Freebsd, ipfw, nat, bind - как то напонятно работает шлюз...

DHCP глючит?

нет, адреса раздаются статично, дшсп не запущен.....

Самое интересное именно то что машыны клиентов - НЕ ПРЕГРУЖАЮТСЯ. тоесть - закрываем конкретную софтину - открываем заново - опа - заработало...

натятся клиенты чем? ipnat | natd?
конфиги хоть покажи.

rc.conf
-------------------------------------------------
gateway_enable="YES"
hostname="bdc.zlata.local"
ifconfig_ed0="DHCP"
ifconfig_rl0="inet 192.168.0.6 netmask 255.255.255.0"

tcp_extensions="NO"
tcp_extensions="NO"
ifconfig_rl0="inet 192.168.0.6 netmask 255.255.255.0"

tcp_extensions="NO"
tcp_drop_synfin="YES"
icmp_drop_redirect="YES"
icmp_log_redirect="YES"
firewall_enable="YES"
firewall_type="/usr/local/etc/firewall.conf"
natd_enable="YES"
natd_interface="tun0"

static_routes="pptp"
route_pptp="192.168.0.0/24 172.16.128.1"
vpn_enable="YES"

apache2_enable="YES"

named_enable="YES"
inetd_enable="YES"
linux_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
squid_enable="YES"
sendmail_enable="YES"
-------------------------------------------------------
firewall

# loopback
add pass all from any to any via lo0

# lan, internal
add pass all from any to any via rl0

# we should forward any http requests to our squid...
add fwd 127.0.0.1,3128 tcp from 192.168.0.0/24 to any 20,21,80,8080,8101

add divert natd all from any to any via tun0

#ICMP
add deny icmp from any to any frag
add deny icmp from any to any in icmptype 5,9,13,14,15,16,17
add pass icmp from any to any

# deny any inner ip packets on outer interface
add reject ip from 192.168.0.0/24 to any in via ed0

#connections established before firewall started
add pass tcp from any to any established

add allow tcp from any 1723 to any
add allow tcp from any to any 1723

add allow 47 from any to any

# we need dhcp for ed0
add pass udp from 172.16.128.1 to any 68 in via ed0
add pass udp from any to any 67 out via ed0

# Deny all inbound traffic from non-routable reserved address spaces
add deny all from 192.168.0.0/16 to any in via ed0 #RFC 1918 private IP
add deny all from 172.16.0.0/12 to any in via ed0 #RFC 1918 private IP
add deny all from 10.0.0.0/8 to any in via ed0 #RFC 1918 private IP
add deny all from 127.0.0.0/8 to any in via ed0 #loopback
add deny all from 0.0.0.0/8 to any in via ed0 #loopback
add deny all from 169.254.0.0/16 to any in via ed0 #DHCP auto-config
add deny all from 192.0.2.0/24 to any in via ed0 #reserved for docs
add deny all from 204.152.64.0/23 to any in via ed0 #Sun cluster interconnect
add deny all from 224.0.0.0/3 to any in via ed0 #Class D & E multicast



# Deny all Netbios service. 137=name, 138=datagram, 139=session
# Netbios is MS/Windows sharing services.
# Block MS/Windows hosts2 name server requests 81
add deny tcp from any to any 137,138,139,81 in via ed0
add deny udp from any to any 137,138,139,81 in via ed0

#DNS
add pass udp from me to any 53 out via tun0
add pass udp from any 53 to any in via tun0

#SMTP
add allow tcp from me to any 25 out via tun0

#POP3
add allow tcp from me to any 110 out via tun0
add allow tcp from me to any 995 out via tun0

#HTTPS
add pass tcp from me to any 443 out

add pass tcp from any 1025-65535 to any 20,21,80, 1024-65535 out via tun0
add pass udp from any 1025-65535 to any 20,21,80, 1024-65535 out via tun0

add deny log ip from any to any
----------------------------------------------------------------
вот примерно так.
может чего криво в конфигах - сорри, у меня не много опыта с файрволо строением...
может где дыры - подскажите....

Да у тебя, вроде бы всё нормально.. скорее всего проблема выше... У тебя что-то там с провайдером не ладно.. скорее всего..

Канал не падает?