1 190708362 ste0 330 192.168.200.105 00:13:e8:9b:b2:15 UHLW 1 4968 ste0 352 217.197.240.43 lo0 UHS 0 0 lo0 217.197.255.32 217.197.240.43 UH 1 1520 ng0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UHL lo0 fe80::%nfe0/64 link#1 UC nfe0 fe80::21d:60ff:fed3:aa04%nfe0 00:1d:60:d3:aa:04 UHL lo0 fe80::%ste0/64 link#2 UC ste0 fe80::22cf:30ff:feb6:c1b1%ste0 20:cf:30:b6:c1:b1 UHL lo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#3 UHL lo0 fe80::%ng0/64 link#7 UC ng0 fe80::21d:60ff:fed3:aa04%ng0 link#7 UHL lo0 ff01:1::/32 link#1 UC nfe0 ff01:2::/32 link#2 UC ste0 ff01:3::/32 ::1 UC lo0 ff01:7::/32 link#7 UC ng0 ff02::%nfe0/32 link#1 UC nfe0 ff02::%ste0/32 link#2 UC ste0 ff02::%lo0/32 ::1 UC lo0 ff02::%ng0/32 link#7 UC ng0$ pfctl -sr scrub all random-id max-mss 1452 fragment reassemble anchor "ftpsesame/*" all anchor "firewallrules" all block drop quick proto tcp from any port = 0 to any block drop quick proto udp from any port = 0 to any block drop quick proto tcp from any to any port = 0 block drop quick proto udp from any to any port = 0 block drop quick from <snort2c> to any label "Block snort2c hosts" block drop quick from any to <snort2c> label "Block snort2c hosts" anchor "loopback" all pass in quick on lo0 all flags S/SA keep state label "pass loopback" pass out quick on lo0 all flags S/SA keep state label "pass loopback" anchor "packageearly" all anchor "carp" all pass quick inet proto icmp from 217.197.240.43 to any keep state pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19000 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19001 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19002 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19003 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19004 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19005 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19006 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19007 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19008 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19009 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19010 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19011 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19012 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19013 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19014 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19015 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19016 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19017 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19018 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19019 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19020 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19021 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19022 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19023 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19024 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19025 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19026 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19027 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19028 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19029 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19030 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19031 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19032 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19033 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19034 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19035 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19036 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19037 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19038 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19039 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19040 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19041 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19042 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19043 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19044 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19045 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19046 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19047 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19048 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19049 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19050 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19051 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19052 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19053 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19054 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19055 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19056 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19057 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19058 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19059 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19060 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19061 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19062 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19063 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19064 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19065 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19066 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19067 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19068 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19069 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19070 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19071 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19072 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19073 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19074 keep state label "NAT REFLECT: Allow traffic to localhost" anchor "dhcpserverlan" all pass in quick on ste0 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server on LAN" pass in quick on ste0 inet proto udp from any port = bootpc to 192.168.200.254 port = bootps keep state label "allow access to DHCP server on LAN" pass out quick on ste0 inet proto udp from 192.168.200.254 port = bootps to any port = bootpc keep state label "allow access to DHCP server on LAN" block drop in log quick on nfe0 inet proto udp from any port = bootps to 192.168.200.0/24 port = bootpc label "block dhcp client out wan" block drop in log quick on ng0 inet proto udp from any port = bootps to 192.168.200.0/24 port = bootpc label "block dhcp client out wan" pass in quick on nfe0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out wan" pass in quick on ng0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out wan" block drop in on ! ste0 inet from 192.168.200.0/24 to any block drop in on ste0 inet6 from fe80::22cf:30ff:feb6:c1b1 to any block drop in inet from 192.168.200.254 to any anchor "spoofing" all anchor "limitingesr" all block drop in quick from <virusprot> to any label "virusprot overload table" pass out quick on ste0 proto icmp all keep state label "let out anything from firewall host itself" pass out quick on nfe0 proto icmp all keep state label "let out anything from firewall host itself" pass out quick on ng0 proto icmp all keep state label "let out anything from firewall host itself" pass out quick on ng0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself" anchor "firewallout" all pass out quick on nfe0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass out quick on ng0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass out quick on ste0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass