При подключении по PPPoE, интерфейсу tun0 выдается адрес: 1.2.3.4
rl0 - внешняя сетевая подключенная к хабу провайдера.
xl0 - внутренняя сетеваяtun0 - 1.2.3.4
rl0 - 10.0.0.170
xl0 - 192.168.0.1
Конфиг файрвола:
00100 check-state
00200 deny log logamount 10 icmp from any to any in icmptypes 5,9,13,14,15,16,17
00210 deny log logamount 10 ip from 192.168.0.0/24 to any in via tun0
00220 deny log logamount 10 ip from any to any dst-port 135-139 via tun0
00230 deny log logamount 10 ip from any to me dst-port 3306,67,514,21,22,80 in via tun0
00300 allow ip from any to any via lo0
00310 allow tcp from me to any via tun0 keep-state
00320 allow icmp from any to any
00330 allow udp from me to any dst-port 53 keep-state
00340 allow udp from any to me dst-port 53
00350 allow ip from me to any
00400 allow tcp from 192.168.0.0/24 to me dst-port 80
00400 allow tcp from 192.168.0.0/24 to me dst-port 443
00400 allow tcp from 192.168.0.0/24 to me dst-port 22
00400 allow tcp from 192.168.0.0/24 to me dst-port 3128
00410 allow tcp from not 192.168.0.0/24 to me dst-port 25
00510 divert 8668 ip from 192.168.0.0/24 to any via tun0
00520 allow ip from 192.168.254.254 to any
01002 allow ip from 192.168.0.2 to any via xl0
01003 allow ip from 192.168.0.3 to any via xl0
01004 allow ip from 192.168.0.4 to any via xl0
01005 allow ip from 192.168.0.5 to any via xl0
01006 allow ip from 192.168.0.6 to any via xl0
01007 allow ip from 192.168.0.7 to any via xl0
01008 allow ip from 192.168.0.8 to any via xl0
01009 allow ip from 192.168.0.9 to any via xl0
01100 allow ip from 192.168.0.100 to any via xl0
65530 deny log logamount 10 ip from any to any
65535 deny ip from any to any
Пинг не проходит с внутренней сетки...
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
on 16-Ноя-06, 06:32 
