Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 11 Jul 2000 23:27:32 +0000
From:      "E. Michael" <emichael@mail3d.co.uk>
To:        freebsd-questions@FreeBSD.ORG
Subject:   ipfw/nat problem::dynamic ip
Message-ID:  <396BAD64.7382BBB4@mail3d.co.uk>
next in thread | raw e-mail | index | archive | help 
Hi,

The scenario is the following:

The getway's IP is 192.168.110.1:
The outside interface (modem) is the tun0 using dynamic IP.
The natd runs with: 
-n tun0 -use_sockets -same_ports -dynamic
and I dial with:
ppp -ddial ISP

The ipfw ruleset is very simple:

00050 divert 8668 ip from any to any via tun0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
65000 allow ip from any to any
65535 deny ip from any to any

With this setup any host of my network can see the outside world.What I
am trying to do without success is to block the port 110 of my gateway
for the outside world.
I try by adding the following two rules: 
ipfw add 1000 deny tcp from any to 192.168.110.1 110 via tun0 
ipfw add 1010 deny tcp from 192.168.110.1 110 to any via tun0
Unfortunately, this does not prevent an external host to connect to
the port 110.

Here is some output from natd when I ping yahoo from 192.168.110.10
Out [UDP]  [UDP] 192.168.110.10:1045 -> 212.67.128.102:53 aliased to
           [UDP] 212.67.145.58:1045 -> 212.67.128.102:53
In  [UDP]  [UDP] 212.67.128.102:53 -> 212.67.145.58:1045 aliased to
           [UDP] 212.67.128.102:53 -> 192.168.110.10:1045
Out [ICMP] [ICMP] 192.168.110.10 -> 216.32.74.55 8(0) aliased to
           [ICMP] 212.67.145.58 -> 216.32.74.55 8(0)
In  [ICMP] [ICMP] 216.32.74.55 -> 212.67.145.58 0(0) aliased to
           [ICMP] 216.32.74.55 -> 192.168.110.10 0(0)

(it seems ok for me)

and when I ping yahoo from 192.168.110.1
Out [UDP]  [UDP] 212.67.145.58:1056 -> 212.67.128.102:53 aliased to
           [UDP] 212.67.145.58:1056 -> 212.67.128.102:53
In  [UDP]  [UDP] 212.67.128.102:53 -> 212.67.145.58:1056 aliased to
           [UDP] 212.67.128.102:53 -> 212.67.145.58:1056
Out [ICMP] [ICMP] 212.67.145.58 -> 216.32.74.50 8(0) aliased to
           [ICMP] 212.67.145.58 -> 216.32.74.50 8(0)
In  [ICMP] [ICMP] 216.32.74.50 -> 212.67.145.58 0(0) aliased to
           [ICMP] 216.32.74.50 -> 212.67.145.58 0(0)
                                  ^^^^^^^^^^^^^
Shouldn't be 192.168.110.1 ? 

What am I doing wrong? Am I missing anything?

Thank you in advance for any help.

--
!   EMichael   !
!       @      !
! mail3d.co.uk !


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?396BAD64.7382BBB4>