Date: Mon, 19 Jul 2010 09:26:44 +0400 From: Mamontov Roman <mr.xanto@gmail.com> To: freebsd-ipfw@freebsd.org Subject: Problem with ipfw nat and packet to local services Message-ID: <893037983.20100719092644@gmail.com> In-Reply-To: <20100715183743.S86988@sola.nimnet.asn.au> References: <1931583025.20100715114512@gmail.com> <20100715183743.S86988@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Ian. > UDP port 33564 on this box (xxx.xxx.xxx.xxx) is not redirected to any > other address:port, and you have specified deny_in (-deny_incoming in > natd-speak) so, well, you got what you asked for .. > See the description under -deny_incoming and the explanation of what > happens to incoming packets under -alias_address in natd(8) .. the nat > description in ipfw(8) is still a bit thin, so natd(8) is still useful. > Without deny_in, new inbound packets should be passed to the local > machine - so you will then need firewall rules to restrict which local > ports are to be accessible for connections from the outside. > cheers, Ian I remove option deny_in from nat configuration. But inbound packets not passed to the local services. #ipfw nat show config ipfw nat 1 config ip xxx.xxx.xxx.xxx #ipfw show 00035 59 4703 nat 1 log ip from any to any via ext_if1 65000 510 44734 allow ip from any to any 65535 58083 11212917 deny ip from any to any -- Best regards, Mamontov Roman mailto:mr.xanto@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?893037983.20100719092644>