Date: Fri, 17 Oct 2008 20:54:11 +0200 From: Christer Hermansson <mail@chdevelopment.se> To: Chen Xu <xuchen66@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: no access to web server behind ipfw Message-ID: <48F8DF53.9090506@chdevelopment.se> In-Reply-To: <184b087c0810141105o657af770l5d0535c19fab059d@mail.gmail.com> References: <184b087c0810141105o657af770l5d0535c19fab059d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chen Xu wrote: > $cmd 100 divert natd ip from any to any in via $pif > $cmd 101 check-state > > > You use "in via $pif", I'm not 100% sure but I think you should only use "via $pif". > # Authorized inbound packets > $cmd 421 allow tcp from any to 192.168.1.10 80 in via $pif setup limit > src-addr 5 > > > I think it's bad to use statefull rules for inbound connections. -- Christer Hermansson http://www.chdevelopment.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48F8DF53.9090506>