Date: Tue, 25 Sep 2001 18:04:25 -0500 (CDT) From: Nick Rogness <nick@rogness.net> To: Bradley Oedithipus <bradley@lightstep.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd/ipfw/sshd problem. Message-ID: <Pine.BSF.4.21.0109251801110.43016-100000@cody.jharris.com> In-Reply-To: <Pine.BSF.4.32.0109251747150.2227-100000@lightstep.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Sep 2001, Bradley Oedithipus wrote: > > > First of all, i run natd for my subnet, ipfw which restricts access to > various ports, and sshd on port 22. > > Okay, on with the evidence. > > First of all. my firewall sets up the divert rule to coincide with > natd to divert packets. Here is the rule (quite standard for natd use) > 00050 divert 8668 ip from any to any via ed0 (ed0 being my external > NIC) > > Now, when rule 50 is in effect, you cannot connect to my server via > ssh from outside my network, but you CAN connect via ssh from the > local server and the subnet. When i delete rule 50 (ipfw delete 50): > ssh is available from inside the network, and from the internet. > > I have pinned it down to this rule, by flushing ALL rules (since my > default is deny, I add allow ip from any to any) and then trying, and > it works. Then I add the divert rule, and it doesnt work. Your firewall is blocking you...or you are redirecting ports incorrectly. What does `ipfw -a l` show? What options do you have to natd? Is natd even running? Can you get to the outside (surf, ftp, ping) from the inside? Nick Rogness <nick@rogness.net> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0109251801110.43016-100000>