Re: ipfw2+divert; why divert rule is ignored?
On 3/10/06, Vladimir [EMAIL PROTECTED] wrote: FreeBSD 5.4 Specifically, I can't figure out why rule 3800 is ignored... :confused: ipfw не такой злобный, чтобы брать и игнорить правила :) Попробуй добавить правило count сразу до или после игнорируемого правила. Скорей всего таких пакетов просто нет (например, глюк маршрутизации). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfw2+divert; why divert rule is ignored?
FreeBSD 5.4 Specifically, I can't figure out why rule 3800 is ignored... :confused: If you have idea - just give clue abt it Thanks... Regular NAT is working properly, but I can't configure NAPT to services on server in LAN Interface to LAN is also untrusted -that's why so many details in config... tun0 - interface to Internet vr1 - interface to LAN 212.42.xxx.xxx - my external IP firewall rules [#ipfw -de sh] [CODE] 0380000 divert 6893 log logamount 100 tcp from 192.168.0.1 80 to any out via tun0 040000 0 check-state 044000 0 allow log logamount 100 tcp from 212.42.xxx.xxx 80 to any out via tun0 04700 25 1554 divert 6893 log logamount 100 tcp from any to 212.42.xxx.xxx dst-port 80 in via tun0 05000 150 6816 allow log logamount 100 tcp from any to 192.168.0.1 dst-port 80 in via tun0 setup keep-state ## Dynamic rules (14): 05000 17768 (0s) STATE tcp 212.112.117.70 1212 - 192.168.0.1 80 ...[/CODE] /var/log/security [CODE]... Mar 9 14:40:23 free kernel: ipfw: 4700 Divert 6893 TCP 212.112.117.70:1212 212.42.xxx.xxx:80 in via tun0 Mar 9 14:40:23 free kernel: ipfw: 5000 Accept TCP 212.112.117.70:1212 192.168.0.1:80 in via tun0 Mar 9 14:40:23 free kernel: ipfw: 5000 Accept TCP 212.112.117.70:1212 192.168.0.1:80 out via vr1 Mar 9 14:40:23 free kernel: ipfw: 5000 Accept TCP 192.168.0.1:80 212.112.117.70:1212 in via vr1 #^this is O'k - packet is ready to be caught by rule 3800 but that rule is ignored and pachet processed by dymamic rule :confused: Mar 9 14:40:23 free kernel: ipfw: 5000 Accept TCP 192.168.0.1:80 212.112.117.70:1212 out via tun0 ...[/CODE] natd is started by [CODE]natd -log_denied -s -m -p 6893 -dynamic -n tun0 -redirect_port tcp 192.168.0.1:80 80 -log_ipfw_denied -l[/CODE] -- Best regards, Vladimir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
