ipfw2+divert; why divert rule is ignored?
Vladimir
xvga at mail.ru
Fri Mar 10 05:44:04 UTC 2006
FreeBSD 5.4
Specifically, I can't figure out why rule 3800 is ignored... :confused:
If you have idea - just give clue abt it.... Thanks...
Regular NAT is working properly, but I can't configure NAPT to services on server in LAN....
Interface to LAN is also untrusted -that's why so many details in config...
tun0 - interface to Internet
vr1 - interface to LAN
212.42.xxx.xxx - my external IP
firewall rules [#ipfw -de sh]
[CODE]
03800 0 0 divert 6893 log logamount 100 tcp from 192.168.0.1 80 to any out via tun0
04000 0 0 check-state
04400 0 0 allow log logamount 100 tcp from 212.42.xxx.xxx 80 to any out via tun0
04700 25 1554 divert 6893 log logamount 100 tcp from any to 212.42.xxx.xxx dst-port 80 in via tun0
05000 150 6816 allow log logamount 100 tcp from any to 192.168.0.1 dst-port 80 in via tun0 setup keep-state
## Dynamic rules (14):
05000 17 768 (0s) STATE tcp 212.112.117.70 1212 <-> 192.168.0.1 80
...[/CODE]
/var/log/security
[CODE]...
Mar 9 14:40:23 free kernel: ipfw: 4700 Divert 6893 TCP 212.112.117.70:1212 212.42.xxx.xxx:80 in via tun0
Mar 9 14:40:23 free kernel: ipfw: 5000 Accept TCP 212.112.117.70:1212 192.168.0.1:80 in via tun0
Mar 9 14:40:23 free kernel: ipfw: 5000 Accept TCP 212.112.117.70:1212 192.168.0.1:80 out via vr1
Mar 9 14:40:23 free kernel: ipfw: 5000 Accept TCP 192.168.0.1:80 212.112.117.70:1212 in via vr1
#^this is O'k - packet is ready to be caught by rule 3800 but that rule is ignored and pachet processed by dymamic rule :confused:
Mar 9 14:40:23 free kernel: ipfw: 5000 Accept TCP 192.168.0.1:80 212.112.117.70:1212 out via tun0
...[/CODE]
natd is started by
[CODE]natd -log_denied -s -m -p 6893 -dynamic -n tun0 -redirect_port tcp 192.168.0.1:80 80 -log_ipfw_denied -l[/CODE]
--
Best regards,
Vladimir
More information about the freebsd-questions
mailing list