ipfw divert with exception?
patrick
gibblertron at gmail.com
Mon Jan 2 12:56:01 PST 2006
I have a FreeBSD 6.0 machine acting as a router for our office. We use
natd for address translation, and I have rule like so:
ipfw add divert natd all from any to any via ${ext_if}
To allow incoming SSH access, I have a redirect_port line setup in my
/etc/natd.conf file, and while it works just fine, I don't like that
natd has to be running in order for me to SSH into the server.
(Because, if -- hypothetically of course -- one were to *cough*
accidentally kill the natd process without realizing this, then
*ahem*, one would be locked out remotely without any means of fixing
it. And I'd like to stress that this situation is indeed, uh,
hypothetical. ;) )
So, I'm sure there is a way for me to create some ipfw rules above the
divert line to accept incoming SSH traffic and not having it get
diverted, but I'm at a bit of a loss as to how I can achieve this. The
current rule I have above this does not do anything to stop the
traffic from being diverted:
ipfw add accept tcp from any to any 22 in via ${ext_if}
Any help or insight would be greatly appreciated.
Thanks,
Patrick
More information about the freebsd-questions
mailing list