flyzy博客
cat /etc/rc.conf
firewall_enable=”YES”
firewall_type=”open”
gateway_enable=”YES”
#!/bin/sh
kldload ipfw_nat
ipfw -q -f flush
ipfw nat 1 config if em0 redirect_port tcp 10.1.1.254:80 80
ipfw -q -add 65535 deny ip from any to any
防火墙打算以白名单模式运行,所以最后是拒绝没有允许的流量.
FreeBSD 系统版本12.2 运行在家里局域网esxi
FreeBSD 网络接口 “em0”
FreeBSD IP地址 “10.1.1.230”
需要转发的地址 “10.1.1.254”
需要转发的端口 “TCP 80”
当我关闭防火墙,转发命令才生效,我想知道转发端口还需要什么规则的???
关闭防火墙的命令,在拒绝前插入.
ipfw -q -add 65534 allow ip from any to any
————-
cat < /root/ipfw
#!/bin/sh
kldload ipfw_nat
ipfw -q -f flush
ipfw nat 1 config if em0 redirect_port tcp 10.1.1.254:80 80
ipfw -q add 00100 allow all from any to any via lo0
ipfw -q add 00200 allow icmp from any to any
ipfw -q add 00300 allow tcp from any to any 22,2222,80,443,8443,53,853 setup keep-state
ipfw -q add 00400 allow udp from any to any 53,853,4000,5000 keep-state
ipfw -q -add 65535 deny ip from any to any
EOF
这是白名单模式….
关了防火墙ipfw转发才生效….
江西省网友说:这就要等个大佬了
河南省网友说:官方论坛也问了,在等回复…..
https://forums.freebsd.org/threa … ward-ports.81337///
