Port redirection with ipfw3.

Daniel Lanz daniel.lanz at protonmail.com
Mon Sep 11 07:40:00 PDT 2017


Hi

Is there a way to redirect ports with ipfw3. The current setup allows hosts on the LAN to get to the internet, but nothing gets in. I tried to redirect ports as it's done with ipfw2 but this requires ipfw2 and natd enabled explicitly in the kernel/ rc.conf.

My setup is as follows:

                ISP
                  |
       emx0: 77.56.xxx.xx
Router1 (DragonFly BSD)
       emx1: 10.0.0.1/24
                   |
           10.0.0.2/24
             Router2
           192.168.1.1
                /   |   \
                 LAN1

My /etc/rc.conf:
...
gateway_enable="YES"
ifconfig_emx0="DHCP"
ifconfig_emx1="10.0.0.1/24"
static_routes="lan1"
route_lan1="-net 192.168.0.0/24 192.168.1.1"
...

Firewall rules from DragonFly BSD Digest/ mailing list:

#!/bin/sh
kldload ipfw3_nat
kldload ipfw3_layer4

ipfw3 flush

ipfw3 add allow all via lo0
ipfw3 add allow all via emx1

ipfw3 nat 1 config if emx0
ipfw3 add nat 1 tcp via emx0

ipfw3 add check-state
ipfw3 add deny tcp established
ipfw3 add allow all out via emx0 keep-state

ipfw3 sync start centre

ipfw3 add deny all

-----

Nice Greetings. Daniel.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20170911/25b819c5/attachment-0002.html>


More information about the Users mailing list