ipfw - natd - Port Forwarding
Michael Sierchio
kudzu at tenebras.com
Tue Sep 9 16:10:03 PDT 2003
A. Laziness, incapacity, neglect, MS Outlook, etc.
Q. Then why do people do it?
A. No, it's not.
Q. Is top-posting a good idea?
Dennis B. Hopp wrote:
> Your firewall rules need to let it through too....I think something like
> this should work (it needs to go after the ipdivert statement)
>
> 00501 allow tcp from any to 192.168.0.1 27015 in recv fxp0 keep-state
Unnecessary, the default rule 65535 (in this case) passes all traffic.
> 00100 allow ip from any to any via lo0
> 00200 deny ip from any to 127.0.0.0/8
> 00300 deny ip from 127.0.0.0/8 to any
> 00500 divert 8668 ip from any to any via fxp0
> 65535 allow ip from any to any
> When I try it from an outside source it looks like traffic is arriving
> at the Windows 2000 machine (the little computer screens for the LAN
> connection flash on the tray icon) but the connection doesn't complete
> and it times out.
What does a tcpdump on the natd box say? Do
tcpdump -ln -i fxp0 host <outside host you're telnetting from>
and then telnet <natd box outside addr> 27015
--
"Well," Brahma said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent man requires only two thousand five hundred."
- The Mahabharata
More information about the freebsd-ipfw
mailing list