From owner-freebsd-questions Thu Aug 1 13:35:37 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D224237B400 for ; Thu, 1 Aug 2002 13:35:34 -0700 (PDT) Received: from perimeter.co.za (obelix.perimeter.co.za [209.212.102.154]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1279843E4A for ; Thu, 1 Aug 2002 13:35:32 -0700 (PDT) (envelope-from bsd@perimeter.co.za) Received: from asterix (vic-dial-196-31-178-140.mweb.co.za [196.31.178.140]) (AUTH: LOGIN bsd@perimeter.co.za) by perimeter.co.za with esmtp; Thu, 01 Aug 2002 22:36:50 +0200 Message-ID: <009701c2399c$b03f1200$0200000a@perimeter.co.za> From: "Patrick O'Reilly" To: maske@maske.org, questions@freebsd.org References: <1185.10.0.0.27.1028221738.squirrel@mail.maske.org> Subject: Re: ipfw rules question Date: Thu, 1 Aug 2002 22:47:42 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ----- Original Message ----- From: "Douglas A. Maske" > Hello, > > I am nat'ing my cable modem, why doesn't this configuration work? It's > either slow or inaccessable. > > #!/bin/sh > ipfw add 00100 divert 8668 ip from any to any > ipfw add 00101 allow tcp from any 21 to any keep-state established > ipfw add 00102 allow tcp from any 22 to any keep-state established > ipfw add 00202 allow tcp from any 25 to any keep-state established > ipfw add 00203 allow tcp from any 53 to any keep-state established > ipfw add 00204 allow tcp from any 80 to any keep-state established > ipfw add 00205 allow tcp from any 110 to any keep-state established > ipfw add 00206 allow tcp from any 143 to any keep-state established > ipfw add 00207 allow tcp from any 443 to any keep-state established > ipfw add 00209 allow tcp from any 5900 to any keep-state established Oh - on further looking - surely the rules should be: ipfw add 00101 allow tcp from any to any 21 keep-state ipfw add 00101 allow tcp from any to any 22 keep-state etc... Specify the port on the destination, not the source. (Except for FTP-Data of course!) Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message