Date: Fri, 4 Nov 2005 20:04:33 +0100 (CET) From: Efren Bravo <efrenba@yahoo.es> To: freebsd-questions@FreeBSD.org Subject: ipf/ipnat problem Message-ID: <20051104190433.32813.qmail@web25512.mail.ukl.yahoo.com>
next in thread | raw e-mail | index | archive | help
HI,
Problem with ipf/ipnat.
(PC1: 192.168.80.15)
\\
(fbsd vr0 out if: 192.168.80.4)
||
(fbsd sis0 in if: 7.96.10.13)
//
(Internal LAN: 7.96.10.x)
//
(PC2: 7.96.10.200 - Telnet running)
(PC3: 7.96.10.201 - Wev Srv running)
IPF Rules:
----------
The same of handbook 25.5.13 Inclusive Rule Set
Example but adjusted to PC2, PC3 Services.
#Allow in Telnet from public LAN to fBSD Box
pass in quick on vr0 proto tcp from any to any
port = 22 flags S keep state
#Allow in SSH from public LAN to PC2
pass in quick on vr0 proto tcp from any to any
port = 23 flags S keep state
#Allow in HTTP from public LAN to PC3 #
pass in quick on vr0 proto tcp from any to any
port = 80 flags S keep state
IPNAT Rules (vr = out if):
--------------------------
map vr0 7.96.10.0/24 -> 192.168.80.4/32
rdr vr0 192.168.80.4/32 port 23 -> 7.96.10.200
port 23
rdr vr0 192.168.80.4/32 port 80 -> 7.96.10.201
port 80
>From Internal LAN I've access to any services on
public LAN.
>From public LAN I've access to fBSD' ssh but
haven't access to internal telnet, web server.
Nevertheless I get those statistics:
ipfstat -t:
-----------
Source IP Destination IP ST PR #pkts
#bytes ttl
192.168.80.15,3513 192.168.80.4,22 4/4 tcp 107
12141 119:59:59
192.168.80.15,3512 7.96.10.200,23 2/0 tcp 6
288 2:12
192.168.80.15,3510 7.96.10.201,80 2/0 tcp 6
288 2:00
ipnat -l:
---------
List of active sessions:
RDR 7.96.10.200 23 <- -> 192.168.80.4 23
[192.168.80.15 3512]
RDR 7.96.10.201 80 <- -> 192.168.80.4 80
[192.168.80.15 3510]
What clould be happening?
Thanks...
Efren Bravo.
______________________________________________
Renovamos el Correo Yahoo!
Nuevos servicios, más seguridad
http://correo.yahoo.es
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051104190433.32813.qmail>