From owner-freebsd-questions  Tue Sep 25 16: 4:39 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from cody.jharris.com (cody.jharris.com [205.238.128.83])
	by hub.freebsd.org (Postfix) with ESMTP id 7B57337B401
	for <freebsd-questions@FreeBSD.ORG>; Tue, 25 Sep 2001 16:04:36 -0700 (PDT)
Received: from localhost (nick@localhost)
	by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f8PN4PC46288;
	Tue, 25 Sep 2001 18:04:25 -0500 (CDT)
	(envelope-from nick@rogness.net)
Date: Tue, 25 Sep 2001 18:04:25 -0500 (CDT)
From: Nick Rogness <nick@rogness.net>
X-Sender: nick@cody.jharris.com
To: Bradley Oedithipus <bradley@lightstep.org>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: natd/ipfw/sshd problem.
In-Reply-To: <Pine.BSF.4.32.0109251747150.2227-100000@lightstep.org>
Message-ID: <Pine.BSF.4.21.0109251801110.43016-100000@cody.jharris.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Tue, 25 Sep 2001, Bradley Oedithipus wrote:

> 
> 
> First of all, i run natd for my subnet, ipfw which restricts access to
> various ports, and sshd on port 22.
> 
> Okay, on with the evidence.
> 
> First of all.  my firewall sets up the divert rule to coincide with
> natd to divert packets. Here is the rule (quite standard for natd use)
> 00050 divert 8668 ip from any to any via ed0 (ed0 being my external
> NIC)
> 
> Now, when rule 50 is in effect, you cannot connect to my server via
> ssh from outside my network, but you CAN connect via ssh from the
> local server and the subnet. When i delete rule 50 (ipfw delete 50):
> ssh is available from inside the network, and from the internet.
> 
> I have pinned it down to this rule, by flushing ALL rules (since my
> default is deny, I add allow ip from any to any) and then trying, and
> it works.  Then I add the divert rule, and it doesnt work.

	Your firewall is blocking you...or you are redirecting ports
	incorrectly.

	What does `ipfw -a l` show?

	What options do you have to natd?  

	Is natd even running? Can you get to the outside (surf, ftp,
	ping) from the inside?


Nick Rogness <nick@rogness.net>
 - Keep on Routing in a Free World...
  "FreeBSD: The Power to Serve!"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message