Port redirection with ipfw3.
    Daniel Lanz 
    daniel.lanz at protonmail.com
       
    Mon Sep 11 07:40:00 PDT 2017
    
    
  
Hi
Is there a way to redirect ports with ipfw3. The current setup allows hosts on the LAN to get to the internet, but nothing gets in. I tried to redirect ports as it's done with ipfw2 but this requires ipfw2 and natd enabled explicitly in the kernel/ rc.conf.
My setup is as follows:
                ISP
                  |
       emx0: 77.56.xxx.xx
Router1 (DragonFly BSD)
       emx1: 10.0.0.1/24
                   |
           10.0.0.2/24
             Router2
           192.168.1.1
                /   |   \
                 LAN1
My /etc/rc.conf:
...
gateway_enable="YES"
ifconfig_emx0="DHCP"
ifconfig_emx1="10.0.0.1/24"
static_routes="lan1"
route_lan1="-net 192.168.0.0/24 192.168.1.1"
...
Firewall rules from DragonFly BSD Digest/ mailing list:
#!/bin/sh
kldload ipfw3_nat
kldload ipfw3_layer4
ipfw3 flush
ipfw3 add allow all via lo0
ipfw3 add allow all via emx1
ipfw3 nat 1 config if emx0
ipfw3 add nat 1 tcp via emx0
ipfw3 add check-state
ipfw3 add deny tcp established
ipfw3 add allow all out via emx0 keep-state
ipfw3 sync start centre
ipfw3 add deny all
-----
Nice Greetings. Daniel.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20170911/25b819c5/attachment-0002.htm>
    
    
More information about the Users
mailing list