Date: Tue, 09 Sep 2003 16:09:55 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: freebsd-ipfw@freebsd.org Subject: Re: ipfw - natd - Port Forwarding Message-ID: <3F5E5DC3.1030005@tenebras.com> In-Reply-To: <000601c3771c$75a62c00$0201a8c0@dennis> References: <000601c3771c$75a62c00$0201a8c0@dennis>
next in thread | previous in thread | raw e-mail | index | archive | help
A. Laziness, incapacity, neglect, MS Outlook, etc. Q. Then why do people do it? A. No, it's not. Q. Is top-posting a good idea? Dennis B. Hopp wrote: > Your firewall rules need to let it through too....I think something like > this should work (it needs to go after the ipdivert statement) > > 00501 allow tcp from any to 192.168.0.1 27015 in recv fxp0 keep-state Unnecessary, the default rule 65535 (in this case) passes all traffic. > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 00500 divert 8668 ip from any to any via fxp0 > 65535 allow ip from any to any > When I try it from an outside source it looks like traffic is arriving > at the Windows 2000 machine (the little computer screens for the LAN > connection flash on the tray icon) but the connection doesn't complete > and it times out. What does a tcpdump on the natd box say? Do tcpdump -ln -i fxp0 host <outside host you're telnetting from> and then telnet <natd box outside addr> 27015 -- "Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an intelligent man requires only two thousand five hundred." - The Mahabharata
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F5E5DC3.1030005>