IPFW: Need some help

Neal Hogan nealhogan at gmail.com
Sun Jun 28 12:03:50 UTC 2009 

2009/6/28 Anton <anton at sng.by>:
>
>   Hello all,
>
>   I'm new to *nix and now, while configuring IPFW Firewall on FreeBSD
>   7.2  has stuck in a problem:
>
>   After packet from my network is passed to natd demon - it is returning
>   t o firewall (it is normal, as I think ;-) ), but I see another
>   abnormal thin g: when it is returned to firewall, it does not come
>   under rule which state s to allow packet from some host in my
>   network, and goes under rule which a llows packets from FreeBSD box.
>
>   I.e.: packet from 192.168.0.2, directed to 86.57.250.18 comes to
>   freebsd box. First, it comes to rule, which NATs it to interface ng0.
>   Then, after  NAT rule, there is rule, which allows packet flow from
>   192.168.0.2 to 86.57 .250.18 out via ng0. But, IPFW does not show,
>   that any packet is allowed by this rule - is rather shows that
>   packets are allowed by another rule: allo w all from me to any.
>

I'm no IPFW expert, but it seems to me that the packets are already in
and NAT'd. Then they're being redirected internally. Thus being
"allowed from 'you' to any" (Don't take this explanation as true. It's
merely my understanding from the brief look at the link Mr, Barber
sent you, which you read . . . right?)

>   Need help in explaining in this problem, and how to alter the things
>   in  the way i need it (if it is real)

Two suggestions for getting more specific help:

1) Look around on the web. There appear to be many discussion about
IPFW and NAT. (eg.,
http://freebsd.rogness.net/redirect.cgi?basic/nat.html).

2) Post your ruleset. This way, folk will know what to "alter."


>
>   --
>
>   --
>
>   Best regards,
>
>    Anton             ;                [1]mailto:anton at sng.by
>
>    Administrator
>
>   Feel free to contact me
>
>   via ICQ 363780596
>
>   via Skype dobryak47
>
>   via phone +375 29 3320987
>
> References
>
>   1. 3D"mailto:anton at sng.by"
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list