Hello guys,
I start using natd because of OpenVPN. I have a simple rule below:
The problem is that i don't need to open port 1194 for OpenVPN and client is able to connect without any problem with server. How should it looks like to can control traffic through port in/from nat?
I start using natd because of OpenVPN. I have a simple rule below:
Code:
#!/bin/sh
# ipfw config/rules
# from FBSD Handbook, rc.firewall, et. al.
# Flush all rules before we begin.
ipfw -q -f flush
# Set rules command prefix
cmd="ipfw -q add "
vif="em0"
ipfw -q nat 1 config if em0
ipfw -q add nat 1 all from 10.8.0.0/24 to any out via em0
ipfw -q add nat 1 all from any to any in via em0
# allow all for localhost
$cmd 00010 allow ip from any to any via lo0
$cmd 0080 reass all from any to any in
$cmd 00101 check-state
### SSH:
$cmd allow tcp from any to any dst-port 22 in via $vif setup keep-state
$cmd allow tcp from any to any dst-port 22 out via $vif setup keep-state
### DNS:
$cmd 00108 allow tcp from any to any dst-port 53 via $vif setup keep-state
$cmd 00111 allow udp from any to any dst-port 53 via $vif keep-state
# allow HTTP HTTPS replies
$cmd 00400 allow tcp from any to any dst-port 80 in via $vif setup limit src-addr 2
$cmd 00410 allow tcp from any to any dst-port 443 in via $vif setup limit src-addr 2
$cmd 00200 allow tcp from any to any dst-port 80 out via $vif setup keep-state
$cmd 00220 allow tcp from any to any dst-port 443 out via $vif setup keep-state
# inbound catchall
$cmd 56599 deny log ip from any to any in via $vif