Firewall blocking natd redirect
Derrick Ryalls
ryallsd at datasphereweb.com
Fri Feb 27 09:47:53 PST 2004
I have a port redirect, public port 5001 to an internal machine port 3389,
for Remote Desktop that works well in natd as long as I don't fire up my
custom firewall:
00050 234 27286 divert 8668 ip from any to any via sis0
00100 24 6080 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 0 0 check-state
00500 2 186 allow ip from 192.168.1.1 to 192.168.1.0/24
00600 4 266 allow ip from 192.168.1.0/24 to 192.168.1.1
00700 34 3399 allow ip from any to any keep-state in recv dc0
00800 18 2093 allow ip from any to any keep-state out xmit sis0
00900 0 0 allow ip from any to any keep-state out xmit dc0
01000 0 0 allow ip from any to 0.0.0.255:0.0.0.255 in recv dc0
01100 0 0 allow ip from 192.168.1.1 to any keep-state
01200 0 0 allow udp from any to any 53 keep-state
01300 0 0 allow tcp from any to any 53 keep-state
01400 0 0 allow udp from any to any 25 keep-state
01500 0 0 allow tcp from any to any 25 keep-state
01600 0 0 allow tcp from any to any 993 keep-state
01700 188 18936 allow tcp from any to any 22 keep-state
01800 0 0 allow tcp from any to any 80 keep-state
01900 0 0 allow tcp from any to any 5001 keep-state
65535 173082 56255563 deny ip from any to any
sis0 is the public interface and dc0 is the internal.
Right now I don't might so much having reduntant rules, but I would like my
functionality back without doing an allow from any to any. Any ideas on
what I am missing?
More information about the freebsd-questions
mailing list