Date: Mon, 8 May 2017 10:18:31 -0700 From: Freddie Cash <fjwcash@gmail.com> To: Karl Denninger <karl@denninger.net>, "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org> Subject: Re: Question that has dogged me for a while. Message-ID: <CAOjFWZ7-hH5JCzs5cV-S5YvyUZRJ8AdnUwcPtOQ%2Bf6dU2O3UtQ@mail.gmail.com> In-Reply-To: <11a326a1-80a7-cbf1-9e89-d8191e9dc1b6@denninger.net> References: <26ccc7eb-bed3-680c-2c86-2a83684299fb@denninger.net> <08BB50FC-510C-4FCF-8443-0BB16EA2D032@obsigna.com> <6f304edb-ad2e-cb2a-eea9-7b6bbe0be760@freebsd.org> <52f73440-c1f0-7f08-0f8e-f912436ee686@denninger.net> <11FA2DA2-85AB-4E70-B9B5-CDADAAA3C295@obsigna.com> <29c05b94-be21-2090-03c5-f3905d3e2e06@denninger.net> <CAOjFWZ5c9s3orf5QDLZqnCfBDjNka7d-J8w1jwXahogKuAur_A@mail.gmail.com> <11a326a1-80a7-cbf1-9e89-d8191e9dc1b6@denninger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 5, 2017 at 8:34 PM, Karl Denninger <karl@denninger.net> wrote: > Can you point me to the ruleset you posted? Thanks in advance. > I can't remember all your network details, and don't have the e-mails saved, so fill in the blanks below. :) And change the ports as needed. =E2=80=8BIIF=3D<internal interface>=E2=80=8B =E2=80=8BEIF=3D<external interface> PUB_IP=3D"me" SRV_IP=3D<server private IP> PRV_NET=3D<client private subnet>=E2=80=8B =E2=80=8B# NAT incoming traffic for port 8080 to server's private IP=E2=80= =8B =E2=80=8Bipfw nat 100 config same_ports ip $PUB_IP redirect_port tcp $PRV_I= P:80 $PUB_IP:8080 =E2=80=8B # NAT outgoing traffic from private subnet to public IP ipfw nat 200 config same_ports ip $PUB_IP =E2=80=8B # Allow port 8080 traffic to server from private subnet (in) ipfw add nat 100 tcp from $PRV_NET to $PUB_IP 8080 in recv $IIF ipfw add nat 200 tcp from $PRV_NET to $SRV_IP 80 out xmit $IIF ipfw add nat 200 tcp from $SRV_IP 80 to $PUB_IP in recv $IIF ipfw add nat 100 tcp from $PUB_IP 8080=E2=80=8B to $PRV_NET out xmit $IIF # Allow port 8080 traffic from Internet to server (in) ipfw add nat 200 tcp from any to $PUB_IP 8080 in recv $EIF ipfw add allow tcp from any to $SRV_IP 80 out xmit $IIF ipfw add allow tcp from $SRV_IP 80 to any in recv $IIF ipfw add nat 200 tcp from $SRV_IP 80 to any out xmit $EIF =E2=80=8B# Allow clients access to Internet (out) ipfw add allow tcp from $PRV_NET to any in recv $IIF ipfw add nat 100 tcp from $PUB_IP to any out recv $EIF ipfw add nat 100 tcp from any to $PUB_IP in recv $EIF ipfw add allow tcp from any to $PRV_NET out xmit $IIF =E2=80=8B =E2=80=8B# Block the rest ipfw add deny log ip from any to any in recv $EIF ipfw add deny log ip from any to any in recv $IIF =E2=80=8B --=20 Freddie Cash fjwcash@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOjFWZ7-hH5JCzs5cV-S5YvyUZRJ8AdnUwcPtOQ%2Bf6dU2O3UtQ>