Date: Wed, 10 Sep 2003 10:50:17 -0400 From: "Dennis B. Hopp" <dhopp@coreps.com> To: "'Michael Sierchio'" <kudzu@tenebras.com>, <freebsd-ipfw@freebsd.org> Subject: RE: ipfw - natd - Port Forwarding Message-ID: <000201c377aa$dccf61b0$0201a8c0@dennis> In-Reply-To: <3F5E5DC3.1030005@tenebras.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd- > ipfw@freebsd.org] On Behalf Of Michael Sierchio > Sent: Tuesday, September 09, 2003 7:10 PM > To: freebsd-ipfw@freebsd.org > Subject: Re: ipfw - natd - Port Forwarding > > A. Laziness, incapacity, neglect, MS Outlook, etc. Yup I was lazy...aren't we all? > Q. Then why do people do it? > A. No, it's not. Since I didn't have to nit pick at a bunch of different details I don't think it really mattered in this case. > Q. Is top-posting a good idea? > > Dennis B. Hopp wrote: > > Your firewall rules need to let it through too....I think something like > > this should work (it needs to go after the ipdivert statement) > > > > 00501 allow tcp from any to 192.168.0.1 27015 in recv fxp0 keep-state > > Unnecessary, the default rule 65535 (in this case) passes all traffic. You are correct...I didn't read that the last rule was a allow all (I always change it to deny all)...damn laziness > > > 00100 allow ip from any to any via lo0 > > 00200 deny ip from any to 127.0.0.0/8 > > 00300 deny ip from 127.0.0.0/8 to any > > 00500 divert 8668 ip from any to any via fxp0 > > 65535 allow ip from any to any > > > When I try it from an outside source it looks like traffic is arriving > > at the Windows 2000 machine (the little computer screens for the LAN > > connection flash on the tray icon) but the connection doesn't complete > > and it times out. > > What does a tcpdump on the natd box say? Do > > tcpdump -ln -i fxp0 host <outside host you're telnetting from> > > and then telnet <natd box outside addr> 27015 > > > -- > > "Well," Brahma said, "even after ten thousand explanations, a fool is no > wiser, but an intelligent man requires only two thousand five hundred." > - The Mahabharata > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000201c377aa$dccf61b0$0201a8c0>