IPFW Rule Not As Expected
Drew Tomlinson
drew at mykitchentable.net
Thu Apr 10 04:19:46 PDT 2003
I have a rule that's not working as I expect. Here's an ASCII drawing of my
network:
ISP
|
| Public DHCP address
|
3Com ADSL Modem/Router
(Router performs NAT)
| (192.168.10.1)
|
|
| (ed1 192.168.10.2)
FBSD Gateway
| (ed0 192.168.1.2)
|
|
Internal LAN
I intend to allow all outgoing traffic on ed1 (192.168.10.2) and create a
dynamic rule to allow the return traffic with the following rule:
ipfw add allow ip from 192.168.10.2 to any keep-state
However the dynamic rule for the return traffic isn't getting created. It
is my suspicion that my outgoing traffic is matching a prior rule but I just
don't see it. I've included the output of 'ipfw list' to show all of my
rules.
Can anyone point out my error?
Thanks,
Drew
blacksheep# ipfw list
00100 allow ip from any to any via lo0
00200 deny log ip from any to 127.0.0.0/8
00300 deny log ip from 192.168.1.0/24 to any in via ed1
00400 deny log ip from not 192.168.1.0/24 to any in via ed0
00500 reset log tcp from any to any dst-port 113
00600 allow tcp from any to 192.168.1.4 dst-port 21,22,25,80
00700 allow tcp from 192.168.1.4 21,22,25,80 to any
00800 allow tcp from any to 192.168.10.2 dst-port 22
00900 allow tcp from 192.168.10.2 22 to any
01000 allow tcp from any to 192.168.1.4 dst-port 49152-65535
01100 check-state
01200 allow icmp from any to any
01300 allow ip from 192.168.1.0/24 to any via ed0 keep-state
01400 allow ip from 192.168.10.2 to any keep-state
65000 deny log ip from any to any
More information about the freebsd-questions
mailing list