ipfw 與 nat 外部ip 重導的問題 - BBS

有兩張網卡 fxp0 與 fxp1 ; fxp0 是外部IP（假設為 10.0.0.1） ; fxp1 為內部 ip( 假設為 192.168.0.254 ） ;

目前遇到的問題是 從內部 ip telnet 10.0.0.1 25 轉不進來
但是從 外面其他的 ip telnet 10.0.0.1 25 是 ok 可以work 的...

搞了很久不知道錯在哪裡，想請各位高手幫忙一下，

謝謝！


我列出 相關設定
/etc/rc.conf

firewall_enable="YES" # Set to YES to enable firewall functionality
firewall_script="/usr/local/sbin/firewall.sh" # Which script to run to set up the firewall
firewall_type="OPEN" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display
firewall_logging="NO" # Set to YES to enable events logging
firewall_flags="" # Flags passed to ipfw when type is a file

gateway_enable="YES" # Set to YES if this host will be a gateway.

natd_enable="YES" # Enable natd (if firewall_enable == YES).
natd_program="/sbin/natd" # path to natd, if you want a different one.
natd_interface="fxp0" # Public interface or IPaddress to use.
natd_flags="-f /etc/natd.conf" # config file at /etc/natd.conf


/etc/natd.conf

redirect_port tcp 192.168.0.5:25 10.0.0.1:25

/usr/local/sbin/firwall.sh

# nat
${fwcmd} add 1020 divert natd ip from any to 10.0.0.1 via fxp0
${fwcmd} add 1040 divert natd ip from 192.168.0.0/16 to any

${fwcmd} add 30030 pass ip from 10.0.0.1 to any keep-state
${fwcmd} add 30030 pass ip from 192.168.0.0/16 to any keep-state
${fwcmd} allow tcp from any to me 25


--