Date: Wed, 9 Aug 2000 14:47:39 -0700 (PDT) From: TeRrAc <terrac@cloudfactory.org> To: Nick Rogness <nick@rapidnet.com> Cc: FreeBSD IPFW list <freebsd-ipfw@FreeBSD.ORG> Subject: Re: natd + IPFW Message-ID: <Pine.LNX.4.21.0008091440220.8666-100000@stratus.cloudfactory.org> In-Reply-To: <Pine.BSF.4.21.0008091521270.28622-100000@rapidnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Natd is in fadct running, my current rulset looks like this (Kinda funky right now) 00100 1848 185208 divert 8668 ip from any to any via fxp1 00300 1760 179928 allow ip from any to any via fxp1 00400 19076 1547736 allow ip from any to any via fxp0 00500 0 0 allow icmp from any to any via fxp0 00600 0 0 allow icmp from any to any via fxp1 65535 83 5902 deny ip from any to any I know that is a bass-ackwards rulset, usually I have been testing it like: 00100 1849 185456 divert 8668 ip from any to any via fxp1 00500 32 2404 allow ip from any to any 00600 0 0 allow ip from any to any 65535 83 5902 deny ip from any to any It seems logical enough that all packets should first be diverted through natd (the 8668) through the interface, then passed without regard through the rest of the system. Do i need another divert statement on fxp0 to bring them back? Thanks, Terrac Skiens On Wed, 9 Aug 2000, Nick Rogness wrote: > On Wed, 9 Aug 2000, TeRrAc wrote: > > > I am sorry. Yes I had done this, however in composing the mail I copied > > straight fromteh natd man page. > > > > If I were to build a custom rc.firewall script to do this job would it > > need more than: > > --- > > flush > > divert natd all from any to any via fxp1 > > allow ip from any to any > > allow icmp from any to any > > --- > > Is natd running? > > # ps -auxww |grep natd|grep -v grep > > What does your firewall rules look like? > > # ipfw -a l > > > > > ? > > Also, would forwarding keep packets from getting routed back to the > > source? Or are they possibly getting stopped before they reach their > > destination? > > No, unless you are using forwarding within the firewall. > > > > > > On Wed, 9 Aug 2000, Nick Rogness wrote: > > > > > On Wed, 9 Aug 2000, TeRrAc wrote: > > > > > > > > > > > I have also tried using the IPFW commands; > > > > /sbin/ipfw -f flush > > > > /sbin/ipfw add divert natd all from any to any via ed0 > > > ^^^^^ > > > Should be outside interface > > > > > > /sbin/ipfw add divert natd all from any to any via fxp1 > > > > > > > > > Nick Rogness > - Drive defensively. Buy a tank. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.21.0008091440220.8666-100000>