out quick on enc0 all flags S/SA keep state label "IPSEC internal host to host" pass out quick on ng0 proto icmp all keep state label "let out anything from firewall host itself" anchor "anti-lockout" all pass in quick on ste0 inet from any to 192.168.200.254 flags S/SA keep state label "anti-lockout web rule" block drop in log proto tcp from <sshlockout> to any port = ssh label "sshlockout" anchor "ftpproxy" all anchor "pftpx/*" all pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = http flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = http keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = http flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = http keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto icmp all keep state label "USER_RULE" pass in quick on ng0 inet proto icmp all keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27015 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27015 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27015 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27015 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27010 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27010 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27010 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27010 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27011 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27011 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27011 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27011 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27025 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27025 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27025 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27025 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = afs3-prserver flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = afs3-prserver keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = afs3-prserver flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = afs3-prserver keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 6003 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 6003 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 6003 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 6003 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27016 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27016 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27016 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27016 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27960 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27960 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27960 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27960 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27017 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27017 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27017 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27017 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27018 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27018 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27018 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27018 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27030 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27030 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27030 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27030 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27019 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27019 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27019 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27019 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27020 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27020 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27020 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27020 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27021 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27021 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27021 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27021 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27031 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27031 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27031 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27031 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27022 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27022 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27022 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27022 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 52001 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 52001 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 52001 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 52001 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27032 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27032 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27032 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27032 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27033 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27033 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27033 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27033 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27035 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27035 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27035 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27035 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27036 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27036 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27036 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27036 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27037 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27037 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27037 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27037 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27038 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27038 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27038 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27038 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27039 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27039 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27039 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27039 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27041 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27041 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27041 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27041 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27042 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27042 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27042 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27042 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27043 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27043 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27043 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27043 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27044 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27044 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27044 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27044 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27045 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27045 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27045 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27045 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27046 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27046 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27046 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27046 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from 89.20.141.32 to 192.168.200.1 port = ssh flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from 89.20.141.32 to 192.168.200.1 port = ssh keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from 89.20.141.32 to 192.168.200.1 port = ssh flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from 89.20.141.32 to 192.168.200.1 port = ssh keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 10000 flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 10000 keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 10000 flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 10000 keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27047 flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27047 keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27047 flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27047 keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27048 flags S/SA keep state label "USER_RULE: NAT Virtual_Server_CS_27048" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27048 keep state label "USER_RULE: NAT Virtual_Server_CS_27048" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27048 flags S/SA keep state label "USER_RULE: NAT Virtual_Server_CS_27048" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27048 keep state label "USER_RULE: NAT Virtual_Server_CS_27048" pass in quick on ste0 inet from 192.168.200.0/24 to any flags S/SA keep state label "USER_RULE: Default LAN -> any" pass in quick on ste0 inet proto tcp from 192.168.200.0/24 to 127.0.0.1 port 7999 >< 8031 flags S/SA keep state label "USER_RULE: FTP-LAN-INNET" pass in quick on ste0 inet proto udp from 192.168.200.0/24 to 127.0.0.1 port 7999 >< 8031 keep state label "USER_RULE: FTP-LAN-INNET" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = ftp flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = ftp keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = ftp flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = ftp keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto tcp from any to 217.197.240.43 port = ftp flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 217.197.240.43 port = ftp keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 217.197.240.43 port = ftp flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 217.197.240.43 port = ftp keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = ftp-data flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = ftp-data keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = ftp-data flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = ftp-data keep state label "USER_RULE: NAT " pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = ftp-proxy flags S/SA keep state label "FTP PROXY: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = ftp flags S/SA keep state label "FTP PROXY: Allow traffic to localhost" pass in quick on ng0 inet proto tcp from any port = ftp-data to (ng0) port > 49000 flags S/SA keep state label "FTP PROXY: PASV mode data connection" pass in quick on ng0 inet proto tcp from any to (ng0) port > 49000 flags S/SA keep state label "FTP PROXY: RFC959 violation workaround" anchor "imspector" all anchor "miniupnpd" all block drop in log quick all label "Default block all just to be sure." block drop out log quick all label "Default block all just to be sure."</sshlockout></virusprot></snort2c></snort2c>$ pfctl -sn nat-anchor "pftpx/*" all nat-anchor "natearly/*" all nat-anchor "natrules/*" all nat on nfe0 inet from 192.168.200.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin nat on ng0 inet from 192.168.200.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin nat on nfe0 inet from 192.168.200.0/24 port = 5060 to any port = 5060 -> (ng0) port 5060 round-robin nat on ng0 inet from 192.168.200.0/24 port = 5060 to any port = 5060 -> (ng0) port 5060 round-robin nat on nfe0 inet from 192.168.200.0/24 to any -> (ng0) round-robin nat on ng0 inet from 192.168.200.0/24 to any -> (ng0) round-robin rdr-anchor "pftpx/*" all rdr-anchor "slb" all no rdr on ste0 proto tcp from any to <vpns> port = ftp rdr on ste0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8021 rdr on ng0 inet proto tcp from any to any port = http -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = http -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = http -> 127.0.0.1 port 19000 rdr on ste0 inet proto udp from any to any port = http -> 127.0.0.1 port 19001 rdr on ng0 inet proto tcp from any to any port = 27015 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27015 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27015 -> 127.0.0.1 port 19002 rdr on ste0 inet proto udp from any to any port = 27015 -> 127.0.0.1 port 19003 rdr on ng0 inet proto tcp from any to any port = 27010 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27010 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27010 -> 127.0.0.1 port 19004 rdr on ste0 inet proto udp from any to any port = 27010 -> 127.0.0.1 port 19005 rdr on ng0 inet proto tcp from any to any port = 27011 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27011 -> 127.0.0.1 port 19006 rdr on ng0 inet proto tcp from any to any port = 27040 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27040 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27040 -> 127.0.0.1 port 19007 rdr on ste0 inet proto udp from any to any port = 27040 -> 127.0.0.1 port 19008 rdr on ng0 inet proto tcp from any to any port = 27025 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27025 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27025 -> 127.0.0.1 port 19009 rdr on ste0 inet proto udp from any to any port = 27025 -> 127.0.0.1 port 19010 rdr on ng0 inet proto tcp from any to any port = afs3-prserver -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = afs3-prserver -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = afs3-prserver -> 127.0.0.1 port 19011 rdr on ste0 inet proto udp from any to any port = afs3-prserver -> 127.0.0.1 port 19012 rdr on ng0 inet proto tcp from any to any port = 6003 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 6003 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 6003 -> 127.0.0.1 port 19013 rdr on ste0 inet proto udp from any to any port = 6003 -> 127.0.0.1 port 19014 rdr on ng0 inet proto tcp from any to any port = 27016 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27016 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27016 -> 127.0.0.1 port 19015 rdr on ste0 inet proto udp from any to any port = 27016 -> 127.0.0.1 port 19016 rdr on ng0 inet proto tcp from any to 217.197.240.43 port = 27960 -> 192.168.200.1 rdr on ng0 inet proto udp from any to 217.197.240.43 port = 27960 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to 217.197.240.43 port = 27960 -> 127.0.0.1 port 19017 rdr on ste0 inet proto udp from any to 217.197.240.43 port = 27960 -> 127.0.0.1 port 19018 rdr on ng0 inet proto tcp from any to any port = 27017 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27017 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27017 -> 127.0.0.1 port 19019 rdr on ste0 inet proto udp from any to any port = 27017 -> 127.0.0.1 port 19020 rdr on ng0 inet proto tcp from any to any port = 27018 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27018 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27018 -> 127.0.0.1 port 19021 rdr on ste0 inet proto udp from any to any port = 27018 -> 127.0.0.1 port 19022 