ipfw nat problem

Reply: Wojciech Puchar : "Re: ipfw nat problem"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Wojciech Puchar <wojtek_at_puchar.net>
Date: Thu, 25 Aug 2022 06:31:55 UTC

i use ipfw nat redirect feature for a long time. never had problems until 
now.

my ipfw config

queue flush
pipe flush
#define INTERNETIP 1.2.3.4
#define INTERNET igb1
nat 1 config ip 1.2.3.4 \
  redirect_port tcp 10.255.255.253:22 20023 \
  redirect_port tcp 10.255.255.254:22 20022
//
table 1 flush
table 1 add 5.6.7.8

add 6 skipto 1000 all from any to any via INTERNET in
add 7 skipto 2000 all from any to any via INTERNET out
add 10 allow all from any to any


add 1000 deny all from table(1) to any
add 1001 deny tcp from any to me 3306
add 1010 nat 1 all from any to me
add 1999 allow all from any to any

add 2000 reject tcp from me to any 113
add 2001 nat 1 all from 10.255.255.0/24 to any
add 2002 allow all from any to any


this is server with 2 jails - i want these 2 jails ssh server be available 
from outside.

And it is. I can log in do many thing for a long time interactively no 
problems.

But trying to transfer files like ssh -p 20023 loginname@server "tar cf - something"|tar xpf -

or scp

it always disconnects after transfering about 100kB


in logs i see

Aug 25 08:29:35 <4.6> 10.255.255.253 sshd[63621]: Fssh_packet_write_poll: 
Connection from user blebleble 9.9.9.9 port 53899: Permission denied

No other errors


i have no problems doing such operations on host directly over ssh.

I do use ssh redirects using nat on many servers without problems.
What can i do to find a source of this problem?