Adrenalin\’s Blog

Mai 19, 2007

(answer) Why my redirect_port redirect doesn’t work, not working ? Natd freebsd ipfw

Filed under: Unix — Adrenalin @ 23:28

Asta a fost saptamana cind o trebuit sa devin cul admin4eg si normal ca am calcat in toti skinii din zona %) Dupa traditie nimic din prima nu s-a primit.. ;o) Azi am mai stat vreo 5 ore la ceva care acum imi pare destul de evident ;]
cat ~/.bash_history | grep „sh /etc/rc.firewall” | wc -l
47
%) 47 de reloaduri la reguli..

Answer to the question:
After the packet was sucked into the divert, with smth. like

ipfw add divert natd all from any to any in $eif

You must allow redirection to the target, local ip, with

ipfw add allow tcp from any to _your_local_address_here _port_ keep-state

For redirect_port tcp 192.168.0.2:80 8080 we will have

ipfw add allow tcp from any to 192.168.0.2 80 keep-state

And yes, ipfw add allow tcp from any to me 8080 keep-state will not do anything useful because the packet seem to be accepted by natd (divert natd all from any.. my first quote) what allow the incoming 8080 connections, you need just to allow connection to the target local address..

Hope this will help.

Thanks to the jya who have helped mmx with exactly the same problem as at me %) here and here

Anunțuri

1 comentariu »

  1. fignea tăt asta…

    Comentariu de polonyk — Mai 20, 2007 @ 20:36


RSS feed for comments on this post. TrackBack URI

Lasă un răspuns

Completează mai jos detaliile tale sau dă clic pe un icon pentru a te autentifica:

Logo WordPress.com

Comentezi folosind contul tău WordPress.com. Dezautentificare / Schimbă )

Poză Twitter

Comentezi folosind contul tău Twitter. Dezautentificare / Schimbă )

Fotografie Facebook

Comentezi folosind contul tău Facebook. Dezautentificare / Schimbă )

Fotografie Google+

Comentezi folosind contul tău Google+. Dezautentificare / Schimbă )

Conectare la %s

Creează un sit web gratuit sau un blog la WordPress.com.

%d blogeri au apreciat asta: