mm99
01-23-2009, 07:27 AM
hi,
I have 2 computers (let's call them host and guest) and I'm trying to use ipfw and natd to allow guest to see all the net and host to only be able to ssh out.
I tried the following:
g0 = 'guest interface'
h0 = 'host interface connected to ISP'
00300 check-state
00400 skipto 1000 ip from any to any via g0 keep-state
00600 allow ip from any to any dst-port 22 via h0 keep-state
00700 deny ip from any to any via h0
01000 divert 8668 ip from any to any via h0
65535 allow ip from any to any
unfartunately it seems that after getting nat'd the packets originally from g0 no longer maintain state and get caught in 700. anyone have any ideas if this can be done and how?
Many thanks,
mm
I have 2 computers (let's call them host and guest) and I'm trying to use ipfw and natd to allow guest to see all the net and host to only be able to ssh out.
I tried the following:
g0 = 'guest interface'
h0 = 'host interface connected to ISP'
00300 check-state
00400 skipto 1000 ip from any to any via g0 keep-state
00600 allow ip from any to any dst-port 22 via h0 keep-state
00700 deny ip from any to any via h0
01000 divert 8668 ip from any to any via h0
65535 allow ip from any to any
unfartunately it seems that after getting nat'd the packets originally from g0 no longer maintain state and get caught in 700. anyone have any ideas if this can be done and how?
Many thanks,
mm