Date: Thu, 10 Apr 2003 04:19:45 -0700 From: "Drew Tomlinson" <drew@mykitchentable.net> To: "FreeBSD Questions" <freebsd-questions@freebsd.org> Subject: IPFW Rule Not As Expected Message-ID: <000901c2ff53$16f30930$0301a8c0@bigdaddy>
next in thread | raw e-mail | index | archive | help
I have a rule that's not working as I expect. Here's an ASCII drawing of my
network:
ISP
|
| Public DHCP address
|
3Com ADSL Modem/Router
(Router performs NAT)
| (192.168.10.1)
|
|
| (ed1 192.168.10.2)
FBSD Gateway
| (ed0 192.168.1.2)
|
|
Internal LAN
I intend to allow all outgoing traffic on ed1 (192.168.10.2) and create a
dynamic rule to allow the return traffic with the following rule:
ipfw add allow ip from 192.168.10.2 to any keep-state
However the dynamic rule for the return traffic isn't getting created. It
is my suspicion that my outgoing traffic is matching a prior rule but I just
don't see it. I've included the output of 'ipfw list' to show all of my
rules.
Can anyone point out my error?
Thanks,
Drew
blacksheep# ipfw list
00100 allow ip from any to any via lo0
00200 deny log ip from any to 127.0.0.0/8
00300 deny log ip from 192.168.1.0/24 to any in via ed1
00400 deny log ip from not 192.168.1.0/24 to any in via ed0
00500 reset log tcp from any to any dst-port 113
00600 allow tcp from any to 192.168.1.4 dst-port 21,22,25,80
00700 allow tcp from 192.168.1.4 21,22,25,80 to any
00800 allow tcp from any to 192.168.10.2 dst-port 22
00900 allow tcp from 192.168.10.2 22 to any
01000 allow tcp from any to 192.168.1.4 dst-port 49152-65535
01100 check-state
01200 allow icmp from any to any
01300 allow ip from 192.168.1.0/24 to any via ed0 keep-state
01400 allow ip from 192.168.10.2 to any keep-state
65000 deny log ip from any to any
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000901c2ff53$16f30930$0301a8c0>