Date: Mon, 18 Jul 2011 19:32:40 +0000 From: David van Rensburg - PC Network <david@pcnetwork.co.za> To: Chuck Swiger <cswiger@mac.com> Cc: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org> Subject: Re: ipfw and nat problem Message-ID: <CA4A566E.F6E6%david@pcnetwork.co.za> In-Reply-To: <502A18D1-745D-48E9-B395-BDB5A24BD2FA@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> >Ok so why cant I resolve names here.. Ive added rule 20 and 21 Ive deleted rule 60 then I cant telnet mailserver 25 so the set seems to be working... [root@bsd ~]# ipfw show 00005 589 53220 allow ip from any to any via alc0 00010 0 0 allow ip from any to any via lo0 00011 0 0 fwd 192.168.1.3,3128 tcp from not me to any dst-port 80 00014 0 0 divert 8668 ip from any to any in via rl0 00015 0 0 check-state 00020 0 0 skipto 800 udp from any to any dst-port 53 out via rl0 setup keep-state 00021 0 0 skipto 800 tcp from any to any dst-port 53 out via rl0 setup keep-state 00040 0 0 skipto 800 tcp from any to any dst-port 80 out via rl0 setup keep-state 00050 0 0 skipto 800 tcp from any to any dst-port 443 out via rl0 setup keep-state 00060 0 0 skipto 800 tcp from any to any dst-port 25 out via rl0 setup keep-state 00061 0 0 skipto 800 tcp from any to any dst-port 110 out via rl0 setup keep-state 00080 0 0 skipto 800 icmp from any to any out via rl0 keep-state 00110 0 0 skipto 800 tcp from any to any dst-port 22 out via rl0 setup keep-state 00120 0 0 skipto 800 tcp from any to any dst-port 43 out via rl0 setup keep-state 00130 0 0 skipto 800 udp from any to any dst-port 123 out via rl0 keep-state 00300 0 0 deny ip from 192.168.0.0/16 to any in via rl0 00301 0 0 deny ip from 172.16.0.0/12 to any in via rl0 00302 0 0 deny ip from 10.0.0.0/8 to any in via rl0 00303 0 0 deny ip from 127.0.0.0/8 to any in via rl0 00304 0 0 deny ip from 0.0.0.0/8 to any in via rl0 00305 0 0 deny ip from 169.254.0.0/16 to any in via rl0 00306 0 0 deny ip from 192.0.2.0/24 to any in via rl0 00307 0 0 deny ip from 204.152.64.0/23 to any in via rl0 00308 0 0 deny ip from 224.0.0.0/3 to any in via rl0 00315 0 0 deny tcp from any to any dst-port 113 in via rl0 00320 0 0 deny tcp from any to any dst-port 137 in via rl0 00321 0 0 deny tcp from any to any dst-port 138 in via rl0 00322 0 0 deny tcp from any to any dst-port 139 in via rl0 00323 0 0 deny tcp from any to any dst-port 81 in via rl0 00330 0 0 deny ip from any to any frag in via rl0 00332 0 0 deny tcp from any to any established in via rl0 00370 0 0 allow tcp from any to me dst-port 80 in via rl0 setup limit src-addr 2 00380 0 0 allow tcp from any to me dst-port 22 in via rl0 setup limit src-addr 2 00385 0 0 allow tcp from any to any dst-port 22 00390 0 0 allow tcp from any to me dst-port 23 in via rl0 setup limit src-addr 2 00400 0 0 deny log logamount 5 ip from any to any in via rl0 00450 4 240 deny log logamount 5 ip from any to any out via rl0 00800 0 0 divert 8668 ip from any to any out via rl0 00801 0 0 allow ip from any to any 00999 0 0 deny log logamount 5 ip from any to any 65535 0 0 allow ip from any to any [root@bsd ~]#=20 [root@bsd ~]#=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA4A566E.F6E6%david>