Date: Mon, 2 Jan 2006 12:56:00 -0800 From: patrick <gibblertron@gmail.com> To: freebsd-questions@freebsd.org Subject: ipfw divert with exception? Message-ID: <b043a4850601021256pd5af566ka58bc8f1d1a8c010@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I have a FreeBSD 6.0 machine acting as a router for our office. We use
natd for address translation, and I have rule like so:
ipfw add divert natd all from any to any via ${ext_if}
To allow incoming SSH access, I have a redirect_port line setup in my
/etc/natd.conf file, and while it works just fine, I don't like that
natd has to be running in order for me to SSH into the server.
(Because, if -- hypothetically of course -- one were to *cough*
accidentally kill the natd process without realizing this, then
*ahem*, one would be locked out remotely without any means of fixing
it. And I'd like to stress that this situation is indeed, uh,
hypothetical. ;) )
So, I'm sure there is a way for me to create some ipfw rules above the
divert line to accept incoming SSH traffic and not having it get
diverted, but I'm at a bit of a loss as to how I can achieve this. The
current rule I have above this does not do anything to stop the
traffic from being diverted:
ipfw add accept tcp from any to any 22 in via ${ext_if}
Any help or insight would be greatly appreciated.
Thanks,
Patrick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b043a4850601021256pd5af566ka58bc8f1d1a8c010>