FreeBSD 5.4 Specifically, I can't figure out why rule 3800 is ignored... :confused: If you have idea - just give clue abt it.... Thanks... Regular NAT is working properly, but I can't configure NAPT to services on server in LAN....
Interface to LAN is also untrusted -that's why so many details in config... tun0 - interface to Internet vr1 - interface to LAN 212.42.xxx.xxx - my external IP firewall rules [#ipfw -de sh] [CODE] 03800 0 0 divert 6893 log logamount 100 tcp from 192.168.0.1 80 to any out via tun0 04000 0 0 check-state 04400 0 0 allow log logamount 100 tcp from 212.42.xxx.xxx 80 to any out via tun0 04700 25 1554 divert 6893 log logamount 100 tcp from any to 212.42.xxx.xxx dst-port 80 in via tun0 05000 150 6816 allow log logamount 100 tcp from any to 192.168.0.1 dst-port 80 in via tun0 setup keep-state ## Dynamic rules (14): 05000 17 768 (0s) STATE tcp 212.112.117.70 1212 <-> 192.168.0.1 80 ...[/CODE] /var/log/security [CODE]... Mar 9 14:40:23 free kernel: ipfw: 4700 Divert 6893 TCP 212.112.117.70:1212 212.42.xxx.xxx:80 in via tun0 Mar 9 14:40:23 free kernel: ipfw: 5000 Accept TCP 212.112.117.70:1212 192.168.0.1:80 in via tun0 Mar 9 14:40:23 free kernel: ipfw: 5000 Accept TCP 212.112.117.70:1212 192.168.0.1:80 out via vr1 Mar 9 14:40:23 free kernel: ipfw: 5000 Accept TCP 192.168.0.1:80 212.112.117.70:1212 in via vr1 #^this is O'k - packet is ready to be caught by rule 3800 but that rule is ignored and pachet processed by dymamic rule :confused: Mar 9 14:40:23 free kernel: ipfw: 5000 Accept TCP 192.168.0.1:80 212.112.117.70:1212 out via tun0 ...[/CODE] natd is started by [CODE]natd -log_denied -s -m -p 6893 -dynamic -n tun0 -redirect_port tcp 192.168.0.1:80 80 -log_ipfw_denied -l[/CODE] -- Best regards, Vladimir _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"