Firewall blocking natd redirect
anubis
anubis357 at optusnet.com.au
Sat Feb 28 19:13:57 PST 2004
On Sat, 28 Feb 2004 3:47 am, Derrick Ryalls wrote:
> I have a port redirect, public port 5001 to an internal machine
> port 3389, for Remote Desktop that works well in natd as long as I
> don't fire up my custom firewall:
>
> 00050 234 27286 divert 8668 ip from any to any via sis0
> 00100 24 6080 allow ip from any to any via lo0
> 00200 0 0 deny ip from any to 127.0.0.0/8
> 00300 0 0 deny ip from 127.0.0.0/8 to any
> 00400 0 0 check-state
> 00500 2 186 allow ip from 192.168.1.1 to 192.168.1.0/24
> 00600 4 266 allow ip from 192.168.1.0/24 to 192.168.1.1
> 00700 34 3399 allow ip from any to any keep-state in recv
> dc0 00800 18 2093 allow ip from any to any keep-state out
> xmit sis0 00900 0 0 allow ip from any to any keep-state
> out xmit dc0 01000 0 0 allow ip from any to
> 0.0.0.255:0.0.0.255 in recv dc0 01100 0 0 allow ip from
> 192.168.1.1 to any keep-state 01200 0 0 allow udp from
> any to any 53 keep-state 01300 0 0 allow tcp from any
> to any 53 keep-state 01400 0 0 allow udp from any to
> any 25 keep-state 01500 0 0 allow tcp from any to any
> 25 keep-state 01600 0 0 allow tcp from any to any 993
> keep-state 01700 188 18936 allow tcp from any to any 22
> keep-state 01800 0 0 allow tcp from any to any 80
> keep-state 01900 0 0 allow tcp from any to any 5001
> keep-state 65535 173082 56255563 deny ip from any to any
>
>
> sis0 is the public interface and dc0 is the internal.
>
> Right now I don't might so much having reduntant rules, but I would
> like my functionality back without doing an allow from any to any.
> Any ideas on what I am missing?
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
I have similar problem. I came accross this thread that may be of
assistance in understanding your problem.
http://lists.freebsd.org/pipermail/freebsd-questions/2004-January/032694.html
It appears there may be a problem with stateful rules and port
forwarding.
More information about the freebsd-questions
mailing list