On 9/7/2010 5:52 PM, Victor Sudakov wrote:
A packet generated locally 1) should be forwarded by a 'fwd' rule and 2) should create a dynamic 'allow' rule for returning traffic. Could you please suggest a ruleset for this.
The fw has the 10.0.0.1 IP address. The 10.0.0.100 IP address belongs to another computer running a TCP service at 9999. The IPFW rules:
fw# ipfw list 00100 fwd 10.0.0.100 tcp from any to 10.90.10.3 dst-port 9999 keep-state 00200 deny ip from any to any 65535 allow ip from any to any
Trying to connect to TCP 9998 fails because of rule 200:
fw# nc -v 10.90.10.3 9998 nc: connect to 10.90.10.3 port 9998 (tcp) failed: Permission denied
While trying to connect to TCP 9999 succeeds and creates a IPFW state:
fw# nc -v 10.90.10.3 9999 Connection to 10.90.10.3 9999 port [tcp/*] succeeded! ^Z Suspended fw# ipfw -d show 00100 61 3315 fwd 10.0.0.100 tcp from any to 10.90.10.3 dst-port 9999 keep-state 00200 45 2644 deny ip from any to any 65535 0 0 allow ip from any to any ## Dynamic rules (9): 00100 2 112 (292s) STATE tcp 10.0.0.1 27320 <-> 10.90.10.3 9999 fw#
HTH, Nikos _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
