ipfw rules

[Rodrigo Mufalani]

Hi all,

  I need a help to configure my ipfw rules , that they are below.

 When active ipfw with this script, nat does not function, and with the
rules of the NAT alone , it it functions normally.

 If I make this, I work normally! My pages are showed normally

ipfw add divert 8668 ip from any to 200.x.x.x in recv $oif
ipfw add divert 8668 ip from 192.x.x.x 80 to any out xmit $oif
ipfw add allow ip from any to any

  If I use the other rules, have access to ssh, but natd does not work!

Thank you!

Att,

Rodrigo Mufalani
mufalani at oi.com.br

--------------------------------------------------------------------------------------
set fwcmd=/sbin/ipfw
set oif=rl0
set iif=xl0
$fwcmd -f flush

$fwcmd add check-state

$fwcmd add deny ip from any to any in via $oif not verrevpath

$fwcmd add allow ip from me to any out via $oif keep-state
$fwcmd add deny tcp from any to any established in via $oif

$fwcmd add allow ip from any to any via $iif

$fwcmd add allow all from any to any via lo0
$fwcmd add deny all from any to 127.0.0.0/8
$fwcmd add deny ip from 127.0.0.0/8 to any

$fwcmd add divert 8668 ip from any to 200.x.x.x in recv $oif
$fwcmd add divert 8668 ip from 192.x.x.x 80 to any out xmit $oif

$fwcmd add allow tcp from any to me dst-port 110,22,80,53,8080,8668 in
via $oif setup keep-state

$fwcmd add allow icmp from any to any via $oif icmptypes 0,3,8,11,12

$fwcmd add deny log ip from any to any


--------------------------------------------------------------------------------
Aqui na Oi Internet você ganha ou ganha. Além de acesso grátis com
qualidade, ganha contas ilimitadas de email com 1 giga cada uma. Ganha
espaço ilimitado para hospedar sua página pessoal. Ganha flog, suporte
grátis e muito mais. Baixe grátis o Discador em
http://www.oi.com.br/discador e comece a ganhar.

Agora, se o seu negócio é voar na internet sem pagar uma fortuna,
assine Oi Internet banda larga a partir de R$ 9,90. Clique em
http://www.oi.com.br/bandalarga e aproveite essa moleza!