Date: Fri, 30 Apr 1999 11:46:34 -0700 (PDT) From: Doug White <dwhite@resnet.uoregon.edu> To: Christoff Snijders <hjcs@home.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw rules Message-ID: <Pine.BSF.4.03.9904301143040.16807-100000@resnet.uoregon.edu> In-Reply-To: <3727A604.55A107A@home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Let me prune this down to the problm ... On Wed, 28 Apr 1999, Christoff Snijders wrote: > I have a very simple setup: one FreeBSD 2.2.5-RELEASE box with two > Ethernet cards in it. One card is connected to a cable modem with a > static IP address, the other is connected to a hub, which is in turn > connected to several computers on an internal network. [and you wantto run natd on it.] > I've printed the whole rule set I'm using, below. I seem to be > getting the message natd: failed to write packet back (Permission > denied) every time one of the hosts on the internal network tries to > access the net. This means that the translated packet is deined by your firewall. I suggest running your firewall in 'open' mode initially and test it out. This allows all pakcets through, BUT natd will not allow packets in that do not have a corresponding translation, so this is actually quite safe. Naturally, you should disable the services you don't need on the firewall box (inetd, etc.). If you add a rule and have problems with natd, turn logging on. You may need to refine your rule so it doesn't block the translated packets. The 'via' keyword is your friend. Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.03.9904301143040.16807-100000>