Problem with ipfw nat and packet to local services
Mamontov Roman
mr.xanto at gmail.com
Mon Jul 19 05:27:06 UTC 2010
Hello, Ian.
> UDP port 33564 on this box (xxx.xxx.xxx.xxx) is not redirected to any
> other address:port, and you have specified deny_in (-deny_incoming in
> natd-speak) so, well, you got what you asked for ..
> See the description under -deny_incoming and the explanation of what
> happens to incoming packets under -alias_address in natd(8) .. the nat
> description in ipfw(8) is still a bit thin, so natd(8) is still useful.
> Without deny_in, new inbound packets should be passed to the local
> machine - so you will then need firewall rules to restrict which local
> ports are to be accessible for connections from the outside.
> cheers, Ian
I remove option deny_in from nat configuration. But inbound packets not passed to the
local services.
#ipfw nat show config
ipfw nat 1 config ip xxx.xxx.xxx.xxx
#ipfw show
00035 59 4703 nat 1 log ip from any to any via ext_if1
65000 510 44734 allow ip from any to any
65535 58083 11212917 deny ip from any to any
--
Best regards,
Mamontov Roman mailto:mr.xanto at gmail.com
More information about the freebsd-ipfw
mailing list