rdr on ng0 inet proto tcp from any to any port = 27019 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27019 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27019 -> 127.0.0.1 port 19023 rdr on ste0 inet proto udp from any to any port = 27019 -> 127.0.0.1 port 19024 rdr on ng0 inet proto tcp from any to any port = 27020 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27020 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27020 -> 127.0.0.1 port 19025 rdr on ste0 inet proto udp from any to any port = 27020 -> 127.0.0.1 port 19026 rdr on ng0 inet proto tcp from any to any port = 27030 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27030 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27030 -> 127.0.0.1 port 19027 rdr on ste0 inet proto udp from any to any port = 27030 -> 127.0.0.1 port 19028 rdr on ng0 inet proto tcp from any to any port = 27021 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27021 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27021 -> 127.0.0.1 port 19029 rdr on ste0 inet proto udp from any to any port = 27021 -> 127.0.0.1 port 19030 rdr on ng0 inet proto tcp from any to any port = 27031 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27031 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27031 -> 127.0.0.1 port 19031 rdr on ste0 inet proto udp from any to any port = 27031 -> 127.0.0.1 port 19032 rdr on ng0 inet proto tcp from any to any port = 27022 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27022 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27022 -> 127.0.0.1 port 19033 rdr on ste0 inet proto udp from any to any port = 27022 -> 127.0.0.1 port 19034 rdr on ng0 inet proto tcp from any to any port = 52001 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 52001 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 52001 -> 127.0.0.1 port 19035 rdr on ste0 inet proto udp from any to any port = 52001 -> 127.0.0.1 port 19036 rdr on ng0 inet proto tcp from any to any port = 27032 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27032 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27032 -> 127.0.0.1 port 19037 rdr on ste0 inet proto udp from any to any port = 27032 -> 127.0.0.1 port 19038 rdr on ng0 inet proto tcp from any to any port = 27033 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27033 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27033 -> 127.0.0.1 port 19039 rdr on ste0 inet proto udp from any to any port = 27033 -> 127.0.0.1 port 19040 rdr on ng0 inet proto tcp from any to any port = 27035 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27035 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27035 -> 127.0.0.1 port 19041 rdr on ste0 inet proto udp from any to any port = 27035 -> 127.0.0.1 port 19042 rdr on ng0 inet proto tcp from any to any port = 27036 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27036 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27036 -> 127.0.0.1 port 19043 rdr on ste0 inet proto udp from any to any port = 27036 -> 127.0.0.1 port 19044 rdr on ng0 inet proto tcp from any to any port = 27037 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27037 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27037 -> 127.0.0.1 port 19045 rdr on ste0 inet proto udp from any to any port = 27037 -> 127.0.0.1 port 19046 rdr on ng0 inet proto tcp from any to any port = 27038 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27038 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27038 -> 127.0.0.1 port 19047 rdr on ste0 inet proto udp from any to any port = 27038 -> 127.0.0.1 port 19048 rdr on ng0 inet proto tcp from any to any port = 27039 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27039 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27039 -> 127.0.0.1 port 19049 rdr on ste0 inet proto udp from any to any port = 27039 -> 127.0.0.1 port 19050 rdr on ng0 inet proto tcp from any to any port = 27041 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27041 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27041 -> 127.0.0.1 port 19051 rdr on ste0 inet proto udp from any to any port = 27041 -> 127.0.0.1 port 19052 rdr on ng0 inet proto tcp from any to any port = 27042 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27042 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27042 -> 127.0.0.1 port 19053 rdr on ste0 inet proto udp from any to any port = 27042 -> 127.0.0.1 port 19054 rdr on ng0 inet proto tcp from any to any port = 27043 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27043 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27043 -> 127.0.0.1 port 19055 rdr on ste0 inet proto udp from any to any port = 27043 -> 127.0.0.1 port 19056 rdr on ng0 inet proto tcp from any to any port = 27044 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27044 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27044 -> 127.0.0.1 port 19057 rdr on ste0 inet proto udp from any to any port = 27044 -> 127.0.0.1 port 19058 rdr on ng0 inet proto tcp from any to any port = 27045 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27045 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27045 -> 127.0.0.1 port 19059 rdr on ste0 inet proto udp from any to any port = 27045 -> 127.0.0.1 port 19060 rdr on ng0 inet proto tcp from any to any port = 27046 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27046 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27046 -> 127.0.0.1 port 19061 rdr on ste0 inet proto udp from any to any port = 27046 -> 127.0.0.1 port 19062 rdr on ng0 inet proto tcp from any to any port = 27047 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27047 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27047 -> 127.0.0.1 port 19063 rdr on ste0 inet proto udp from any to any port = 27047 -> 127.0.0.1 port 19064 rdr on ng0 inet proto tcp from any to any port = 27048 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27048 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27048 -> 127.0.0.1 port 19065 rdr on ste0 inet proto udp from any to any port = 27048 -> 127.0.0.1 port 19066 rdr on ng0 inet proto tcp from any to any port = ssh -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = ssh -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = ssh -> 127.0.0.1 port 19067 rdr on ste0 inet proto udp from any to any port = ssh -> 127.0.0.1 port 19068 rdr on ng0 inet proto tcp from any to any port = 10000 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 10000 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 10000 -> 127.0.0.1 port 19069 rdr on ste0 inet proto udp from any to any port = 10000 -> 127.0.0.1 port 19070 rdr on ng0 inet proto tcp from any to 217.197.240.43 port = ftp-data -> 192.168.200.1 rdr on ng0 inet proto udp from any to 217.197.240.43 port = ftp-data -> 192.168.200.1 rdr on ste0 inet proto tcp from any to 217.197.240.43 port = ftp-data -> 127.0.0.1 port 19071 rdr on ste0 inet proto udp from any to 217.197.240.43 port = ftp-data -> 127.0.0.1 port 19072 rdr-anchor "imspector" all rdr-anchor "miniupnpd" all rdr on ste0 inet proto tcp from any to (ste0) port = 3128 -> 127.0.0.1 port 3128 rdr on ng0 inet proto tcp from any to (ng0) port = 3128 -> 127.0.0.1 port 3128</vpns> -
Забавно… а скриншот nat port-forward пожалуйста
-
он у меня большой
http://cs.ms-home.ru/01.jpeg
http://cs.ms-home.ru/02.jpeg
http://cs.ms-home.ru/03.jpeg -
замени any на wan interface в Nat->port forwad
-
замени any на wan interface в Nat->port forwad
Заменить any на interface address?
Я заменил, снял галочку с Disable NAT Reflection.
Интерент появился. А вот локальные ресурсы нет. -
Интерент появился. А вот локальные ресурсы нет.
подробнее пожалуйста, как тестируем локальные ресурсы?
