ipfw and nat problem

David van Rensburg - PC Network david at pcnetwork.co.za
Mon Jul 18 19:32:48 UTC 2011 

>
>Ok so why cant I resolve names here.. Ive added rule 20 and 21
Ive deleted rule 60 then I cant telnet mailserver 25 so the set seems to
be working...



[root at bsd ~]# ipfw show
00005 589 53220 allow ip from any to any via alc0
00010   0     0 allow ip from any to any via lo0
00011   0     0 fwd 192.168.1.3,3128 tcp from not me to any dst-port 80
00014   0     0 divert 8668 ip from any to any in via rl0
00015   0     0 check-state
00020   0     0 skipto 800 udp from any to any dst-port 53 out via rl0
setup keep-state
00021   0     0 skipto 800 tcp from any to any dst-port 53 out via rl0
setup keep-state
00040   0     0 skipto 800 tcp from any to any dst-port 80 out via rl0
setup keep-state
00050   0     0 skipto 800 tcp from any to any dst-port 443 out via rl0
setup keep-state
00060   0     0 skipto 800 tcp from any to any dst-port 25 out via rl0
setup keep-state
00061   0     0 skipto 800 tcp from any to any dst-port 110 out via rl0
setup keep-state
00080   0     0 skipto 800 icmp from any to any out via rl0 keep-state
00110   0     0 skipto 800 tcp from any to any dst-port 22 out via rl0
setup keep-state
00120   0     0 skipto 800 tcp from any to any dst-port 43 out via rl0
setup keep-state
00130   0     0 skipto 800 udp from any to any dst-port 123 out via rl0
keep-state
00300   0     0 deny ip from 192.168.0.0/16 to any in via rl0
00301   0     0 deny ip from 172.16.0.0/12 to any in via rl0
00302   0     0 deny ip from 10.0.0.0/8 to any in via rl0
00303   0     0 deny ip from 127.0.0.0/8 to any in via rl0
00304   0     0 deny ip from 0.0.0.0/8 to any in via rl0
00305   0     0 deny ip from 169.254.0.0/16 to any in via rl0
00306   0     0 deny ip from 192.0.2.0/24 to any in via rl0
00307   0     0 deny ip from 204.152.64.0/23 to any in via rl0
00308   0     0 deny ip from 224.0.0.0/3 to any in via rl0
00315   0     0 deny tcp from any to any dst-port 113 in via rl0
00320   0     0 deny tcp from any to any dst-port 137 in via rl0
00321   0     0 deny tcp from any to any dst-port 138 in via rl0
00322   0     0 deny tcp from any to any dst-port 139 in via rl0
00323   0     0 deny tcp from any to any dst-port 81 in via rl0
00330   0     0 deny ip from any to any frag in via rl0
00332   0     0 deny tcp from any to any established in via rl0
00370   0     0 allow tcp from any to me dst-port 80 in via rl0 setup
limit src-addr 2
00380   0     0 allow tcp from any to me dst-port 22 in via rl0 setup
limit src-addr 2
00385   0     0 allow tcp from any to any dst-port 22
00390   0     0 allow tcp from any to me dst-port 23 in via rl0 setup
limit src-addr 2
00400   0     0 deny log logamount 5 ip from any to any in via rl0
00450   4   240 deny log logamount 5 ip from any to any out via rl0
00800   0     0 divert 8668 ip from any to any out via rl0
00801   0     0 allow ip from any to any
00999   0     0 deny log logamount 5 ip from any to any
65535   0     0 allow ip from any to any
[root at bsd ~]# 
[root at bsd ~]#

More information about the freebsd-ipfw mailing list