Problem with ipfw nat and packet to local services

Mamontov Roman mr.xanto at gmail.com
Thu Jul 15 08:11:31 UTC 2010


Hello, freebsd-ipfw.

I try to use ipfw nat with this rules:

00035  138  10242 nat 1 log ip from any to any via ext_if1
65000 6823 689594 allow ip from any to any
65535  170  13629 deny ip from any to any

ipfw nat 1 config ip xxx.xxx.xxx.xxx deny_in same_ports unreg_only
redirect_port udp 192.168.54.50:417 417 redirect_port tcp 192.168.54.50:417 417
redirect_port tcp 192.168.2.19:3233 3233 redirect_port udp 192.168.2.19:416 416
redirect_port tcp 192.168.2.19:416 416 redirect_port udp 192.168.2.18:415 415
redirect_port tcp 192.168.2.18:415 415 redirect_port udp 192.168.2.17:414 414
redirect_port tcp 192.168.2.17:414 414 redirect_port udp 192.168.2.16:413 413
redirect_port tcp 192.168.2.16:413 413 redirect_port tcp 192.168.2.15:3232 3232
redirect_port udp 192.168.2.15:412 412 redirect_port tcp 192.168.2.15:412 412

Packet from local network and this box to outside network going correctly.
But packet from outside network to services (udp, icmp, tcp) on this box does not pass.

In /var/log/security:
Jul 15 11:34:12 kernel: ipfw: 35 Nat UDP yyy.yyy.yyy.yyy:36129 xxx.xxx.xxx.xxx:33564 in
via ext_if1

In tcpdump output:
11:34:17.239509 IP yyy.yyy.yyy.yyy.36129 > xxx.xxx.xxx.xxx.33565: UDP, length 12

solution# kldstat
Id Refs Address    Size     Name
 1   20 0xc0400000 7ad380   kernel
 2    1 0xc0bae000 19654    geom_mirror.ko
 3    1 0xc0bc8000 3148     alias_ftp.ko
 4    1 0xc2d1b000 4000     ng_mppc.ko
 5    1 0xc2d1f000 2000     rc4.ko
 6    1 0xc303a000 5000     ng_ksocket.ko
 7    1 0xc303f000 3000     ng_tee.ko
 8    1 0xc3042000 7000     ng_ppp.ko

solution# uname -r
8.1-PRERELEASE

solution# sysctl net.inet.ip.forwarding
net.inet.ip.forwarding: 1

I have some mistake in my firewall rules? Any idea?

-- 
Best regards,
 Mamontov Roman                          mailto:mr.xanto at gmail.com



More information about the freebsd-ipfw mailing list