BSD 5.4下ipfilter的问题

我的网络环境是
以太网，ISP 绑定IP MAC
xl0 连接外网（MAC ISP以绑定） fxp0连接内网
主机
BSD 5.4 MINI 安装
内核加入
options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK

/etc/rc.conf

hostname="x286.org"
defaultrouter="172.31.112.1"
ifconfig_xl0="inet 172.31.112.90 netmask 255.255.0.0"
gateway_enable="YES"
ifconfig_fxp0="inet 192.168.0.1 netmask 255.255.0.0"
ipfilter_enables=”YES”
ipf –C –f /etc/ipf.rules
ipfilter_flags=”-E”

ipnat_enable=”YES”
ipnat_program=”/sbin/ipnat –CF -f”
ipnat_rules=”/etc/ipnat.rules”

ipmon_enable=”YES”
ipmon_flags=”-D /var/log/ipfilter.log”

/etc/ipf.rulse

pass out on xl0 all
pass in on xlo all
pass out on fxp0 all
pass in on fxp0 all


/etc/ipnat.rulse

map rl1 192.168.0.0/24 -> 172.31.112.90/32 portmap tcp/udp 10000:39999
map rl1 192.168.0.0/24 -> 172.31.112.90/32


客户机
用的是网卡和 FXP0 直连
网络设置
IP 192.168.0.12
255.255.255.0
网关 192.168.0.1

DNS 202.96.64.68

无法正常上网
PING 192.168.0.1 可以 PING 通
请问各位
问题出在哪里~~~~~~~~~~~~~~~~~~~~谢谢

pass out on fxp1 all
pass in on fxp1 all

在etc/ipf.rules里加上这因为你内核中默认阻隔所有连接.

在etc/ipnat.rules里在加上
map xl0 192.168.0.0/24 -> 61.xxx.xxx.xxx/32 proxy port ftp ftp/tcp
map xl0 192.168.0.0/24 -> 61.xxx.xxx.xx/32 portmap tcp/udp 10000:65000
map xl0 192.168.0.0/24 -> 61.xxx.xx.xxx.xx32

/etc/ipf.rulse rules????

pass out all
pass in all

/etc/ipnat.rulse rules???
map xl0 192.168.0.0/24 -> 172.31.112.90/32 proxy port ftp ftp/tcp
map rl1 192.168.0.0/24 -> 172.31.112.90/32 portmap tcp/udp 10000:39999
map rl1 192.168.0.0/24 -> 172.31.112.90/32

rc.conf的ipf改为
ipfilter_flags=””
ipfilter_rules="/etc/ipf.rules"