• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

IPFW How to control natd ports in IPFW.

bryn1u

Well-Known Member

Thanks: 9
Messages: 323

#1
Hello guys,

I start using natd because of OpenVPN. I have a simple rule below:
Code:
#!/bin/sh
# ipfw config/rules
# from FBSD Handbook, rc.firewall, et. al.

# Flush all rules before we begin.
ipfw -q -f flush
# Set rules command prefix
cmd="ipfw -q add "
vif="em0"

ipfw -q nat 1 config if em0
ipfw -q add nat 1 all from 10.8.0.0/24 to any out via em0
ipfw -q add nat 1 all from any to any in via em0

# allow all for localhost
$cmd 00010 allow ip from any to any via lo0

$cmd 0080 reass all from any to any in
$cmd 00101 check-state

### SSH:
$cmd allow tcp from any to any dst-port 22 in via $vif setup keep-state
$cmd allow tcp from any to any dst-port 22 out via $vif setup keep-state

### DNS:
$cmd 00108 allow tcp from any to any dst-port 53 via $vif setup keep-state
$cmd 00111 allow udp from any to any dst-port 53 via $vif keep-state

# allow HTTP HTTPS replies
$cmd 00400 allow tcp from any to any dst-port 80 in via $vif setup limit src-addr 2
$cmd 00410 allow tcp from any to any dst-port 443 in via $vif setup limit src-addr 2
$cmd 00200 allow tcp from any to any dst-port 80 out via $vif setup keep-state
$cmd 00220 allow tcp from any to any dst-port 443 out via $vif setup keep-state


# inbound catchall
$cmd 56599 deny log ip from any to any in via $vif
The problem is that i don't need to open port 1194 for OpenVPN and client is able to connect without any problem with server. How should it looks like to can control traffic through port in/from nat?
 
Top