Date: Sun, 11 Jun 2006 12:42:42 -0300 From: Rodrigo Mufalani <mufalani@oi.com.br> To: freebsd-ipfw@freebsd.org Cc: mufalani@oi.com.br Subject: ipfw rules Message-ID: <20060611124242.5mba63w3lwgk8kow@webmail.oi.com.br>
next in thread | raw e-mail | index | archive | help
Hi all, I need a help to configure my ipfw rules , that they are below. When active ipfw with this script, nat does not function, and with the rules of the NAT alone , it it functions normally. If I make this, I work normally! My pages are showed normally ipfw add divert 8668 ip from any to 200.x.x.x in recv $oif ipfw add divert 8668 ip from 192.x.x.x 80 to any out xmit $oif ipfw add allow ip from any to any If I use the other rules, have access to ssh, but natd does not work! Thank you! Att, Rodrigo Mufalani mufalani@oi.com.br ---------------------------------------------------------------------------= ----------- set fwcmd=3D/sbin/ipfw set oif=3Drl0 set iif=3Dxl0 $fwcmd -f flush $fwcmd add check-state $fwcmd add deny ip from any to any in via $oif not verrevpath $fwcmd add allow ip from me to any out via $oif keep-state $fwcmd add deny tcp from any to any established in via $oif $fwcmd add allow ip from any to any via $iif $fwcmd add allow all from any to any via lo0 $fwcmd add deny all from any to 127.0.0.0/8 $fwcmd add deny ip from 127.0.0.0/8 to any $fwcmd add divert 8668 ip from any to 200.x.x.x in recv $oif $fwcmd add divert 8668 ip from 192.x.x.x 80 to any out xmit $oif $fwcmd add allow tcp from any to me dst-port 110,22,80,53,8080,8668 in via $oif setup keep-state $fwcmd add allow icmp from any to any via $oif icmptypes 0,3,8,11,12 $fwcmd add deny log ip from any to any ---------------------------------------------------------------------------= ----- Aqui na Oi Internet voc=EA ganha ou ganha. Al=E9m de acesso gr=E1tis com qualidade, ganha contas ilimitadas de email com 1 giga cada uma. Ganha espa=E7o ilimitado para hospedar sua p=E1gina pessoal. Ganha flog, suporte gr=E1tis e muito mais. Baixe gr=E1tis o Discador em http://www.oi.com.br/discador e comece a ganhar. Agora, se o seu neg=F3cio =E9 voar na internet sem pagar uma fortuna, assine Oi Internet banda larga a partir de R$ 9,90. Clique em http://www.oi.com.br/bandalarga e aproveite essa moleza!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060611124242.5mba63w3lwgk8kow>