From owner-freebsd-security Fri Sep 15 9:31:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from libertad.univalle.edu.co (libertad.univalle.edu.co [216.6.69.11]) by hub.freebsd.org (Postfix) with ESMTP id 8815637B424 for ; Fri, 15 Sep 2000 09:31:06 -0700 (PDT) Received: from localhost (buliwyf@localhost) by libertad.univalle.edu.co (8.10.0/8.10.0) with ESMTP id e8FGbg639242 for ; Fri, 15 Sep 2000 11:37:43 -0500 (COT) Date: Fri, 15 Sep 2000 11:37:42 -0500 (COT) From: Buliwyf McGraw To: freebsd-security@FreeBSD.ORG Subject: ipf rules Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi... im working with ipf on FreeBSD. I work with just one network interface and i'm using 2 ip address (the second is an alias). My oficial ip (example): 200.25.53.10 My alias ip : 192.168.40.2 Now, im using this server with nat and proxy to give Internet Access to all my intranet (192.168.0.0). Everything is ok... BUT i can do a telnet to my alias ip 192.168.40.2 from my intranet. It might works??? You could think: the rules are wrong!!! So... here are my rules: ********************************************************************* My ipf.file: pass in from any to 192.168.40.2/32 pass in from 192.168.18.40/2 to any pass out from any to 192.168.40.2/32 pass out from 192.168.18.40/32 to any pass out from 200.25.53.10/32 to any pass in from any to 200.25.53.10/32 ********************************************************************* My ipnat.file: # Redirect everything to squid on port 8080 rdr sis0 0.0.0.0/0 port 80 -> 200.25.53.10 port 8080 tcp rdr sis0 0.0.0.0/0 port 80 -> 200.25.53.10 port 8080 udp # Nat for 192 map sis0 192.168.0.0/16 -> 200.25.53.10/32 portmap tcp/udp 1025:65000 map sis0 192.168.0.0/16 -> 200.25.53.10/32 ********************************************************************* Im using ipmon to see what is going on, and i catch this: 15/09/2000 11:07:16.303473 sis0 @0:1 p 192.168.40.15,38287 -> 192.168.40.2,23 PR tcp len 20 11264 -S IN When i try a telnet from 192.168.40.15: telnet 192.168.40.2 Trying 192.168.40.2... telnet: Unable to connect to remote host: Operation timed out I mean, the request is going to the server... but the answer never comes... so??? Thanks to any help. ======================================================================= Buliwyf McGraw Administrador del Servidor Libertad Centro de Servicios de Informacion Universidad del Valle ======================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message