FreeBSD 4.2 ipfw natd -- Port Forwarding?
Michael Sierchio
kudzu at tenebras.com
Mon May 5 06:59:16 PDT 2003
John Meyer wrote:
> I have Bsd 4.8 with nat and ipfw compiled.
> My ipfw script contains one comment near the end
> add 10000 allow tcp from any to 192.168.0.249 setup
>
> and my natd.conf has a statement
> redirect_address 192.168.0.249 196.xx.xxx.xxx
>
> The problem is I cannot seem to get what is blocking the connection.
You are. ;-)
Until you're considerably more familiar with ipfirewall and natd, don't
use stateful rules with NAT. NAT is already stateful. Packets on the
outbound side won't match your stateful rule, because they aren't from
192.x.y.z but from 196.a.b.c
> if I do ipfw show while I browse to the ip with explorer nothing seems to get to it.
> (Looks like rule 00600 add divert natd ip from any to any via fxp0 blocks it)
So, set natd to deny_incoming if you're concerned about blocking packets
that aren't part of any connected tcp stream.
More information about the freebsd-ipfw
mailing list