Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 Sep 2000 11:37:42 -0500 (COT)
From:      Buliwyf McGraw <buliwyf@libertad.univalle.edu.co>
To:        freebsd-security@FreeBSD.ORG
Subject:   ipf rules
Message-ID:  <Pine.BSF.4.21.0009151113360.37755-100000@libertad.univalle.edu.co>
next in thread | raw e-mail | index | archive | help 


 Hi... im working with ipf on FreeBSD. I work with just one network
 interface and i'm using 2 ip address (the second is an alias).
 
    My oficial ip (example): 200.25.53.10
    My alias ip : 192.168.40.2

 Now, im using this server with nat and proxy to give Internet 
 Access to all my intranet (192.168.0.0). Everything is ok... BUT
 i can do a telnet to my alias ip 192.168.40.2 from my intranet.
 It might works???
 You could think: the rules are wrong!!! 
 So... here are my rules:
 *********************************************************************
 My  ipf.file:
 pass in from any to 192.168.40.2/32
 pass in from 192.168.18.40/2 to any
 pass out from any to 192.168.40.2/32
 pass out from 192.168.18.40/32 to any
 pass out from 200.25.53.10/32 to any
 pass in from any to 200.25.53.10/32
 *********************************************************************
 My ipnat.file:
 # Redirect everything to squid on port 8080
 rdr sis0 0.0.0.0/0 port 80 -> 200.25.53.10 port 8080 tcp
 rdr sis0 0.0.0.0/0 port 80 -> 200.25.53.10 port 8080 udp
 
 # Nat for 192
 map sis0 192.168.0.0/16 -> 200.25.53.10/32 portmap tcp/udp 1025:65000
 map sis0 192.168.0.0/16 -> 200.25.53.10/32
 *********************************************************************

 Im using ipmon to see what is going on, and i catch this:

15/09/2000 11:07:16.303473 sis0 @0:1 p 192.168.40.15,38287 -> 192.168.40.2,23 PR tcp len 20 11264 -S IN

 When i try a telnet from 192.168.40.15:
 telnet 192.168.40.2
 Trying 192.168.40.2...
 telnet: Unable to connect to remote host: Operation timed out

 I mean, the request is going to the server... but the answer never
 comes... so??? 

 Thanks to any help.

=======================================================================
 Buliwyf McGraw
 Administrador del Servidor Libertad
 Centro de Servicios de Informacion
 Universidad del Valle
=======================================================================



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009151113360.37755-100000>