From owner-freebsd-questions Thu Aug 1 10: 9: 9 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1162737B40E for ; Thu, 1 Aug 2002 10:09:03 -0700 (PDT) Received: from maske.org (12-249-47-146.client.attbi.com [12.249.47.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0BA7A43E4A for ; Thu, 1 Aug 2002 10:09:02 -0700 (PDT) (envelope-from maske@maske.org) Received: from maske.org (12-249-47-146.client.attbi.com [12.249.47.146]) (authenticated bits=0) by maske.org (8.12.5/8.12.5) with ESMTP id g71H8w6N025729 for ; Thu, 1 Aug 2002 12:08:58 -0500 (CDT) (envelope-from maske@maske.org) X-Authentication-Warning: maske.org: Host 12-249-47-146.client.attbi.com [12.249.47.146] claimed to be maske.org Received: from 10.0.0.27 (SquirrelMail authenticated user maske) by mail.maske.org with HTTP; Thu, 1 Aug 2002 12:08:58 -0500 (CDT) Message-ID: <1185.10.0.0.27.1028221738.squirrel@mail.maske.org> Date: Thu, 1 Aug 2002 12:08:58 -0500 (CDT) Subject: ipfw rules question From: "Douglas A. Maske" To: X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Reply-To: maske@maske.org X-Mailer: SquirrelMail (version 1.2.7) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, I am nat'ing my cable modem, why doesn't this configuration work? It's either slow or inaccessable. #!/bin/sh ipfw add 00100 divert 8668 ip from any to any ipfw add 00101 allow tcp from any 21 to any keep-state established ipfw add 00102 allow tcp from any 22 to any keep-state established ipfw add 00202 allow tcp from any 25 to any keep-state established ipfw add 00203 allow tcp from any 53 to any keep-state established ipfw add 00204 allow tcp from any 80 to any keep-state established ipfw add 00205 allow tcp from any 110 to any keep-state established ipfw add 00206 allow tcp from any 143 to any keep-state established ipfw add 00207 allow tcp from any 443 to any keep-state established ipfw add 00209 allow tcp from any 5900 to any keep-state established ipfw add 00210 allow ip from any to any keep-state via xl0 ipfw add 00611 allow ip from any to any keep-state via lo0 ipfw add 00711 allow ip from any to any keep-state out xmit xl1 ipfw add 00712 allow ip from 10.0.0.0/24 to any keep-state ipfw add 00713 allow ip from 10.0.0.0/24 to 10.0.0.0/24 keep-state ipfw add 00715 allow udp from any to any keep-state ipfw add 00716 allow ip from any to any ipfw add 65535 deny ip from any to any Douglas A. Maske Code Thrower/Webmaster http://www.maske.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message