Date: Thu, 15 Jul 2010 11:45:12 +0400 From: Mamontov Roman <mr.xanto@gmail.com> To: freebsd-ipfw@freebsd.org Subject: Problem with ipfw nat and packet to local services Message-ID: <1931583025.20100715114512@gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, freebsd-ipfw. I try to use ipfw nat with this rules: 00035 138 10242 nat 1 log ip from any to any via ext_if1 65000 6823 689594 allow ip from any to any 65535 170 13629 deny ip from any to any ipfw nat 1 config ip xxx.xxx.xxx.xxx deny_in same_ports unreg_only redirect_port udp 192.168.54.50:417 417 redirect_port tcp 192.168.54.50:417 417 redirect_port tcp 192.168.2.19:3233 3233 redirect_port udp 192.168.2.19:416 416 redirect_port tcp 192.168.2.19:416 416 redirect_port udp 192.168.2.18:415 415 redirect_port tcp 192.168.2.18:415 415 redirect_port udp 192.168.2.17:414 414 redirect_port tcp 192.168.2.17:414 414 redirect_port udp 192.168.2.16:413 413 redirect_port tcp 192.168.2.16:413 413 redirect_port tcp 192.168.2.15:3232 3232 redirect_port udp 192.168.2.15:412 412 redirect_port tcp 192.168.2.15:412 412 Packet from local network and this box to outside network going correctly. But packet from outside network to services (udp, icmp, tcp) on this box does not pass. In /var/log/security: Jul 15 11:34:12 kernel: ipfw: 35 Nat UDP yyy.yyy.yyy.yyy:36129 xxx.xxx.xxx.xxx:33564 in via ext_if1 In tcpdump output: 11:34:17.239509 IP yyy.yyy.yyy.yyy.36129 > xxx.xxx.xxx.xxx.33565: UDP, length 12 solution# kldstat Id Refs Address Size Name 1 20 0xc0400000 7ad380 kernel 2 1 0xc0bae000 19654 geom_mirror.ko 3 1 0xc0bc8000 3148 alias_ftp.ko 4 1 0xc2d1b000 4000 ng_mppc.ko 5 1 0xc2d1f000 2000 rc4.ko 6 1 0xc303a000 5000 ng_ksocket.ko 7 1 0xc303f000 3000 ng_tee.ko 8 1 0xc3042000 7000 ng_ppp.ko solution# uname -r 8.1-PRERELEASE solution# sysctl net.inet.ip.forwarding net.inet.ip.forwarding: 1 I have some mistake in my firewall rules? Any idea? -- Best regards, Mamontov Roman mailto:mr.xanto@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1931583025.20100715114512>