Hello, Ian.
> UDP port 33564 on this box (xxx.xxx.xxx.xxx) is not redirected to any > other address:port, and you have specified deny_in (-deny_incoming in > natd-speak) so, well, you got what you asked for .. > See the description under -deny_incoming and the explanation of what > happens to incoming packets under -alias_address in natd(8) .. the nat > description in ipfw(8) is still a bit thin, so natd(8) is still useful. > Without deny_in, new inbound packets should be passed to the local > machine - so you will then need firewall rules to restrict which local > ports are to be accessible for connections from the outside. > cheers, Ian I remove option deny_in from nat configuration. But inbound packets not passed to the local services. #ipfw nat show config ipfw nat 1 config ip xxx.xxx.xxx.xxx #ipfw show 00035 59 4703 nat 1 log ip from any to any via ext_if1 65000 510 44734 allow ip from any to any 65535 58083 11212917 deny ip from any to any -- Best regards, Mamontov Roman mailto:mr.xa...@gmail.com _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"