Date: Fri, 27 Feb 2004 09:47:50 -0800 From: "Derrick Ryalls" <ryallsd@datasphereweb.com> To: "'freebsd-questions'" <freebsd-questions@freebsd.org> Subject: Firewall blocking natd redirect Message-ID: <A99A5AC30F74624388EE5F757BA58A20D7A22B@RED-MSG-50.redmond.corp.microsoft.com>
next in thread | raw e-mail | index | archive | help
I have a port redirect, public port 5001 to an internal machine port 3389, for Remote Desktop that works well in natd as long as I don't fire up my custom firewall: 00050 234 27286 divert 8668 ip from any to any via sis0 00100 24 6080 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 00400 0 0 check-state 00500 2 186 allow ip from 192.168.1.1 to 192.168.1.0/24 00600 4 266 allow ip from 192.168.1.0/24 to 192.168.1.1 00700 34 3399 allow ip from any to any keep-state in recv dc0 00800 18 2093 allow ip from any to any keep-state out xmit sis0 00900 0 0 allow ip from any to any keep-state out xmit dc0 01000 0 0 allow ip from any to 0.0.0.255:0.0.0.255 in recv dc0 01100 0 0 allow ip from 192.168.1.1 to any keep-state 01200 0 0 allow udp from any to any 53 keep-state 01300 0 0 allow tcp from any to any 53 keep-state 01400 0 0 allow udp from any to any 25 keep-state 01500 0 0 allow tcp from any to any 25 keep-state 01600 0 0 allow tcp from any to any 993 keep-state 01700 188 18936 allow tcp from any to any 22 keep-state 01800 0 0 allow tcp from any to any 80 keep-state 01900 0 0 allow tcp from any to any 5001 keep-state 65535 173082 56255563 deny ip from any to any sis0 is the public interface and dc0 is the internal. Right now I don't might so much having reduntant rules, but I would like my functionality back without doing an allow from any to any. Any ideas on what I am missing?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A99A5AC30F74624388EE5F757BA58A20D7A22B>