Date: Sun, 29 Feb 2004 13:16:31 +1000 From: anubis <anubis357@optusnet.com.au> To: "Derrick Ryalls" <ryallsd@datasphereweb.com>, "'freebsd-questions'" <freebsd-questions@freebsd.org> Subject: Re: Firewall blocking natd redirect Message-ID: <200402291316.31954.anubis357@optusnet.com.au> In-Reply-To: <A99A5AC30F74624388EE5F757BA58A20D7A22B@RED-MSG-50.redmond.corp.microsoft.com> References: <A99A5AC30F74624388EE5F757BA58A20D7A22B@RED-MSG-50.redmond.corp.microsoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 28 Feb 2004 3:47 am, Derrick Ryalls wrote: > I have a port redirect, public port 5001 to an internal machine > port 3389, for Remote Desktop that works well in natd as long as I > don't fire up my custom firewall: > > 00050 234 27286 divert 8668 ip from any to any via sis0 > 00100 24 6080 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 00400 0 0 check-state > 00500 2 186 allow ip from 192.168.1.1 to 192.168.1.0/24 > 00600 4 266 allow ip from 192.168.1.0/24 to 192.168.1.1 > 00700 34 3399 allow ip from any to any keep-state in recv > dc0 00800 18 2093 allow ip from any to any keep-state out > xmit sis0 00900 0 0 allow ip from any to any keep-state > out xmit dc0 01000 0 0 allow ip from any to > 0.0.0.255:0.0.0.255 in recv dc0 01100 0 0 allow ip from > 192.168.1.1 to any keep-state 01200 0 0 allow udp from > any to any 53 keep-state 01300 0 0 allow tcp from any > to any 53 keep-state 01400 0 0 allow udp from any to > any 25 keep-state 01500 0 0 allow tcp from any to any > 25 keep-state 01600 0 0 allow tcp from any to any 993 > keep-state 01700 188 18936 allow tcp from any to any 22 > keep-state 01800 0 0 allow tcp from any to any 80 > keep-state 01900 0 0 allow tcp from any to any 5001 > keep-state 65535 173082 56255563 deny ip from any to any > > > sis0 is the public interface and dc0 is the internal. > > Right now I don't might so much having reduntant rules, but I would > like my functionality back without doing an allow from any to any. > Any ideas on what I am missing? > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" I have similar problem. I came accross this thread that may be of assistance in understanding your problem. http://lists.freebsd.org/pipermail/freebsd-questions/2004-January/032694.html It appears there may be a problem with stateful rules and port forwarding.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402291316.31954.anubis357>