Date: Thu, 27 Jan 2000 13:38:44 -0500 From: John <papalia@udel.edu> To: freebsd-questions@freebsd.org Subject: Natd, firewall, and ports closing Message-ID: <4.1.20000127133150.00a77b50@mail.udel.edu>
next in thread | raw e-mail | index | archive | help
Hey all - I'm stumped on something. I have natd running. One internal machine (192.168.x.x) and my freebsd connected to the outside. The two machines are connected with a cross-over cat-5 cable. Problem: Within my freebsd box, if I try to "dcc chat" another address WITHIN my freebsd box, the connection fails. However, all similar connections both into and out of the box work perfectly. If I remove the divert line from my firewall, it works fine though. netstat -na shows the problem as follows: tcp 0 0 128.175.75.157.1214 128.175.75.157.57670 SYN_SENT tcp 0 0 *.57670 *.* CLOSED FreeBSD shut down the port before the connection could be made. Again, if I remove the DIVERT rule from the firewall, it works fine. My ruleset is as follows: 00075 702 73891 allow ip from any to any via lo0 00085 85 5881 allow ip from 128.175.x.x to 127.0.0.0/8 00100 3257 366714 divert 8668 ip from any to any via fxp1 00150 144847 15260516 allow ip from any to any via fxp0 00200 0 0 deny ip from any to 127.0.0.0/8 via fxp1 65000 115659 16418959 allow ip from any to any 65535 0 0 deny ip from any to any Where fxp1 is to the outside, fxp0 is to the inside. I moved rules 00075 and 00085 up from 00125 and 00135 in hopes of that maybe solving the problem Even better yet - tcpdump DOES show the request passing through lo0, so why would the divert rule be touching it at all? Thanks in advance, John To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.20000127133150.00a77b50>