I have a port redirect, public port 5001 to an internal machine port 3389, for Remote Desktop that works well in natd as long as I don't fire up my custom firewall:
00050 234 27286 divert 8668 ip from any to any via sis0 00100 24 6080 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 00400 0 0 check-state 00500 2 186 allow ip from 192.168.1.1 to 192.168.1.0/24 00600 4 266 allow ip from 192.168.1.0/24 to 192.168.1.1 00700 34 3399 allow ip from any to any keep-state in recv dc0 00800 18 2093 allow ip from any to any keep-state out xmit sis0 00900 0 0 allow ip from any to any keep-state out xmit dc0 01000 0 0 allow ip from any to 0.0.0.255:0.0.0.255 in recv dc0 01100 0 0 allow ip from 192.168.1.1 to any keep-state 01200 0 0 allow udp from any to any 53 keep-state 01300 0 0 allow tcp from any to any 53 keep-state 01400 0 0 allow udp from any to any 25 keep-state 01500 0 0 allow tcp from any to any 25 keep-state 01600 0 0 allow tcp from any to any 993 keep-state 01700 188 18936 allow tcp from any to any 22 keep-state 01800 0 0 allow tcp from any to any 80 keep-state 01900 0 0 allow tcp from any to any 5001 keep-state 65535 173082 56255563 deny ip from any to any sis0 is the public interface and dc0 is the internal. Right now I don't might so much having reduntant rules, but I would like my functionality back without doing an allow from any to any. Any ideas on what I am missing? _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
