From owner-freebsd-questions@FreeBSD.ORG Fri Nov 4 19:04:35 2005 Return-Path: X-Original-To: freebsd-questions@FreeBSD.org Delivered-To: freebsd-questions@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 927B416A41F for ; Fri, 4 Nov 2005 19:04:35 +0000 (GMT) (envelope-from efrenba@yahoo.es) Received: from web25512.mail.ukl.yahoo.com (web25512.mail.ukl.yahoo.com [217.146.177.89]) by mx1.FreeBSD.org (Postfix) with SMTP id E266C43D48 for ; Fri, 4 Nov 2005 19:04:34 +0000 (GMT) (envelope-from efrenba@yahoo.es) Received: (qmail 32815 invoked by uid 60001); 4 Nov 2005 19:04:33 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.es; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=tC33Mkij/iDkv7z+Jb7BD/OELmaQWxOsD/RBYCMol5ZsduWhJ2NCcNSMXlpZj9DP3w+lU07WiKpJgJX9Dp/556b3t+p/p6PbtVUnY6ty7CocTsOAhrnYXF5xv70zEv1YC6HwmIEVFk4SBMrMyiOvXWL+317KhdM8dxHX//gL3Kc= ; Message-ID: <20051104190433.32813.qmail@web25512.mail.ukl.yahoo.com> Received: from [64.59.144.88] by web25512.mail.ukl.yahoo.com via HTTP; Fri, 04 Nov 2005 20:04:33 CET Date: Fri, 4 Nov 2005 20:04:33 +0100 (CET) From: Efren Bravo To: freebsd-questions@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: ipf/ipnat problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Nov 2005 19:04:35 -0000 HI, Problem with ipf/ipnat. (PC1: 192.168.80.15) \\ (fbsd vr0 out if: 192.168.80.4) || (fbsd sis0 in if: 7.96.10.13) // (Internal LAN: 7.96.10.x) // (PC2: 7.96.10.200 - Telnet running) (PC3: 7.96.10.201 - Wev Srv running) IPF Rules: ---------- The same of handbook 25.5.13 Inclusive Rule Set Example but adjusted to PC2, PC3 Services. #Allow in Telnet from public LAN to fBSD Box pass in quick on vr0 proto tcp from any to any port = 22 flags S keep state #Allow in SSH from public LAN to PC2 pass in quick on vr0 proto tcp from any to any port = 23 flags S keep state #Allow in HTTP from public LAN to PC3 # pass in quick on vr0 proto tcp from any to any port = 80 flags S keep state IPNAT Rules (vr = out if): -------------------------- map vr0 7.96.10.0/24 -> 192.168.80.4/32 rdr vr0 192.168.80.4/32 port 23 -> 7.96.10.200 port 23 rdr vr0 192.168.80.4/32 port 80 -> 7.96.10.201 port 80 >From Internal LAN I've access to any services on public LAN. >From public LAN I've access to fBSD' ssh but haven't access to internal telnet, web server. Nevertheless I get those statistics: ipfstat -t: ----------- Source IP Destination IP ST PR #pkts #bytes ttl 192.168.80.15,3513 192.168.80.4,22 4/4 tcp 107 12141 119:59:59 192.168.80.15,3512 7.96.10.200,23 2/0 tcp 6 288 2:12 192.168.80.15,3510 7.96.10.201,80 2/0 tcp 6 288 2:00 ipnat -l: --------- List of active sessions: RDR 7.96.10.200 23 <- -> 192.168.80.4 23 [192.168.80.15 3512] RDR 7.96.10.201 80 <- -> 192.168.80.4 80 [192.168.80.15 3510] What clould be happening? Thanks... Efren Bravo. ______________________________________________ Renovamos el Correo Yahoo! Nuevos servicios, más seguridad http://correo.yahoo.es