Problem with ipfw nat and packet to local services
Mamontov Roman
mr.xanto at gmail.com
Thu Jul 15 08:11:31 UTC 2010
Hello, freebsd-ipfw.
I try to use ipfw nat with this rules:
00035 138 10242 nat 1 log ip from any to any via ext_if1
65000 6823 689594 allow ip from any to any
65535 170 13629 deny ip from any to any
ipfw nat 1 config ip xxx.xxx.xxx.xxx deny_in same_ports unreg_only
redirect_port udp 192.168.54.50:417 417 redirect_port tcp 192.168.54.50:417 417
redirect_port tcp 192.168.2.19:3233 3233 redirect_port udp 192.168.2.19:416 416
redirect_port tcp 192.168.2.19:416 416 redirect_port udp 192.168.2.18:415 415
redirect_port tcp 192.168.2.18:415 415 redirect_port udp 192.168.2.17:414 414
redirect_port tcp 192.168.2.17:414 414 redirect_port udp 192.168.2.16:413 413
redirect_port tcp 192.168.2.16:413 413 redirect_port tcp 192.168.2.15:3232 3232
redirect_port udp 192.168.2.15:412 412 redirect_port tcp 192.168.2.15:412 412
Packet from local network and this box to outside network going correctly.
But packet from outside network to services (udp, icmp, tcp) on this box does not pass.
In /var/log/security:
Jul 15 11:34:12 kernel: ipfw: 35 Nat UDP yyy.yyy.yyy.yyy:36129 xxx.xxx.xxx.xxx:33564 in
via ext_if1
In tcpdump output:
11:34:17.239509 IP yyy.yyy.yyy.yyy.36129 > xxx.xxx.xxx.xxx.33565: UDP, length 12
solution# kldstat
Id Refs Address Size Name
1 20 0xc0400000 7ad380 kernel
2 1 0xc0bae000 19654 geom_mirror.ko
3 1 0xc0bc8000 3148 alias_ftp.ko
4 1 0xc2d1b000 4000 ng_mppc.ko
5 1 0xc2d1f000 2000 rc4.ko
6 1 0xc303a000 5000 ng_ksocket.ko
7 1 0xc303f000 3000 ng_tee.ko
8 1 0xc3042000 7000 ng_ppp.ko
solution# uname -r
8.1-PRERELEASE
solution# sysctl net.inet.ip.forwarding
net.inet.ip.forwarding: 1
I have some mistake in my firewall rules? Any idea?
--
Best regards,
Mamontov Roman mailto:mr.xanto at gmail.com
More information about the freebsd-ipfw
mailing list