-
Захожу на комп, который находится в локальной сети. Проверяю инет, есть. Набираю сайт который находится на сервере 192.168.200.1.
(Но при наборе ping с этого же компа, который находится в локальной сети. Я получаю не ip 192.168.200.1, а прямой ip который я арендую.)
Сайт не виден… Он долго думает, а потом пишет: Невозможно отобразить страницу -
тогда ещё разок
скинь мнеpfctl -sr pfctl -snгалка убрана.
-
$ pfctl -sr scrub all random-id max-mss 1452 fragment reassemble anchor "ftpsesame/*" all anchor "firewallrules" all block drop quick proto tcp from any port = 0 to any block drop quick proto udp from any port = 0 to any block drop quick proto tcp from any to any port = 0 block drop quick proto udp from any to any port = 0 block drop quick from <snort2c> to any label "Block snort2c hosts" block drop quick from any to <snort2c> label "Block snort2c hosts" anchor "loopback" all pass in quick on lo0 all flags S/SA keep state label "pass loopback" pass out quick on lo0 all flags S/SA keep state label "pass loopback" anchor "packageearly" all anchor "carp" all pass quick inet proto icmp from 217.197.240.43 to any keep state pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19000 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19001 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19002 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19003 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19004 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19005 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19006 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19007 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19008 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19009 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19010 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19011 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19012 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19013 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19014 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19015 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19016 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19017 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19018 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19019 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19020 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19021 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19022 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19023 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19024 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19025 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19026 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19027 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19028 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19029 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19030 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19031 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19032 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19033 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19034 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19035 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19036 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19037 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19038 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19039 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19040 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19041 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19042 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19043 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19044 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19045 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19046 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19047 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19048 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19049 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19050 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19051 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19052 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19053 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19054 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19055 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19056 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19057 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19058 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19059 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19060 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19061 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19062 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19063 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19064 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19065 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19066 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19067 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19068 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19069 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19070 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19071 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19072 keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = 19073 flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" pass in quick on ste0 inet proto udp from any to 127.0.0.1 port = 19074 keep state label "NAT REFLECT: Allow traffic to localhost" anchor "dhcpserverlan" all pass in quick on ste0 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server on LAN" pass in quick on ste0 inet proto udp from any port = bootpc to 192.168.200.254 port = bootps keep state label "allow access to DHCP server on LAN" pass out quick on ste0 inet proto udp from 192.168.200.254 port = bootps to any port = bootpc keep state label "allow access to DHCP server on LAN" block drop in log quick on nfe0 inet proto udp from any port = bootps to 192.168.200.0/24 port = bootpc label "block dhcp client out wan" block drop in log quick on ng0 inet proto udp from any port = bootps to 192.168.200.0/24 port = bootpc label "block dhcp client out wan" pass in quick on nfe0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out wan" pass in quick on ng0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out wan" block drop in on ! ste0 inet from 192.168.200.0/24 to any block drop in on ste0 inet6 from fe80::22cf:30ff:feb6:c1b1 to any block drop in inet from 192.168.200.254 to any anchor "spoofing" all anchor "limitingesr" all block drop in quick from <virusprot> to any label "virusprot overload table" pass out quick on ste0 proto icmp all keep state label "let out anything from firewall host itself" pass out quick on nfe0 proto icmp all keep state label "let out anything from firewall host itself" pass out quick on ng0 proto icmp all keep state label "let out anything from firewall host itself" pass out quick on ng0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself" anchor "firewallout" all pass out quick on nfe0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass out quick on ng0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass out quick on ste0 all flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass out quick on enc0 all flags S/SA keep state label "IPSEC internal host to host" pass out quick on ng0 proto icmp all keep state label "let out anything from firewall host itself" anchor "anti-lockout" all pass in quick on ste0 inet from any to 192.168.200.254 flags S/SA keep state label "anti-lockout web rule" block drop in log proto tcp from <sshlockout> to any port = ssh label "sshlockout" anchor "ftpproxy" all anchor "pftpx/*" all pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = http flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = http keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = http flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = http keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto icmp all keep state label "USER_RULE" pass in quick on ng0 inet proto icmp all keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27015 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27015 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27015 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27015 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27010 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27010 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27010 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27010 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27011 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27011 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27011 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27011 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27025 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27025 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27025 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27025 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = afs3-prserver flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = afs3-prserver keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = afs3-prserver flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = afs3-prserver keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 6003 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 6003 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 6003 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 6003 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27016 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27016 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27016 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27016 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27960 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27960 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27960 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27960 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27017 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27017 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27017 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27017 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27018 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27018 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27018 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27018 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27030 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27030 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27030 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27030 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27019 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27019 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27019 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27019 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27020 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27020 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27020 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27020 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27021 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27021 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27021 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27021 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27031 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27031 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27031 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27031 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27022 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27022 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27022 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27022 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 52001 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 52001 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 52001 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 52001 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27032 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27032 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27032 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27032 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27033 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27033 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27033 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27033 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27035 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27035 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27035 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27035 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27036 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27036 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27036 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27036 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27037 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27037 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27037 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27037 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27038 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27038 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27038 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27038 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27039 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27039 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27039 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27039 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27040 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27040 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27041 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27041 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27041 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27041 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27042 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27042 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27042 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27042 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27043 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27043 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27043 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27043 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27044 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27044 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27044 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27044 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27045 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27045 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27045 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27045 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27046 flags S/SA keep state label "USER_RULE" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27046 