Date: Tue, 25 Sep 2001 18:00:59 -0500 (CDT) From: Bradley Oedithipus <bradley@lightstep.org> To: <freebsd-questions@FreeBSD.org> Subject: natd/ipfw/sshd problem. Message-ID: <Pine.BSF.4.32.0109251747150.2227-100000@lightstep.org>
next in thread | raw e-mail | index | archive | help
Here's the problem. My power went out on saturday, I assume this is when this started. First of all, i run natd for my subnet, ipfw which restricts access to various ports, and sshd on port 22. Okay, on with the evidence. First of all. my firewall sets up the divert rule to coincide with natd to divert packets. Here is the rule (quite standard for natd use) 00050 divert 8668 ip from any to any via ed0 (ed0 being my external NIC) Now, when rule 50 is in effect, you cannot connect to my server via ssh from outside my network, but you CAN connect via ssh from the local server and the subnet. When i delete rule 50 (ipfw delete 50): ssh is available from inside the network, and from the internet. I have pinned it down to this rule, by flushing ALL rules (since my default is deny, I add allow ip from any to any) and then trying, and it works. Then I add the divert rule, and it doesnt work. Now, whether or not the divert rule 50 is in effect or not, the netstat -an |grep 22 shows that sshd IS bound. 'lightstep:/etc # netstat -an |grep 22 tcp4 0 0 *.22 *.* LISTEN' This is a very strange situation I know. But I dont like having to turn off natd (deleting rule 50) in order to login remotely. Has anyone encountered this before? I sure hope so, or I hope I am making a very obvious mistake. Any help would be a appreciated. Also, if anymore information is needed, please let me know. Thanks Bradley Crecelius bradley@lightstep.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.32.0109251747150.2227-100000>