ipnat featuer of ipfilter help
2007-12-24 19:41:00
can currently ping out on the machine in hte internal network (192.168.X.X)
to anywhere on the net , but i cannot telnet , ssh to anywhere fro mthat
same machine. There seems no responding. I have copied my ipf.conf and
ipnat.conf file data here thanks in advance. I have been tryign to get this
to wrok for the past 2 weeks.
Andy
ipnat.conf
map hme0 192.168.1.0/24 -> 0/32 proxy port ftp/tcp
map hme0 192.168.1.0/24 -> 0/32 portmap tcp/udp 10000:40000
map hme0 192.168.1.0/24 -> 0/32
ipf.conf
#hme3 local
pass in log on hme3 all
pass out log on hme3 all
#lo0 loopback
pass in quick on lo0 proto tcp/udp from any to any keep state
pass in quick on lo0 proto icmp from any to any keep state
pass out quick on lo0 proto tcp/udp from any to any keep state
pass out quick on lo0 proto icmp from any to any keep state
#hme0 external network
block in on hme0 all head 100
pass in on hme0 proto tcp/udp from 192.168.1.102/32 to any keep state group
100
pass in on hme0 proto icmp from 192.168.1.102/32 to any keep state group 100
pass out on hme0 proto tcp from any to any keep state
pass in quick on hme0 proto tcp from any to 24.X.X.X/32 port = 119 flags S
keep state group 100
pass out quick on hme0 proto tcp from 24.X.X.X/32 port = 119 to any flags S
keep state group 100
pass in quick on hme0 proto tcp from 207.20.253.101/32 to 24.X.X.X/32 keep
state
pass in quick on hme0 proto tcp from any to any port = ftp-data keep state
group 100
pass in quick on hme0 proto tcp from any port = ftp-data to any port > 1023
keep state group 100
pass in quick on hme0 proto icmp from any to 24.X.X.X/32 icmp-type 0 group
100
pass in quick on hme0 proto icmp from any to 24.X.X.X/32 icmp-type 11 group
100
block in quick on hme0 proto icmp from any to any group 100
pass in quick on hme0 proto tcp from 24.1.116.52/32 to 24.X.X.X/32 port =
110 flags S keep state group 100
pass in quick on hme0 proto tcp from any to 24.X.X.X/32 port = 80 flags S
keep state group 100
pass in quick on hme0 proto tcp from any to 24.X.X.X/32 port = 25 flags S
keep state group 100
pass in quick on hme0 proto tcp from any to 24.X.X.X/32 port = 53 flags S
keep state group 100
pass out quick on hme0 proto tcp from any port = 53 to any flags S keep
state group 100
pass in quick on hme0 proto udp from any to 24.X.X.X/32 port = 53 keep
state group 100
pass out quick on hme0 proto udp from any to any port = 53 keep state group
100
pass in quick on hme0 proto tcp from any to 24.X.X.X/32 port = 718 flags S
keep state group 100
pass in quick on hme0 proto tcp from any to 24.X.X.X/32 port = 1218 flags S
keep state group 100
pass in quick on hme0 proto tcp from any to 24.X.X.X/32 port = 806 flags S
keep state group 100
pass in quick on hme0 proto tcp from any to 24.X.X.X/32 port = 113 flags S
keep state group 100
pass out quick on hme0 proto tcp from any to any port = 113 flags S keep
state group 100
pass out quick on hme0 proto tcp/udp from 24.X.X.X/32 to any keep state
pass out quick on hme0 proto icmp from 24.X.X.X/32 to any keep state
pass in all
Andy Wu <awu at encc.com>
System Administrator
EdgeNet Communications Corporation
1350 Bayshore Highway Ste.380
Burlingame, CA 94010
650.347.5045 office
650.347.5047 fax
http://www.encc.com
Comments
Got something to say?
You must be logged in to post a comment.
