From owner-freebsd-ipfw Tue Jul 30 5:32: 1 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C2D1237B400 for ; Tue, 30 Jul 2002 05:31:58 -0700 (PDT) Received: from relay04.esat.net (relay04.esat.net [193.95.141.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24BF243E31 for ; Tue, 30 Jul 2002 05:31:58 -0700 (PDT) (envelope-from phil@ipac.ie) Received: from ipac-gw.cr001.ddm.esat.net (mail.rfc-networks.ie) [193.95.188.30] by relay04.esat.net with esmtp id 17ZWAO-0000B7-00; Tue, 30 Jul 2002 13:31:57 +0100 Received: from tear.domain (unknown [10.0.1.254]) by mail.rfc-networks.ie (Postfix) with ESMTP id 1E63F54834 for ; Tue, 30 Jul 2002 12:36:01 +0100 (IST) Received: by tear.domain (Postfix, from userid 1000) id 1A44C2113F; Tue, 30 Jul 2002 13:32:46 +0000 (GMT) Date: Tue, 30 Jul 2002 13:32:46 +0000 From: Philip Reynolds To: freebsd-ipfw@freebsd.org Subject: Re: 4.6-RELEASE / NATD + IPFW + keep-state Message-ID: <20020730133246.A18016@rfc-networks.ie> Reply-To: philip.reynolds@rfc-networks.ie References: <20020729144758.A11849@rfc-networks.ie> <20020730055722.GD89241@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020730055722.GD89241@blossom.cjclark.org>; from crist.clark@attbi.com on Mon, Jul 29, 2002 at 10:57:22PM -0700 X-Operating-System: FreeBSD 4.6-RC X-URL: http://www.rfc-networks.ie Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Crist J. Clark" 19 lines of wisdom included: > On Mon, Jul 29, 2002 at 02:47:58PM +0000, Philip Reynolds wrote: > > Hi, > > > > I'm having a few problems with using natd and ipfw. > > > > Originally, I was having serious serious problems trying to get > > stateful firewalling working with NAT. > > This is a FAQ, > > http://docs.freebsd.org/cgi/getmsg.cgi?fetch=13412+0+archive/2002/freebsd-net/20020217.freebsd-net using ``via'' helped along the way and the setup is currently working. What was needed was a specification of the public interface _only_ for the ``NATD'' rule in conjunction with a specification of the private interface _only_ for the ``keep-state'' rule. Unfortunately tweaking my rules before, I must have missed this combination, although I'm not sure how. Thanks for to Crist and Boris for their help. Regards, -- Philip Reynolds | Technical Director philip.reynolds@rfc-networks.ie | RFC Networks Ltd. http://www.rfc-networks.ie | +353 (0)1 8832063 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message