On Fri, May 5, 2017 at 8:34 PM, Karl Denninger <[email protected]> wrote:
> Can you point me to the ruleset you posted? Thanks in advance. > I can't remember all your network details, and don't have the e-mails saved, so fill in the blanks below. :) And change the ports as needed. IIF=<internal interface> EIF=<external interface> PUB_IP="me" SRV_IP=<server private IP> PRV_NET=<client private subnet> # NAT incoming traffic for port 8080 to server's private IP ipfw nat 100 config same_ports ip $PUB_IP redirect_port tcp $PRV_IP:80 $PUB_IP:8080 # NAT outgoing traffic from private subnet to public IP ipfw nat 200 config same_ports ip $PUB_IP # Allow port 8080 traffic to server from private subnet (in) ipfw add nat 100 tcp from $PRV_NET to $PUB_IP 8080 in recv $IIF ipfw add nat 200 tcp from $PRV_NET to $SRV_IP 80 out xmit $IIF ipfw add nat 200 tcp from $SRV_IP 80 to $PUB_IP in recv $IIF ipfw add nat 100 tcp from $PUB_IP 8080 to $PRV_NET out xmit $IIF # Allow port 8080 traffic from Internet to server (in) ipfw add nat 200 tcp from any to $PUB_IP 8080 in recv $EIF ipfw add allow tcp from any to $SRV_IP 80 out xmit $IIF ipfw add allow tcp from $SRV_IP 80 to any in recv $IIF ipfw add nat 200 tcp from $SRV_IP 80 to any out xmit $EIF # Allow clients access to Internet (out) ipfw add allow tcp from $PRV_NET to any in recv $IIF ipfw add nat 100 tcp from $PUB_IP to any out recv $EIF ipfw add nat 100 tcp from any to $PUB_IP in recv $EIF ipfw add allow tcp from any to $PRV_NET out xmit $IIF # Block the rest ipfw add deny log ip from any to any in recv $EIF ipfw add deny log ip from any to any in recv $IIF -- Freddie Cash [email protected] _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
