From owner-freebsd-ipfw@FreeBSD.ORG Sun Jun 11 15:40:33 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4DE5E16A418 for ; Sun, 11 Jun 2006 15:40:33 +0000 (UTC) (envelope-from mufalani@oi.com.br) Received: from smtp1.oi.com.br (smtp1.oi.com.br [200.222.115.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9672D43D45 for ; Sun, 11 Jun 2006 15:40:32 +0000 (GMT) (envelope-from mufalani@oi.com.br) Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp1.oi.com.br (Postfix) with ESMTP id 1F1AB8023667; Sun, 11 Jun 2006 12:40:32 -0300 (BRT) Received: from smtp1.oi.com.br (localhost.localdomain [127.0.0.1]) by smtp1.oi.com.br (WCVirscan) with SMTP id 000042aa448c3970 ; Sun, 11 Jun 2006 12:40:32 -0300 Received: from oi.com.br (webmail2.oi.com.br [200.222.115.22]) by smtp1.oi.com.br (Postfix) with ESMTP id 007068023659; Sun, 11 Jun 2006 12:40:31 -0300 (BRT) Received: from 192.168.5.78 (192.168.5.78 [192.168.5.78]) by webmail.oi.com.br (Horde) with HTTP for ; Sun, 11 Jun 2006 12:42:42 -0300 Message-ID: <20060611124242.5mba63w3lwgk8kow@webmail.oi.com.br> Date: Sun, 11 Jun 2006 12:42:42 -0300 From: Rodrigo Mufalani To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Cc: mufalani@oi.com.br Subject: ipfw rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jun 2006 15:40:33 -0000 Hi all, I need a help to configure my ipfw rules , that they are below. When active ipfw with this script, nat does not function, and with the rules of the NAT alone , it it functions normally. If I make this, I work normally! My pages are showed normally ipfw add divert 8668 ip from any to 200.x.x.x in recv $oif ipfw add divert 8668 ip from 192.x.x.x 80 to any out xmit $oif ipfw add allow ip from any to any If I use the other rules, have access to ssh, but natd does not work! Thank you! Att, Rodrigo Mufalani mufalani@oi.com.br ---------------------------------------------------------------------------= ----------- set fwcmd=3D/sbin/ipfw set oif=3Drl0 set iif=3Dxl0 $fwcmd -f flush $fwcmd add check-state $fwcmd add deny ip from any to any in via $oif not verrevpath $fwcmd add allow ip from me to any out via $oif keep-state $fwcmd add deny tcp from any to any established in via $oif $fwcmd add allow ip from any to any via $iif $fwcmd add allow all from any to any via lo0 $fwcmd add deny all from any to 127.0.0.0/8 $fwcmd add deny ip from 127.0.0.0/8 to any $fwcmd add divert 8668 ip from any to 200.x.x.x in recv $oif $fwcmd add divert 8668 ip from 192.x.x.x 80 to any out xmit $oif $fwcmd add allow tcp from any to me dst-port 110,22,80,53,8080,8668 in via $oif setup keep-state $fwcmd add allow icmp from any to any via $oif icmptypes 0,3,8,11,12 $fwcmd add deny log ip from any to any ---------------------------------------------------------------------------= ----- Aqui na Oi Internet voc=EA ganha ou ganha. Al=E9m de acesso gr=E1tis com qualidade, ganha contas ilimitadas de email com 1 giga cada uma. Ganha espa=E7o ilimitado para hospedar sua p=E1gina pessoal. Ganha flog, suporte gr=E1tis e muito mais. Baixe gr=E1tis o Discador em http://www.oi.com.br/discador e comece a ganhar. Agora, se o seu neg=F3cio =E9 voar na internet sem pagar uma fortuna, assine Oi Internet banda larga a partir de R$ 9,90. Clique em http://www.oi.com.br/bandalarga e aproveite essa moleza!