Вопрос о проксе

net.inet.ip.forwarding=1
net.inet.ip.fw.one_pass=0

....
gateway_enable="YES"
....
natd_enable="YES"
natd_interface="rl0"
firewall_enable="YES"
firewall_script="/etc/rc.ipfw"
firewall_type="SERVER"
firewall_quiet="YES"
firewall_logging="YES"

[Ss][Ee][Rr][Vv][Ee][Rr])
        setup_loopback
        ${fwcmd} add deny icmp from any to any in icmptype 5,9,13,14,15,16,17
        ${fwcmd} add deny icmp from any to any frag
.......
правила для роутера
.......
        case ${natd_enable} in
        [Yy][Ee][Ss])
                if [ -n "${natd_interface}" ]; then
                        ${fwcmd} add divert natd ip4 from any to any via ${natd_interface}
                fi
                ;;
        esac
.......
правила для сети
.......
       ${fwcmd} add pass tcp from any to any established
        #PING
        ${fwcmd} add pass icmp from any to any
        #DNS
        ${fwcmd} add pass udp from any to any 53
        ${fwcmd} add pass udp from any 53 to any
        ${fwcmd} add pass tcp from any to any 53 setup
        #HTTP
        ${fwcmd} add pass tcp from any to any 80,8080
        ${fwcmd} add pass tcp from any 80,8080 to any
        #HTTPS
        ${fwcmd} add pass tcp from 10.0.0.0/23 to any 443
        ${fwcmd} add pass tcp from any 443 to 10.0.0.0/23
        # POP3
        ${fwcmd} add pass tcp from any to any 110
        ${fwcmd} add pass tcp from any 110 to any
        # IMAP
        ${fwcmd} add pass tcp from any to any 143
        ${fwcmd} add pass tcp from any 143 to any
        # IMAP-NEWS
        ${fwcmd} add pass tcp from any to any 119
        ${fwcmd} add pass tcp from any 119 to any
        # SSH
        ${fwcmd} add pass tcp from any to any 22
        ${fwcmd} add pass tcp from any 22 to any
        # ICQ
        ${fwcmd} add pass all from any to any 5190
        ${fwcmd} add pass all from any 5190 to any
        # MSN
        ${fwcmd} add pass all from any to any 1863
        ${fwcmd} add pass all from any 1863 to any
        ${fwcmd} add deny log all from any to any <---------- это для отладки
        ${fwcmd} add deny all from any to any
        ;;

!ipfw
*.*                                             /var/log/ipfw.log