keep state label "USER_RULE" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27046 flags S/SA keep state label "USER_RULE" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27046 keep state label "USER_RULE" pass in quick on nfe0 inet proto tcp from 89.20.141.32 to 192.168.200.1 port = ssh flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from 89.20.141.32 to 192.168.200.1 port = ssh keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from 89.20.141.32 to 192.168.200.1 port = ssh flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from 89.20.141.32 to 192.168.200.1 port = ssh keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 10000 flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 10000 keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 10000 flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 10000 keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27047 flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27047 keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27047 flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27047 keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = 27048 flags S/SA keep state label "USER_RULE: NAT Virtual_Server_CS_27048" pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = 27048 keep state label "USER_RULE: NAT Virtual_Server_CS_27048" pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = 27048 flags S/SA keep state label "USER_RULE: NAT Virtual_Server_CS_27048" pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = 27048 keep state label "USER_RULE: NAT Virtual_Server_CS_27048" pass in quick on ste0 inet from 192.168.200.0/24 to any flags S/SA keep state label "USER_RULE: Default LAN -> any" pass in quick on ste0 inet proto tcp from 192.168.200.0/24 to 127.0.0.1 port 7999 >< 8031 flags S/SA keep state label "USER_RULE: FTP-LAN-INNET" pass in quick on ste0 inet proto udp from 192.168.200.0/24 to 127.0.0.1 port 7999 >< 8031 keep state label "USER_RULE: FTP-LAN-INNET" pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = ftp flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = ftp keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = ftp flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = ftp keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto tcp from any to 217.197.240.43 port = ftp flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 217.197.240.43 port = ftp keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 217.197.240.43 port = ftp flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 217.197.240.43 port = ftp keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto tcp from any to 192.168.200.1 port = ftp-data flags S/SA keep state label "USER_RULE: NAT " pass in quick on nfe0 inet proto udp from any to 192.168.200.1 port = ftp-data keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto tcp from any to 192.168.200.1 port = ftp-data flags S/SA keep state label "USER_RULE: NAT " pass in quick on ng0 inet proto udp from any to 192.168.200.1 port = ftp-data keep state label "USER_RULE: NAT " pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = ftp-proxy flags S/SA keep state label "FTP PROXY: Allow traffic to localhost" pass in quick on ste0 inet proto tcp from any to 127.0.0.1 port = ftp flags S/SA keep state label "FTP PROXY: Allow traffic to localhost" pass in quick on ng0 inet proto tcp from any port = ftp-data to (ng0) port > 49000 flags S/SA keep state label "FTP PROXY: PASV mode data connection" pass in quick on ng0 inet proto tcp from any to (ng0) port > 49000 flags S/SA keep state label "FTP PROXY: RFC959 violation workaround" anchor "imspector" all anchor "miniupnpd" all block drop in log quick all label "Default block all just to be sure." block drop out log quick all label "Default block all just to be sure."</sshlockout></virusprot></snort2c></snort2c>$ pfctl -sn nat-anchor "pftpx/*" all nat-anchor "natearly/*" all nat-anchor "natrules/*" all nat on nfe0 inet from 192.168.200.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin nat on ng0 inet from 192.168.200.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin nat on nfe0 inet from 192.168.200.0/24 port = 5060 to any port = 5060 -> (ng0) port 5060 round-robin nat on ng0 inet from 192.168.200.0/24 port = 5060 to any port = 5060 -> (ng0) port 5060 round-robin nat on nfe0 inet from 192.168.200.0/24 to any -> (ng0) round-robin nat on ng0 inet from 192.168.200.0/24 to any -> (ng0) round-robin rdr-anchor "pftpx/*" all rdr-anchor "slb" all no rdr on ste0 proto tcp from any to <vpns> port = ftp rdr on ste0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8021 rdr on ng0 inet proto tcp from any to 217.197.240.43 port = http -> 192.168.200.1 rdr on ng0 inet proto udp from any to 217.197.240.43 port = http -> 192.168.200.1 rdr on ste0 inet proto tcp from any to 217.197.240.43 port = http -> 127.0.0.1 port 19000 rdr on ste0 inet proto udp from any to 217.197.240.43 port = http -> 127.0.0.1 port 19001 rdr on ng0 inet proto tcp from any to any port = 27015 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27015 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27015 -> 127.0.0.1 port 19002 rdr on ste0 inet proto udp from any to any port = 27015 -> 127.0.0.1 port 19003 rdr on ng0 inet proto tcp from any to any port = 27010 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27010 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27010 -> 127.0.0.1 port 19004 rdr on ste0 inet proto udp from any to any port = 27010 -> 127.0.0.1 port 19005 rdr on ng0 inet proto tcp from any to any port = 27011 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27011 -> 127.0.0.1 port 19006 rdr on ng0 inet proto tcp from any to any port = 27040 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27040 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27040 -> 127.0.0.1 port 19007 rdr on ste0 inet proto udp from any to any port = 27040 -> 127.0.0.1 port 19008 rdr on ng0 inet proto tcp from any to any port = 27025 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27025 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27025 -> 127.0.0.1 port 19009 rdr on ste0 inet proto udp from any to any port = 27025 -> 127.0.0.1 port 19010 rdr on ng0 inet proto tcp from any to any port = afs3-prserver -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = afs3-prserver -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = afs3-prserver -> 127.0.0.1 port 19011 rdr on ste0 inet proto udp from any to any port = afs3-prserver -> 127.0.0.1 port 19012 rdr on ng0 inet proto tcp from any to any port = 6003 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 6003 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 6003 -> 127.0.0.1 port 19013 rdr on ste0 inet proto udp from any to any port = 6003 -> 127.0.0.1 port 19014 rdr on ng0 inet proto tcp from any to any port = 27016 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27016 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27016 -> 127.0.0.1 port 19015 rdr on ste0 inet proto udp from any to any port = 27016 -> 127.0.0.1 port 19016 rdr on ng0 inet proto tcp from any to 217.197.240.43 port = 27960 -> 192.168.200.1 rdr on ng0 inet proto udp from any to 217.197.240.43 port = 27960 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to 217.197.240.43 port = 27960 -> 127.0.0.1 port 19017 rdr on ste0 inet proto udp from any to 217.197.240.43 port = 27960 -> 127.0.0.1 port 19018 rdr on ng0 inet proto tcp from any to any port = 27017 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27017 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27017 -> 127.0.0.1 port 19019 rdr on ste0 inet proto udp from any to any port = 27017 -> 127.0.0.1 port 