Date: Thu, 1 Aug 2002 22:47:42 +0200 From: "Patrick O'Reilly" <bsd@perimeter.co.za> To: maske@maske.org, questions@freebsd.org Subject: Re: ipfw rules question Message-ID: <009701c2399c$b03f1200$0200000a@perimeter.co.za> References: <1185.10.0.0.27.1028221738.squirrel@mail.maske.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Douglas A. Maske" <maske@maske.org> > Hello, > > I am nat'ing my cable modem, why doesn't this configuration work? It's > either slow or inaccessable. > > #!/bin/sh > ipfw add 00100 divert 8668 ip from any to any > ipfw add 00101 allow tcp from any 21 to any keep-state established > ipfw add 00102 allow tcp from any 22 to any keep-state established > ipfw add 00202 allow tcp from any 25 to any keep-state established > ipfw add 00203 allow tcp from any 53 to any keep-state established > ipfw add 00204 allow tcp from any 80 to any keep-state established > ipfw add 00205 allow tcp from any 110 to any keep-state established > ipfw add 00206 allow tcp from any 143 to any keep-state established > ipfw add 00207 allow tcp from any 443 to any keep-state established > ipfw add 00209 allow tcp from any 5900 to any keep-state established Oh - on further looking - surely the rules should be: ipfw add 00101 allow tcp from any to any 21 keep-state ipfw add 00101 allow tcp from any to any 22 keep-state etc... Specify the port on the destination, not the source. (Except for FTP-Data of course!) Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009701c2399c$b03f1200$0200000a>