From owner-freebsd-questions@FreeBSD.ORG Sun Jun 28 12:03:46 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E89C410657F7 for ; Sun, 28 Jun 2009 12:03:46 +0000 (UTC) (envelope-from nealhogan@gmail.com) Received: from mail-gx0-f210.google.com (mail-gx0-f210.google.com [209.85.217.210]) by mx1.freebsd.org (Postfix) with ESMTP id 9B2548FC16 for ; Sun, 28 Jun 2009 12:03:46 +0000 (UTC) (envelope-from nealhogan@gmail.com) Received: by gxk6 with SMTP id 6so4321355gxk.19 for ; Sun, 28 Jun 2009 05:03:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=0S+JcVIH0AWIiOKEqNAjrQUn6JOJJTZcq1ctwfwYmqQ=; b=t43bHNqU+eozHlMEfAFQyvL57o06J48GHAQF2HBKW58PoeHPssPPqbmPTbuncKtKgN 42v3lUmchc4P/2gMx1h1eFbDqGCSl7vMiZI3o0ICgzKodcyEI6K0sise8oNnLPPf2jdD bsFu8/EhPD00Mbaa6zthokItxJ977KwBK5AUw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=eGXiFESnlqTF3/93Snwb2OCsyJo20UVAM/CzsjVzDl4rzIAjamTfIr5TJX/f4PEVYn nNoMFmU+63WA6Lx5ULlP5fWKl0pl4/t42JYCVCKWlavAM07lan1rZ7wNUNr+/pf68rDq SzhhTWqkLvfg4bepoZa3jw07/w0qQw0TMHVFE= MIME-Version: 1.0 Received: by 10.151.74.2 with SMTP id b2mr2180199ybl.279.1246190625106; Sun, 28 Jun 2009 05:03:45 -0700 (PDT) In-Reply-To: <499941928.20090628141400@sng.by> References: <499941928.20090628141400@sng.by> Date: Sun, 28 Jun 2009 07:03:45 -0500 Message-ID: From: Neal Hogan To: Anton Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@freebsd.org Subject: Re: IPFW: Need some help X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jun 2009 12:03:50 -0000 2009/6/28 Anton : > > =A0 Hello all, > > =A0 I'm new to *nix and now, while configuring IPFW Firewall on FreeBSD > =A0 7.2 =A0has stuck in a problem: > > =A0 After packet from my network is passed to natd demon - it is returnin= g > =A0 t o firewall (it is normal, as I think ;-) ), but I see another > =A0 abnormal thin g: when it is returned to firewall, it does not come > =A0 under rule which state s to allow packet from some host in my > =A0 network, and goes under rule which a llows packets from FreeBSD box. > > =A0 I.e.: packet from 192.168.0.2, directed to 86.57.250.18 comes to > =A0 freebsd box. First, it comes to rule, which NATs it to interface ng0. > =A0 Then, after =A0NAT rule, there is rule, which allows packet flow from > =A0 192.168.0.2 to 86.57 .250.18 out via ng0. But, IPFW does not show, > =A0 that any packet is allowed by this rule - is rather shows that > =A0 packets are allowed by another rule: allo w all from me to any. > I'm no IPFW expert, but it seems to me that the packets are already in and NAT'd. Then they're being redirected internally. Thus being "allowed from 'you' to any" (Don't take this explanation as true. It's merely my understanding from the brief look at the link Mr, Barber sent you, which you read . . . right?) > =A0 Need help in explaining in this problem, and how to alter the things > =A0 in =A0the way i need it (if it is real) Two suggestions for getting more specific help: 1) Look around on the web. There appear to be many discussion about IPFW and NAT. (eg., http://freebsd.rogness.net/redirect.cgi?basic/nat.html). 2) Post your ruleset. This way, folk will know what to "alter." > > =A0 -- > > =A0 -- > > =A0 Best regards, > > =A0 =A0Anton =A0 =A0 =A0 =A0 =A0 =A0 ; =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0[1]= mailto:anton@sng.by > > =A0 =A0Administrator > > =A0 Feel free to contact me > > =A0 via ICQ 363780596 > > =A0 via Skype dobryak47 > > =A0 via phone +375 29 3320987 > > References > > =A0 1. 3D"mailto:anton@sng.by" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >