Date: Thu, 25 Aug 2022 08:36:22 +0200 (CEST) From: Wojciech Puchar <wojtek@puchar.net> To: freebsd-hackers@freebsd.org Subject: Re: ipfw nat problem Message-ID: <623ac39e-2915-463a-9e4c-9f99bae28c69@puchar.net> In-Reply-To: <d36e56ff-c7cd-1634-dbc-f76bdb46503c@puchar.net> References: <d36e56ff-c7cd-1634-dbc-f76bdb46503c@puchar.net>
next in thread | previous in thread | raw e-mail | index | archive | help
found a reason. forwarding was set to 0 in sysctl On Thu, 25 Aug 2022, Wojciech Puchar wrote: > i use ipfw nat redirect feature for a long time. never had problems until > now. > > my ipfw config > > queue flush > pipe flush > #define INTERNETIP 1.2.3.4 > #define INTERNET igb1 > nat 1 config ip 1.2.3.4 \ > redirect_port tcp 10.255.255.253:22 20023 \ > redirect_port tcp 10.255.255.254:22 20022 > // > table 1 flush > table 1 add 5.6.7.8 > > add 6 skipto 1000 all from any to any via INTERNET in > add 7 skipto 2000 all from any to any via INTERNET out > add 10 allow all from any to any > > > add 1000 deny all from table(1) to any > add 1001 deny tcp from any to me 3306 > add 1010 nat 1 all from any to me > add 1999 allow all from any to any > > add 2000 reject tcp from me to any 113 > add 2001 nat 1 all from 10.255.255.0/24 to any > add 2002 allow all from any to any > > > this is server with 2 jails - i want these 2 jails ssh server be available > from outside. > > And it is. I can log in do many thing for a long time interactively no > problems. > > But trying to transfer files like ssh -p 20023 loginname@server "tar cf - > something"|tar xpf - > > or scp > > it always disconnects after transfering about 100kB > > > in logs i see > > Aug 25 08:29:35 <4.6> 10.255.255.253 sshd[63621]: Fssh_packet_write_poll: > Connection from user blebleble 9.9.9.9 port 53899: Permission denied > > No other errors > > > i have no problems doing such operations on host directly over ssh. > > I do use ssh redirects using nat on many servers without problems. > What can i do to find a source of this problem? > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?623ac39e-2915-463a-9e4c-9f99bae28c69>