Last active
July 12, 2019 07:33
-
-
Save dmarov/444599e1465b74b2955db03539e16d11 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ISP1_IF="tun0" | |
ISP2_IF="vr1" | |
LAN_IF="vr0" | |
REDIRECT_PORTS="redirect_port tcp 127.0.0.1:8088 80 | |
redirect_port tcp 192.168.0.3:443 443 | |
redirect_port tcp 192.168.0.4:25 25 | |
redirect_port tcp 192.168.0.4:587 587 | |
redirect_port tcp 192.168.0.4:465 465 | |
redirect_port tcp 192.168.0.4:143 143 | |
redirect_port tcp 192.168.0.4:993 993 | |
redirect_port tcp 192.168.0.4:110 110 | |
redirect_port tcp 192.168.0.11:8008 8008 | |
redirect_port tcp 192.168.0.11:8448 8448 | |
redirect_port tcp 192.168.0.5:3000 55000" | |
ipfw nat 1 config if ${ISP1_IF} deny_in reset same_ports ${REDIRECT_PORTS} | |
ipfw nat 2 config if ${ISP2_IF} deny_in reset same_ports ${REDIRECT_PORTS} | |
ipfw add 00300 check-state :isp1 | |
ipfw add 00400 check-state :isp2 | |
ipfw add 00500 set 1 skipto 02000 all from any to any in recv ${LAN_IF} | |
ipfw add 00500 set 2 skipto 03000 all from any to any in recv ${LAN_IF} | |
ipfw add 01000 skipto 02000 all from any to any in recv ${ISP1_IF} | |
ipfw add 01100 skipto 03000 all from any to any in recv ${ISP2_IF} | |
ipfw add 01200 skipto 02000 all from any to any out xmit ${ISP1_IF} | |
ipfw add 01300 skipto 03000 all from any to any out xmit ${ISP2_IF} | |
ipfw add 01400 skipto 04000 all from any to any | |
# 2000 - 2999 : isp1 | |
# nat | |
ipfw add 02000 nat 1 log logamount 30 all from any to any in recv ${ISP1_IF} | |
ipfw add 02100 skipto 02200 all from any to any keep-state :isp1 | |
ipfw add 02200 setfib 0 all from any to any in recv ${LAN_IF} | |
ipfw add 02300 setfib 0 all from 127.0.0.1 to any out | |
# nat | |
ipfw add 02400 nat 1 all from any to any out xmit ${ISP1_IF} | |
ipfw add 02500 skipto 04000 all from any to any out xmit ${ISP1_IF} | |
# nat | |
ipfw add 02600 nat 1 all from 127.0.0.1 to any out | |
ipfw add 02999 skipto 04000 all from any to any | |
# 3000 - 3999 : isp2 | |
ipfw add 03000 nat 2 all from any to any in recv ${ISP2_IF} | |
ipfw add 03100 skipto 03200 all from any to any keep-state :isp2 | |
ipfw add 03200 setfib 1 all from any to any in recv ${LAN_IF} | |
ipfw add 03300 setfib 1 all from 127.0.0.1 to any | |
ipfw add 03400 nat 2 all from any to any out xmit ${ISP2_IF} | |
ipfw add 03500 skipto 04000 all from any to any out xmit ${ISP2_IF} | |
ipfw add 03600 nat 2 all from 127.0.0.1 to any out | |
ipfw add 03999 skipto 04000 all from any to any | |
ipfw add 60000 allow all from any to 127.0.0.1 8088 | |
ipfw add 61000 allow ip from any to any via lo0 | |
ipfw add 61010 deny ip from any to 127.0.0.0/8 | |
ipfw add 61020 deny ip from 127.0.0.0/8 to any | |
ipfw add 61030 deny ip from any to ::1 | |
ipfw add 61040 deny ip from ::1 to any | |
ipfw add 61050 allow ipv6-icmp from :: to ff02::/16 | |
ipfw add 61060 allow ipv6-icmp from fe80::/10 to fe80::/10 | |
ipfw add 61070 allow ipv6-icmp from fe80::/10 to ff02::/16 | |
ipfw add 61080 allow ipv6-icmp from any to any ip6 icmp6types 1 | |
ipfw add 61090 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 | |
ipfw add 65000 allow ip from any to any |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment