On Sat, 28 Feb 2004 3:47 am, Derrick Ryalls wrote: > I have a port redirect, public port 5001 to an internal machine > port 3389, for Remote Desktop that works well in natd as long as I > don't fire up my custom firewall: > > 00050 234 27286 divert 8668 ip from any to any via sis0 > 00100 24 6080 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 00400 0 0 check-state > 00500 2 186 allow ip from 192.168.1.1 to 192.168.1.0/24 > 00600 4 266 allow ip from 192.168.1.0/24 to 192.168.1.1 > 00700 34 3399 allow ip from any to any keep-state in recv > dc0 00800 18 2093 allow ip from any to any keep-state out > xmit sis0 00900 0 0 allow ip from any to any keep-state > out xmit dc0 01000 0 0 allow ip from any to > 0.0.0.255:0.0.0.255 in recv dc0 01100 0 0 allow ip from > 192.168.1.1 to any keep-state 01200 0 0 allow udp from > any to any 53 keep-state 01300 0 0 allow tcp from any > to any 53 keep-state 01400 0 0 allow udp from any to > any 25 keep-state 01500 0 0 allow tcp from any to any > 25 keep-state 01600 0 0 allow tcp from any to any 993 > keep-state 01700 188 18936 allow tcp from any to any 22 > keep-state 01800 0 0 allow tcp from any to any 80 > keep-state 01900 0 0 allow tcp from any to any 5001 > keep-state 65535 173082 56255563 deny ip from any to any > > > sis0 is the public interface and dc0 is the internal. > > Right now I don't might so much having reduntant rules, but I would > like my functionality back without doing an allow from any to any. > Any ideas on what I am missing? > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]"
I have similar problem. I came accross this thread that may be of assistance in understanding your problem. http://lists.freebsd.org/pipermail/freebsd-questions/2004-January/032694.html It appears there may be a problem with stateful rules and port forwarding. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
