Date: Sun, 31 Oct 1999 08:46:57 +0100 From: Eivind Eklund <eivind@FreeBSD.ORG> To: Rene de Vries <rene@canyon.demon.nl> Cc: FreeBSD hackers <freebsd-hackers@FreeBSD.ORG> Subject: Re: Natd+PKT_ALIAS_PUNCH_FW missing something? Message-ID: <19991031084657.E62515@bitbox.follo.net> In-Reply-To: <199910301513.RAA01051@canyon.demon.nl>; from rene@canyon.demon.nl on Sat, Oct 30, 1999 at 05:13:09PM %2B0200 References: <199910301513.RAA01051@canyon.demon.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Oct 30, 1999 at 05:13:09PM +0200, Rene de Vries wrote: > Hello, > > Am I missing something? I modified natd.c so an extra option was available to > turn on punch firewall (see diff below). When I activated this option it did > not seem to work (ftp-data is still blocked by my firewall). When I add a > general allow line for any traffic from 20 to 1023- it (of course) works. But > the whole idea was to get rid of this line... The only obvious place for this to go wrong is in your specification of the firewall base ID. You have to make sure this is somewhere in your ruleset where allowing TCP connections for a specific sourceaddress/port and destinationaddress/port will allow the traffic through - if there is a deny rule prior to the point where you are adding rules, things won't work. Your patches looked correct enough; however, I do not know if the firewall punching code works as of today. I know it worked at the point where I committed it to FreeBSD, and it works in my sourcetree for the product it was originally written for, but I don't use it in FreeBSD proper - it was committed there to make the code available for others to use. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991031084657.E62515>