Date: Sun, 28 Jun 2009 07:03:45 -0500 From: Neal Hogan <nealhogan@gmail.com> To: Anton <anton@sng.by> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW: Need some help Message-ID: <ab7b49bc0906280503u5e11ade4ha7fb3be9b6c36bd0@mail.gmail.com> In-Reply-To: <499941928.20090628141400@sng.by> References: <499941928.20090628141400@sng.by>
next in thread | previous in thread | raw e-mail | index | archive | help
2009/6/28 Anton <anton@sng.by>: > > =A0 Hello all, > > =A0 I'm new to *nix and now, while configuring IPFW Firewall on FreeBSD > =A0 7.2 =A0has stuck in a problem: > > =A0 After packet from my network is passed to natd demon - it is returnin= g > =A0 t o firewall (it is normal, as I think ;-) ), but I see another > =A0 abnormal thin g: when it is returned to firewall, it does not come > =A0 under rule which state s to allow packet from some host in my > =A0 network, and goes under rule which a llows packets from FreeBSD box. > > =A0 I.e.: packet from 192.168.0.2, directed to 86.57.250.18 comes to > =A0 freebsd box. First, it comes to rule, which NATs it to interface ng0. > =A0 Then, after =A0NAT rule, there is rule, which allows packet flow from > =A0 192.168.0.2 to 86.57 .250.18 out via ng0. But, IPFW does not show, > =A0 that any packet is allowed by this rule - is rather shows that > =A0 packets are allowed by another rule: allo w all from me to any. > I'm no IPFW expert, but it seems to me that the packets are already in and NAT'd. Then they're being redirected internally. Thus being "allowed from 'you' to any" (Don't take this explanation as true. It's merely my understanding from the brief look at the link Mr, Barber sent you, which you read . . . right?) > =A0 Need help in explaining in this problem, and how to alter the things > =A0 in =A0the way i need it (if it is real) Two suggestions for getting more specific help: 1) Look around on the web. There appear to be many discussion about IPFW and NAT. (eg., http://freebsd.rogness.net/redirect.cgi?basic/nat.html). 2) Post your ruleset. This way, folk will know what to "alter." > > =A0 -- > > =A0 -- > > =A0 Best regards, > > =A0 =A0Anton =A0 =A0 =A0 =A0 =A0 =A0 ; =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0[1]= mailto:anton@sng.by > > =A0 =A0Administrator > > =A0 Feel free to contact me > > =A0 via ICQ 363780596 > > =A0 via Skype dobryak47 > > =A0 via phone +375 29 3320987 > > References > > =A0 1. 3D"mailto:anton@sng.by" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ab7b49bc0906280503u5e11ade4ha7fb3be9b6c36bd0>