IPFW: Need some help
Hello all, I'm new to *nix and now, while configuring IPFW Firewall on FreeBSD 7.2 = has stuck in a problem: After packet from my network is passed to natd demon - it is returning t= o firewall (it is normal, as I think ;-) ), but I see another abnormal thin= g: when it is returned to firewall, it does not come under rule which state= s to allow packet from some host in my network, and goes under rule which a= llows packets from FreeBSD box. I.e.: packet from 192.168.0.2, directed to 86.57.250.18 comes to freebsd= box. First, it comes to rule, which NATs it to interface ng0. Then, after = NAT rule, there is rule, which allows packet flow from 192.168.0.2 to 86.57= .250.18 out via ng0. But, IPFW does not show, that any packet is allowed by= this rule - is rather shows that packets are allowed by another rule: allo= w all from me to any. Need help in explaining in this problem, and how to alter the things in = the way i need it (if it is real) -- -- Best regards, Anton= ;[1]mailto:an...@sng.by Administrator Feel free to contact me via ICQ 363780596 via Skype dobryak47 via phone +375 29 3320987 References 1. 3Dmailto:an...@sng.by; ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPFW: Need some help
2009/6/28 Anton an...@sng.by: Hello all, I'm new to *nix and now, while configuring IPFW Firewall on FreeBSD 7.2 has stuck in a problem: After packet from my network is passed to natd demon - it is returning t o firewall (it is normal, as I think ;-) ), but I see another abnormal thin g: when it is returned to firewall, it does not come under rule which state s to allow packet from some host in my network, and goes under rule which a llows packets from FreeBSD box. I.e.: packet from 192.168.0.2, directed to 86.57.250.18 comes to freebsd box. First, it comes to rule, which NATs it to interface ng0. Then, after NAT rule, there is rule, which allows packet flow from 192.168.0.2 to 86.57 .250.18 out via ng0. But, IPFW does not show, that any packet is allowed by this rule - is rather shows that packets are allowed by another rule: allo w all from me to any. I'm no IPFW expert, but it seems to me that the packets are already in and NAT'd. Then they're being redirected internally. Thus being allowed from 'you' to any (Don't take this explanation as true. It's merely my understanding from the brief look at the link Mr, Barber sent you, which you read . . . right?) Need help in explaining in this problem, and how to alter the things in the way i need it (if it is real) Two suggestions for getting more specific help: 1) Look around on the web. There appear to be many discussion about IPFW and NAT. (eg., http://freebsd.rogness.net/redirect.cgi?basic/nat.html). 2) Post your ruleset. This way, folk will know what to alter. -- -- Best regards, Anton ; [1]mailto:an...@sng.by Administrator Feel free to contact me via ICQ 363780596 via Skype dobryak47 via phone +375 29 3320987 References 1. 3Dmailto:an...@sng.by; ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPFW: Need some help
On Sun, Jun 28, 2009 at 02:14:00PM +0300, Anton typed: Hello all, I'm new to *nix and now, while configuring IPFW Firewall on FreeBSD 7.2 = has stuck in a problem: After packet from my network is passed to natd demon - it is returning t= o firewall (it is normal, as I think ;-) ), but I see another abnormal thin= g: when it is returned to firewall, it does not come under rule which state= s to allow packet from some host in my network, and goes under rule which a= llows packets from FreeBSD box. This is normal. That's because the source address has allready been rewritten by natd, so your rule about a specific host in your network doesn't apply anymore. Try moving this rule before the divert rule in your ipfw config. Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org