Date: Fri, 15 Sep 2000 11:37:42 -0500 (COT) From: Buliwyf McGraw <buliwyf@libertad.univalle.edu.co> To: freebsd-security@FreeBSD.ORG Subject: ipf rules Message-ID: <Pine.BSF.4.21.0009151113360.37755-100000@libertad.univalle.edu.co>
next in thread | raw e-mail | index | archive | help
Hi... im working with ipf on FreeBSD. I work with just one network interface and i'm using 2 ip address (the second is an alias). My oficial ip (example): 200.25.53.10 My alias ip : 192.168.40.2 Now, im using this server with nat and proxy to give Internet Access to all my intranet (192.168.0.0). Everything is ok... BUT i can do a telnet to my alias ip 192.168.40.2 from my intranet. It might works??? You could think: the rules are wrong!!! So... here are my rules: ********************************************************************* My ipf.file: pass in from any to 192.168.40.2/32 pass in from 192.168.18.40/2 to any pass out from any to 192.168.40.2/32 pass out from 192.168.18.40/32 to any pass out from 200.25.53.10/32 to any pass in from any to 200.25.53.10/32 ********************************************************************* My ipnat.file: # Redirect everything to squid on port 8080 rdr sis0 0.0.0.0/0 port 80 -> 200.25.53.10 port 8080 tcp rdr sis0 0.0.0.0/0 port 80 -> 200.25.53.10 port 8080 udp # Nat for 192 map sis0 192.168.0.0/16 -> 200.25.53.10/32 portmap tcp/udp 1025:65000 map sis0 192.168.0.0/16 -> 200.25.53.10/32 ********************************************************************* Im using ipmon to see what is going on, and i catch this: 15/09/2000 11:07:16.303473 sis0 @0:1 p 192.168.40.15,38287 -> 192.168.40.2,23 PR tcp len 20 11264 -S IN When i try a telnet from 192.168.40.15: telnet 192.168.40.2 Trying 192.168.40.2... telnet: Unable to connect to remote host: Operation timed out I mean, the request is going to the server... but the answer never comes... so??? Thanks to any help. ======================================================================= Buliwyf McGraw Administrador del Servidor Libertad Centro de Servicios de Informacion Universidad del Valle ======================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009151113360.37755-100000>