Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: fBSD nat ipfw
Top Forums UNIX for Dummies Questions & Answers fBSD nat ipfw Post 22662 by hachik on Friday 7th of June 2002 02:50:21 PM
Old 06-07-2002
sorry i haven't said what i need properly. Now i try to.
i have the set of rules :

00050 divert 8668 ip from any to any via ed0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00350 allow ip from 192.168.0.0/24 to any
00400 allow ip from any to 192.168.0.0/24
00900 allow ip from any to any
65535 deny ip from any to any

and even if i add these ones
00500 allow ip from x.x.x.x to 192.168.0.0/24
00550 allow ip from x.x.x.x to any via ep0
00600 allow ip from any to x.x.x.x via ep0
00800 allow ip from any to x.x.x.x
and then remove 900 rule , ipfw doesnt allow to work nat properly.
x.x.x.x - internet addres

ep0 - internal adapter
ed0 - external
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

my fbsd gateway

hi i got a problem. I use a fbsd box to share my (DSL)internet connection. I got 2 networkcards in my fbsd box, but my networkcard 1 (to my modem) always go out. the led don't burn anymore and I lose my connection to the internet :( but my networkcard2 (to my local network) doesn't go out,... (2 Replies)
Discussion started by: Stormpie
2 Replies

2. UNIX for Dummies Questions & Answers

C-Media 8738 chipset for FBSD 4.4

HI i'm compiling my kernel with the support of this chipset. In FreeBSD 4.2 and 4.3 I got no problem with the kernel, but with 4.4 I just can't get the kernel compiled with the soundcard support. i added this to my kernel device pcm device snd something wrong... (2 Replies)
Discussion started by: Stormpie
2 Replies

3. UNIX for Dummies Questions & Answers

Color konsole in FBSD 4.6

FBSD 4.6 How do I colorize my konsole to see directories etc. Am able to get color in the shell with ls -GF in my .bashrc. But color does not show in KDE3 Konsole (Xwindows) for some reason.FBSD 4.6 (1 Reply)
Discussion started by: lancest
1 Replies

4. Cybersecurity

ipfw directives and order of precidence...

Is there a general rule I can apply when examining/editing ipfw entries? Also, does each new entry have to have a unique rule number? And, I think I can write a script to block code red infected machines (though I'm not sure it would do more than slim down my web server error message log),... (0 Replies)
Discussion started by: [MA]Flying_Meat
0 Replies

5. BSD

Casio CASSIOPEA BE-300 & fBSD

I just don't know how do I have to connect them... Connecting via USB, if some body knows, please post here... Thankue... (0 Replies)
Discussion started by: PomaH 6yxDAK
0 Replies

6. UNIX for Dummies Questions & Answers

Need help with IPFW.. Please...

Hi folks, I am a Mac User, and have little knowledge on IPFW. I have a set up at home where my computer (with 2 ethernet cards and static IP adresses) serves Internet to my family's computers. I have already a script that will run automatically at login and called from Cron at certain... (2 Replies)
Discussion started by: fundidor
2 Replies

7. UNIX for Advanced & Expert Users

FBSD jail question

I'm trying to establish a jail on a FBSD 6.1 system and have a couple of questions on bringing up the daemon. Under the jail man page there are two user flags that I am unclear on, -u username The user name from host environment as whom the command should run. -U... (1 Reply)
Discussion started by: thumper
1 Replies

8. BSD

Using several pipes in ipfw (dummynet)

Hi! I've already posted this on the freebsd-questions mailing list, but I thought I could try it here too. I'm using FreeBSD 7.0 with IPFW DUMMYNET enabled. I've got a problem with creating a ruleset, which allows me to limit the overall bandwidth of a link and afterwards pass the packets... (0 Replies)
Discussion started by: xenator
0 Replies

9. UNIX for Advanced & Expert Users

ipfw and dhcp

Hello, I have a little problem with my server configuration. So: I have two PC's with DHCP enable and both of them have two NIC's. PC1 - le0 ADSL PC1 - le1 192.168.10.1 PC2 - le0 192.168.10.10 PC2 - le1 192.168.20.1 One NIC on PC1 is connected to ADSL, another one have IP address... (3 Replies)
Discussion started by: mrowcp
3 Replies

10. OS X (Apple)

How to enable ipfw.log?

Under Mountain Lion, I want logs from ipfw sent to ipfw.log instead of dumped in system.log I've tried to figure out how OSX handles logs, but... after going back and forth between a syslog.conf which does little if anything, a newsyslog.conf that seems to only handle rotation, an asl.conf that... (3 Replies)
Discussion started by: jnojr
3 Replies

LEARN ABOUT NETBSD

tftp-proxy

TFTP-PROXY(8)						    BSD System Manager's Manual 					     TFTP-PROXY(8)

NAME

     tftp-proxy -- Internet Trivial File Transfer Protocol proxy

SYNOPSIS

     tftp-proxy [-v] [-w transwait]

DESCRIPTION

     tftp-proxy is a proxy for the Internet Trivial File Transfer Protocol invoked by the inetd(8) internet server.  TFTP connections should be
     redirected to the proxy using the pf(4) rdr command, after which the proxy connects to the server on behalf of the client.

     The proxy establishes a pf(4) rdr rule using the anchor facility to rewrite packets between the client and the server.  Once the rule is
     established, tftp-proxy forwards the initial request from the client to the server to begin the transfer.	After transwait seconds, the pf(4)
     NAT state is assumed to have been established and the rdr rule is deleted and the program exits.  Once the transfer between the client and
     the server is completed, the NAT state will naturally expire.

     Assuming the TFTP command request is from $client to $server, the proxy connected to the server using the $proxy source address, and $port is
     negotiated, tftp-proxy adds the following rule to the anchor:

	   rdr proto udp from $server to $proxy port $port -> $client

     The options are as follows:

     -v      Log the connection and request information to syslogd(8).

     -w transwait
	     Number of seconds to wait for the data transmission to begin before removing the pf(4) rdr rule.  The default is 2 seconds.

CONFIGURATION

     To make use of the proxy, pf.conf(5) needs the following rules.  The anchors are mandatory.  Adjust the rules as needed for your configura-
     tion.

     In the NAT section:

	   nat on $ext_if from $int_if -> ($ext_if:0)

	   no nat on $ext_if to port tftp

	   rdr-anchor "tftp-proxy/*"
	   rdr on $int_if proto udp from $lan to any port tftp -> 
	       127.0.0.1 port 6969

     In the filter section, an anchor must be added to hold the pass rules:

	   anchor "tftp-proxy/*"

     inetd(8) must be configured to spawn the proxy on the port that packets are being forwarded to by pf(4).  An example inetd.conf(5) entry fol-
     lows:

	   127.0.0.1:6969  dgram   udp	   wait    root 
		   /usr/libexec/tftp-proxy tftp-proxy

SEE ALSO

     tftp(1), pf(4), pf.conf(5), ftp-proxy(8), inetd(8), syslogd(8), tftpd(8)

CAVEATS

     tftp-proxy chroots to /var/chroot/tftp-proxy and changes to user ``_proxy'' to drop privileges.

BSD
								   May 31, 2007 							       BSD
All times are GMT -4. The time now is 07:30 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy