From owner-freebsd-ipfw@FreeBSD.ORG Wed Sep 10 07:50:27 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4859016A4BF for ; Wed, 10 Sep 2003 07:50:27 -0700 (PDT) Received: from mail.coreps.com (www.coreps.com [207.241.137.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE26143F93 for ; Wed, 10 Sep 2003 07:50:26 -0700 (PDT) (envelope-from dhopp@coreps.com) Received: from dennis (dhopp.michix.net [207.241.136.9]) by mail.coreps.com (Postfix) with ESMTP id 0A6293F65; Wed, 10 Sep 2003 10:56:55 -0500 (EST) From: "Dennis B. Hopp" To: "'Michael Sierchio'" , Date: Wed, 10 Sep 2003 10:50:17 -0400 Message-ID: <000201c377aa$dccf61b0$0201a8c0@dennis> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <3F5E5DC3.1030005@tenebras.com> Importance: Normal Subject: RE: ipfw - natd - Port Forwarding X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Sep 2003 14:50:27 -0000 > -----Original Message----- > From: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd- > ipfw@freebsd.org] On Behalf Of Michael Sierchio > Sent: Tuesday, September 09, 2003 7:10 PM > To: freebsd-ipfw@freebsd.org > Subject: Re: ipfw - natd - Port Forwarding > > A. Laziness, incapacity, neglect, MS Outlook, etc. Yup I was lazy...aren't we all? > Q. Then why do people do it? > A. No, it's not. Since I didn't have to nit pick at a bunch of different details I don't think it really mattered in this case. > Q. Is top-posting a good idea? > > Dennis B. Hopp wrote: > > Your firewall rules need to let it through too....I think something like > > this should work (it needs to go after the ipdivert statement) > > > > 00501 allow tcp from any to 192.168.0.1 27015 in recv fxp0 keep-state > > Unnecessary, the default rule 65535 (in this case) passes all traffic. You are correct...I didn't read that the last rule was a allow all (I always change it to deny all)...damn laziness > > > 00100 allow ip from any to any via lo0 > > 00200 deny ip from any to 127.0.0.0/8 > > 00300 deny ip from 127.0.0.0/8 to any > > 00500 divert 8668 ip from any to any via fxp0 > > 65535 allow ip from any to any > > > When I try it from an outside source it looks like traffic is arriving > > at the Windows 2000 machine (the little computer screens for the LAN > > connection flash on the tray icon) but the connection doesn't complete > > and it times out. > > What does a tcpdump on the natd box say? Do > > tcpdump -ln -i fxp0 host > > and then telnet 27015 > > > -- > > "Well," Brahma said, "even after ten thousand explanations, a fool is no > wiser, but an intelligent man requires only two thousand five hundred." > - The Mahabharata > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"