19020 rdr on ng0 inet proto tcp from any to any port = 27018 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27018 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27018 -> 127.0.0.1 port 19021 rdr on ste0 inet proto udp from any to any port = 27018 -> 127.0.0.1 port 19022 rdr on ng0 inet proto tcp from any to any port = 27019 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27019 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27019 -> 127.0.0.1 port 19023 rdr on ste0 inet proto udp from any to any port = 27019 -> 127.0.0.1 port 19024 rdr on ng0 inet proto tcp from any to any port = 27020 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27020 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27020 -> 127.0.0.1 port 19025 rdr on ste0 inet proto udp from any to any port = 27020 -> 127.0.0.1 port 19026 rdr on ng0 inet proto tcp from any to any port = 27030 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27030 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27030 -> 127.0.0.1 port 19027 rdr on ste0 inet proto udp from any to any port = 27030 -> 127.0.0.1 port 19028 rdr on ng0 inet proto tcp from any to any port = 27021 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27021 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27021 -> 127.0.0.1 port 19029 rdr on ste0 inet proto udp from any to any port = 27021 -> 127.0.0.1 port 19030 rdr on ng0 inet proto tcp from any to any port = 27031 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27031 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27031 -> 127.0.0.1 port 19031 rdr on ste0 inet proto udp from any to any port = 27031 -> 127.0.0.1 port 19032 rdr on ng0 inet proto tcp from any to any port = 27022 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27022 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27022 -> 127.0.0.1 port 19033 rdr on ste0 inet proto udp from any to any port = 27022 -> 127.0.0.1 port 19034 rdr on ng0 inet proto tcp from any to any port = 52001 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 52001 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 52001 -> 127.0.0.1 port 19035 rdr on ste0 inet proto udp from any to any port = 52001 -> 127.0.0.1 port 19036 rdr on ng0 inet proto tcp from any to any port = 27032 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27032 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27032 -> 127.0.0.1 port 19037 rdr on ste0 inet proto udp from any to any port = 27032 -> 127.0.0.1 port 19038 rdr on ng0 inet proto tcp from any to any port = 27033 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27033 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27033 -> 127.0.0.1 port 19039 rdr on ste0 inet proto udp from any to any port = 27033 -> 127.0.0.1 port 19040 rdr on ng0 inet proto tcp from any to any port = 27035 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27035 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27035 -> 127.0.0.1 port 19041 rdr on ste0 inet proto udp from any to any port = 27035 -> 127.0.0.1 port 19042 rdr on ng0 inet proto tcp from any to any port = 27036 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27036 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27036 -> 127.0.0.1 port 19043 rdr on ste0 inet proto udp from any to any port = 27036 -> 127.0.0.1 port 19044 rdr on ng0 inet proto tcp from any to any port = 27037 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27037 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27037 -> 127.0.0.1 port 19045 rdr on ste0 inet proto udp from any to any port = 27037 -> 127.0.0.1 port 19046 rdr on ng0 inet proto tcp from any to any port = 27038 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27038 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27038 -> 127.0.0.1 port 19047 rdr on ste0 inet proto udp from any to any port = 27038 -> 127.0.0.1 port 19048 rdr on ng0 inet proto tcp from any to any port = 27039 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27039 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27039 -> 127.0.0.1 port 19049 rdr on ste0 inet proto udp from any to any port = 27039 -> 127.0.0.1 port 19050 rdr on ng0 inet proto tcp from any to any port = 27041 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27041 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27041 -> 127.0.0.1 port 19051 rdr on ste0 inet proto udp from any to any port = 27041 -> 127.0.0.1 port 19052 rdr on ng0 inet proto tcp from any to any port = 27042 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27042 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27042 -> 127.0.0.1 port 19053 rdr on ste0 inet proto udp from any to any port = 27042 -> 127.0.0.1 port 19054 rdr on ng0 inet proto tcp from any to any port = 27043 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27043 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27043 -> 127.0.0.1 port 19055 rdr on ste0 inet proto udp from any to any port = 27043 -> 127.0.0.1 port 19056 rdr on ng0 inet proto tcp from any to any port = 27044 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27044 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27044 -> 127.0.0.1 port 19057 rdr on ste0 inet proto udp from any to any port = 27044 -> 127.0.0.1 port 19058 rdr on ng0 inet proto tcp from any to any port = 27045 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27045 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27045 -> 127.0.0.1 port 19059 rdr on ste0 inet proto udp from any to any port = 27045 -> 127.0.0.1 port 19060 rdr on ng0 inet proto tcp from any to any port = 27046 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27046 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27046 -> 127.0.0.1 port 19061 rdr on ste0 inet proto udp from any to any port = 27046 -> 127.0.0.1 port 19062 rdr on ng0 inet proto tcp from any to any port = 27047 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27047 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27047 -> 127.0.0.1 port 19063 rdr on ste0 inet proto udp from any to any port = 27047 -> 127.0.0.1 port 19064 rdr on ng0 inet proto tcp from any to any port = 27048 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 27048 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 27048 -> 127.0.0.1 port 19065 rdr on ste0 inet proto udp from any to any port = 27048 -> 127.0.0.1 port 19066 rdr on ng0 inet proto tcp from any to any port = ssh -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = ssh -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = ssh -> 127.0.0.1 port 19067 rdr on ste0 inet proto udp from any to any port = ssh -> 127.0.0.1 port 19068 rdr on ng0 inet proto tcp from any to any port = 10000 -> 192.168.200.1 rdr on ng0 inet proto udp from any to any port = 10000 -> 192.168.200.1 rdr on ste0 inet proto tcp from any to any port = 10000 -> 127.0.0.1 port 19069 rdr on ste0 inet proto udp from any to any port = 10000 -> 127.0.0.1 port 19070 rdr on ng0 inet proto tcp from any to 217.197.240.43 port = ftp-data -> 192.168.200.1 rdr on ng0 inet proto udp from any to 217.197.240.43 port = ftp-data -> 192.168.200.1 rdr on ste0 inet proto tcp from any to 217.197.240.43 port = ftp-data -> 127.0.0.1 port 19071 rdr on ste0 inet proto udp from any to 217.197.240.43 port = ftp-data -> 127.0.0.1 port 19072 rdr-anchor "imspector" all rdr-anchor "miniupnpd" all rdr on ste0 inet proto tcp from any to (ste0) port = 3128 -> 127.0.0.1 port 3128 rdr on ng0 inet proto tcp from any to (ng0) port = 3128 -> 127.0.0.1 port 3128</vpns> -
странно, должно вроде работать.
придётся тисипидампитьtcpdump -ni ste0 host 192.168.20.xx возьми из ip компьютера, с которого тестируешь.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.