I have.
1. pfSense router with NAT
2. Server on lan with transmission jail and $jtrip
3. pfSense forwards $tr_peer_port
4. ipfw on server with such rules (transmission related part)
What i get:
Deny messages in log
Why this happening?
1. pfSense router with NAT
2. Server on lan with transmission jail and $jtrip
3. pfSense forwards $tr_peer_port
4. ipfw on server with such rules (transmission related part)
Bash:
# Set rules command prefix
cmd="ipfw -q add
# No restrictions on Loopback Interface
$cmd 00010 allow all from any to any via lo0
# allows the packet through if it matches an existing entry in the dynamic rules table:
$cmd 00101 check-state
$cmd 00106 deny ip from any to 255.255.255.255 in via $host_if
$cmd 00108 deny ip from any to 224.0.0.0/4 in via $host_if
##############################Transmission jail##########################
# Allow everything out
$cmd 00280 allow tcp from $jtrip to any out via $host_if keep-state
$cmd 00281 allow udp from $jtrip to any out via $host_if keep-state
# Allow outbound ping
$cmd 00282 allow icmp from $jtrip to any out via $host_if keep-state
##################################################################
# deny and log all other outbound connections
$cmd 00299 deny log logamount 0 all from any to any out via $host_if
#######################Transmission JAIL#######################
#Transmission peer
$cmd 00451 allow tcp from any to $jtrip $tr_peer_port in via $host_if keep-state
$cmd 00452 allow udp from any to $jtrip $tr_peer_port in via $host_if
# Allow some inbound icmps - echo reply, dest unreach, source quench, echo, ttl exceeded.
$cmd 00453 allow icmp from any to $jtrip icmptypes 0,3,4,8,11 in via $host_if
#########################################################################
# Reject and log all other incoming connections
$cmd 00499 deny log logamount 0 all from any to any in via $host_if
What i get:
Deny messages in log
Code:
kernel: ipfw: 499 Deny TCP 95.73.216.122:43171 jail-ip:24929 in via re0
kernel: ipfw: 499 Deny TCP 178.94.35.138:23267 jail-ip:23410 in via re0
kernel: ipfw: 499 Deny TCP 77.82.55.126:47449 jail-ip:45621 in via re0
Why this happening?