Date: Tue, 09 Oct 2007 07:48:35 +0900 From: Randy Bush <randy@psg.com> To: Paolo Pisati <piso@freebsd.org> Cc: FreeBSD Net <freebsd-net@freebsd.org>, "Andrey V. Elsukov" <bu7cher@yandex.ru> Subject: Re: ipfw nat befuddlement Message-ID: <470AB3C3.1030508@psg.com> In-Reply-To: <20071008222742.GC10716@tin.it> References: <4708D2EE.4010405@psg.com> <4709D44E.5050305@psg.com> <4709D647.1050803@yandex.ru> <20071008082256.GA9098@tin.it> <470A107C.9000509@psg.com> <20071008222742.GC10716@tin.it>
next in thread | previous in thread | raw e-mail | index | archive | help
> is your ruleset/config ok? can you post it? appended, with one ip address obscured > try to substitute the "nat 42 ip4 from any to any via vr0" rule with a > divert rule, and config & start natd: does it config work as expected? i hope to try this later today randy -- # ipfw list 00100 deny log logamount 100 ip from any to any ipoptions ssrr,lsrr,rr 00200 allow ip from any to any via lo0 00300 deny log logamount 100 ip from 127.0.0.0/8 to any 00400 deny log logamount 100 ip from any to 127.0.0.0/8 00500 allow tcp from 147.42.0.666 to any dst-port 25 00600 allow tcp from any to 147.42.0.666 dst-port 25 00700 allow tcp from me to any dst-port 25 00800 allow tcp from any to me dst-port 25 00900 deny log logamount 100 tcp from any to any dst-port 25 01000 deny ip from any to me dst-port 113 01100 nat 42 ip4 from any to any via vr0 01200 allow ip from any to any 65535 deny ip from any to any
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?470AB3C3.1030508>