Freebsd below the port mapping, I look for? ? ? Map dc1 192.168.0.0/24 ->; 222.82.248.134/32 proxy port ftp ftp/tcp Dc1 192.168.0.0/24 ->; 222.82.248.134/32 portmap tcp/udp auto map Map dc1 192.168.0.0/24 ->; 222.82.248.134/32 Map dc1 192.168.1.0/24 ->; 222.82.248.134/32 proxy port ftp ftp/tcp Dc1 192.168.1.0/24 ->; 222.82.248.134/32 portmap tcp/udp auto map Map dc1 192.168.1.0/24 ->; 222.82.248.134/32 Rdr dc1 0/0 port ->; 192.168.0.9 port 4000 4000 Network mapping to a foreign port 4000. 9 of the 4000 upswing. Freebsd below the port mapping, I look for? ? ? Positive Solutions! To learn, see : "IP-based dialysis NAT Filter" Http://www.cnfug.org/journal/12/02.html "IP Filter Based Firewalls HOWTO> Http://www.cnfug.org/journal/archives/000073.html Freebsd below the port mapping, I look for? ? ? No problem. But in order to learn, we still need to know more things, especially for the optimization procedure. Freebsd below the port mapping, I look for? ? ? 12 ± 1, I like the mapping unsuccessful ah How can we know whether success? Freebsd below the port mapping, I look for? ? ? I changed Rdr dc1 222.82.248.134/32 port ->; 192.168.0.251 port 4000 4000 I still Freebsd below the port mapping, I look for? ? ? Uaspx# sockstat -4 USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS Tyi sshd 190 5 tcp4 222.82.248.134:22 192.168.0.253:2521 Root sshd 188 5 tcp4 222.82.248.134:22 192.168.0.253:2521 Mysql mysqld 182 5 tcp4 *:3306 *:* Root sshd 89 4 tcp4 *:22 *:* Root syslogd 78 5 udp4 *:514 *:* I have no port mapping ah Freebsd below the port mapping, I look for? ? ? You have opened 4,000 service? Did not come naturally sockstat not shown. In addition, the data into your firewall to allow port 4000? Freebsd below the port mapping, I look for? ? ? Plus : Pass in quick on dc1 proto tcp/udp from any state to keep 192.168.0.8 port = 4000 Freebsd below the port mapping, I look for? ? ? Sh1970 that. Ipnat.conf Lane can be added to the sentence? Freebsd below the port mapping, I look for? ? ? Sh1970 Uaspx# ipnat CF-f /etc/ipnat.conf 314 entries flushed from NAT table 7 entries flushed from NAT list 8 : unknown mapping : "pass" 8 : syntax error in the "pass" Freebsd below the port mapping, I look for? ? ? [quote][i] Note from the original "Ymir" [/i] released : Sh1970 Uaspx# ipnat CF-f /etc/ipnat.conf 314 entries flushed from NAT table 7 entries flushed from NAT list 8 : unknown mapping : "pass" 8 : syntax error in the "pass" [/quote] Halo, it is necessary to pass the relevant rules in /etc/ipf.conf Lane ah. Freebsd below the port mapping, I look for? ? ? DC1 who should be external network equipment. Not network. Freebsd below the port mapping, I look for? ? ? To james_h : Now I do not ipf.conf this document /etc Uaspx# 1s ip* Ipnat.conf To 12 ± 1 : Dc1 network equipment is outside my name. Freebsd below the port mapping, I look for? ? ? [quote][i] Note from the original "sh1970" [/i] released : Pass in quick on dc1 proto tcp/udp from any state to keep 192.168.0.8 port = 4000 [/quote] Wrong! Solutions are : Pass in quick on dc1 proto tcp/udp from any outside your network to keep state ip/32 port = 4000 [quote][i] Note from the original "Ymir" [/i] released : Now I do not ipf.conf this document /etc [/quote] Then, within the core strategy of adding ipf firewall acquiescence is closed or open? Freebsd below the port mapping, I look for? ? ? Likuku I Bahrain freebsd core acquiescence, I do not know if I have a firewall I have not translated Kernel Freebsd below the port mapping, I look for? ? ? Halo. . . Kernel ipfilter not acquiescence. . . Kernel own translation needs. . . If you use version 4.x systems, please refer to the translation Kernel Http://www.freebsdchina.org/forum/viewtopic.php?t=1770&sid=41d90e93be7f028945f5e983dc3a00a3 Note : The use ipfilter, it is not translated into ipfw in the kernel Lane, Lane, the ipfw configuration of the kernel should have deleted. [ Closed window ]