ребята есть конфиг IPFW ситема FreeBSD.
уже со многим разобрался но вот по какой-то причине не идут udp пакеты через интернет сервер.я пробовал настраивать divert но в меру своей не компетентности не могу понять почему не хочет работать.
суть задачи такова. есть лоакальная сеть 192.168.33.0/24 в ней надо для компа 192.168.33.67 открыть все порты для выхода в инет. но так как сервер настраивался не мной. мне тяжело понять что и как было накручено.
внешний интерфейс em0 и внутрненний rl0
00100 allow ip from any to any via lo0
00110 check-state
00290 allow tcp from 213.59.86.82 to me dst-port 22,25,80,110,3128 setup
00300 allow tcp from 84.204.29.195 to me dst-port 22,25,80,110,3128 setup
00310 allow tcp from 84.204.29.198 to me dst-port 22,25,80,3128 setup
00320 allow tcp from 89.179.126.189 to me dst-port 22,25,80,3128 setup
00321 allow tcp from 84.204.35.238 to me dst-port 22,25,80,1723,3128 setup
00322 allow gre from 84.204.35.238 to me
00323 allow tcp from 213.221.51.134 to me dst-port 22,25,80,3128 setup
00324 allow tcp from 92.255.44.130 to me dst-port 22,25,80,3128 setup
00325 allow ip from me to 213.59.86.82
00326 allow ip from 213.59.86.82 to me
00330 allow ip from me to 89.179.125.193
00332 allow ip from 89.179.125.193 to me
00334 allow ip from 91.122.76.249 to me
00336 allow ip from me to 91.122.76.249
00400 allow tcp from me to any dst-port 25,443 keep-state
00410 allow tcp from me to any dst-port 53 keep-state
00412 allow tcp from any to me dst-port 25,110,993,995,443,587,8443 keep-state
00420 allow udp from me to any dst-port 123,53
00422 allow udp from any 53,123 to me
00539 allow tcp from me to any dst-port 40226 setup
00540 allow tcp from any to me dst-port 20,21,25,40226 setup
00542 allow tcp from any to me dst-port 49152-65534 setup
00600 allow ip from 192.168.33.0/24 to 192.168.33.0/24 via rl0
00700 allow udp from any to me dst-port 8767 keep-state
20000 divert 8668 ip from any to any via em0
21000 allow tcp from me to any setup
21001 allow tcp from any to any established
21003 allow icmp from any to any
22234 allow gre from any to any
22610 allow ip from any to any via ng0 # как я понял это настрокай для впн
22612 allow ip from any to any via ng1
22614 allow ip from any to any via ng2
22615 allow ip from 192.168.33.29 to any
22616 allow ip from any to 192.168.33.29
22617 allow tcp from 192.168.33.29 to any dst-port 110
22618 allow tcp from any 110 to 192.168.33.29
22620 allow ip from 192.168.33.100 to any
22622 allow ip from any to 192.168.33.100
22623 allow ip from 192.168.33.21 to any
22623 allow ip from any to 192.168.33.21
22624 allow tcp from 192.168.33.21 to any dst-port 1723
22625 allow tcp from any 1723 to 192.168.33.21
22720 allow ip from 192.168.33.41 to any
22722 allow ip from any to 192.168.33.41
22724 allow tcp from 192.168.33.41 to any dst-port 443
22725 allow tcp from any 443 to 192.168.33.41
23616 allow ip from any to 192.168.33.5
23617 allow tcp from 192.168.33.5 to any dst-port 4899
23618 allow tcp from any 4899 to 192.168.33.5
25310 allow tcp from any to me dst-port 1723
25320 allow tcp from me 1723 to any
25410 allow tcp from any to me dst-port 4899
25420 allow tcp from me 4899 to any
26624 allow tcp from 192.168.33.10 to any setup
26700 allow tcp from any to 194.67.52.35 setup
26800 allow tcp from 192.168.33.29 to any setup
26800 allow tcp from 192.168.33.50 to any setup
26800 allow tcp from 192.168.33.45 to any setup
26800 allow tcp from 192.168.33.46 to any setup
26800 allow tcp from 192.168.33.21 to any setup
26800 allow tcp from 192.168.33.20 to any setup
26800 allow tcp from 192.168.33.39 to any setup
26808 allow tcp from 192.168.33.45 to any setup
26809 allow tcp from any to 192.168.33.45
26810 allow tcp from 192.168.33.43 to any dst-port 1723
26811 allow tcp from any to 192.168.33.69
26811 allow tcp from any 1723 to 192.168.33.43
26812 allow ip from 192.168.33.69 to any
26812 allow tcp from 192.168.33.25 to any dst-port 1723
26813 allow ip from any to 192.168.33.69
26813 allow tcp from any 1723 to 192.168.33.25
26814 allow tcp from 192.168.33.29 to any dst-port 1723
26815 allow tcp from any 1723 to 192.168.33.29
26816 allow tcp from 192.168.33.50 to any dst-port 1723
26817 allow tcp from any 1723 to 192.168.33.50
26818 allow tcp from 192.168.33.53 to any dst-port 1723
26819 allow tcp from any 1723 to 192.168.33.53
26820 allow tcp from 192.168.33.21 to any dst-port 1723
26821 allow tcp from any 1723 to 192.168.33.21
26822 allow tcp from 192.168.33.55 to any dst-port 1723
26823 allow tcp from any 1723 to 192.168.33.55
26924 allow tcp from 192.168.33.34 to any dst-port 1723
26925 allow tcp from any 1723 to 192.168.33.34
26926 allow ip from 192.168.33.34 to any
26927 allow ip from any to 192.168.33.34
27001 allow ip from 192.168.33.67 to any
27002 allow ip from any to 192.168.33.67
27003 allow ip from 192.168.33.33 to any
65535 deny ip from any to any
Вариант для распечатки
(??) on 02-Ноя-12, 15:00 
