Two of these jails run PostgreSQL server. Hi blake this is my currently filter rulesĪdd action=drop chain=forward comment=rapidshare disabled=no dst-address-list=rapidshare protocol=tcpĪdd action=drop chain=forward comment="yahoo messenger" disabled=yes layer7-protocol=yahoo-messenger time=\Īdd action=drop chain=forward comment="" disabled=yes layer7-protocol=yahoo-messenger time=13h-17h,mon,tue,wed,thu,fri,satĪdd action=drop chain=forward comment="fb block" disabled=yes dst-address-list=facebookĪdd action=drop chain=forward comment="not allowed ip" disabled=yes dst-address=10.2.2.0/24 src-address=\Īdd action=drop chain=forward comment="" disabled=yes dst-address=10.2.2.0/24 src-address=10.12.0.2-10.12.0.254Īdd action=drop chain=forward comment="" disabled=yes dst-address=10.2.2.0/24 protocol=icmp src-address=10.12.0.0/24Īdd action=drop chain=forward comment="" disabled=yes dst-address=10.11.0.0/24 src-address=10.12.0.2-10.12.0.200Īdd action=drop chain=forward comment="" disabled=yes dst-address=10.11.0.0/24 protocol=icmp src-address=10.12.0.0/24Īdd action=drop chain=forward comment="Front 1 limited access by time" disabled=no dst-port=80 protocol=tcp src-address=\ġ0.2.2.FreshPorts runs on a FreeBSD server which hosts multiple jails. Post yours, and I could tell you for sure! I'm just making some guesses based on common firewall configs.
203 IP is pingable from the inside of your network because your input chain likely does not prohibit access from the LAN subnet. Until you post your config I can't tell you exactly where to place that rule. The dst-address is specified as the internal IP because the packet enters the forward chain after the netmap translation has been performed from the external IP. I saw the packets count in both netmap but the problem is from outside the ip xxx.xx.xxx.203 doesnt reply, i put 10.11.0.10 in laptop and i ping the xxx.xx.xxx.203 it work and reply im wondering this, can you please explain more bit blake heheĬode: Select all /ip firewall filter add chain=forward in-interface=Ether1-WAN dst-address=10.11.0.10 In-interface=ether3-local protocol=tcp to-ports=8080 In-interface=ether2-local protocol=tcp to-ports=8080Īdd action=redirect chain=dstnat comment="web proxy allow to office network" disabled=no dst-port=80 \ Hi blake i have this following place orderĪdd action=netmap chain=dstnat comment="netmap test" disabled=no dst-address=xxx.xx.xxx.203 \Īdd action=netmap chain=srcnat comment="" disabled=no src-address=10.11.0.10 to-addresses=xxx.xx.xxx.203Īdd action=masquerade chain=srcnat comment=NAT disabled=no out-interface=Ether1-WANĪdd action=redirect chain=dstnat comment="web proxy allow to ether2 " disabled=no dst-port=80 \ Add chain=dstnat action=netmap dst-address=192.0.2.20 to-addresses=10.1.50.254 place-before=0Īdd chain=srcnat action=netmap src-address=10.1.50.254 to-addresses=192.0.2.20 place-before=0ĭo you have another rule which may be matching before the netmap rules? Try re-ordering your rules so the netmap rules match that host first, or just re-add them with place-before=0 to ensure they're at the top and processed first.
0 kommentar(er)
