Greetings,
Currently I'm playing with ipfw nat and so far I have following:
aaa.bbb.ccc.ddd - primary external routable IP address
ddd.sss.bbb.nnn and kkk.www.qqq - aliases (external routable IP addresses)
table(20) - for now it's just 192.168.0.1 - loopback for jail
table(21) - aaa.bbb.ccc.ddd, ddd.sss.bbb.nnn and kkk.www.qqq
So now when I have rule #00500 in ipfw - rules like #01400, #02200 or #02300 are not working anymore
I'm trying to understand how I can avoid this behavior. I mean how to swap rules in right position to use all of them.
I will appreciate any advice, thanks!
Currently I'm playing with ipfw nat and so far I have following:
Code:
00100 45667 44263816 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 5 211 nat 1 ip from table(20) to not table(21) via re0
00500 420236 19127471 nat 1 ip from any to aaa.bbb.ccc.ddd via re0
00600 0 0 allow tcp from any to me dst-port 22322
00700 752810 925661279 allow ip from me to any
00800 0 0 deny ip from table(10) to any
00900 0 0 deny tcp from table(11) to any
01000 66986 7542295 allow tcp from any to me established
01100 58 4762 allow udp from any 53 to me dst-port 1024-65535
01200 0 0 allow udp from any 123 to me in
01300 0 0 allow udp from me to any dst-port 123 out
01400 0 0 allow tcp from any to aaa.bbb.ccc.ddd dst-port 80,443 in setup limit src-addr 30
01500 50 2920 allow tcp from any to ddd.sss.bbb.nnn dst-port 80 in setup limit src-addr 30
01600 4914 260252 allow tcp from any to kkk.www.qqq dst-port 80
01700 0 0 allow tcp from any to me dst-port 3388,7835
01800 0 0 allow tcp from any to me dst-port 2112
01900 0 0 allow tcp from any to me dst-port 49900-50000
02000 1 52 allow tcp from any to me dst-port 25,465,587
02100 0 0 allow tcp from any to me dst-port 143,993
02200 0 0 allow tcp from any to aaa.bbb.ccc.ddd dst-port 3309
02300 0 0 allow tcp from any to aaa.bbb.ccc.ddd dst-port 7777,7778,6666,6667,8000,8001,8010,8011 setup
02400 0 0 allow tcp from any to kkk.www.qqq dst-port 6942
02500 0 0 allow udp from any to kkk.www.qqq dst-port 6942
02600 0 0 allow ip from any to any via tun0
02700 0 0 allow udp from any to aaa.bbb.ccc.ddd dst-port 27018
02800 0 0 allow udp from me 27018 to any
02900 20 1680 allow icmp from any to me in icmptypes 8
03000 26 1795 allow icmp from any to me in icmptypes 0,3,11
03100 17 1184 deny log logamount 1000 ip from any to any
65535 160915463 103891083883 allow ip from any to any
aaa.bbb.ccc.ddd - primary external routable IP address
ddd.sss.bbb.nnn and kkk.www.qqq - aliases (external routable IP addresses)
table(20) - for now it's just 192.168.0.1 - loopback for jail
table(21) - aaa.bbb.ccc.ddd, ddd.sss.bbb.nnn and kkk.www.qqq
So now when I have rule #00500 in ipfw - rules like #01400, #02200 or #02300 are not working anymore
I'm trying to understand how I can avoid this behavior. I mean how to swap rules in right position to use all of them.
I will appreciate any advice, thanks!