Date: Wed, 5 Mar 2003 08:17:17 +1300 From: Jonathan Chen <jonc@chen.org.nz> To: Khairil Yusof <kaeru@pd.jaring.my> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd not working :( Message-ID: <20030304191717.GA2522@grimoire.chen.org.nz> In-Reply-To: <1046801837.578.289.camel@daemon.home.net> References: <1046801837.578.289.camel@daemon.home.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 05, 2003 at 02:17:18AM +0800, Khairil Yusof wrote: [...] > and my simple firewall rules (I've deleted stuff which is not important > and working like dns, ntp etc.): > > #firewall command > > fwcmd="/sbin/ipfw" > > # Force a flushing of the current rules before we reload. > $fwcmd -f flush > > ##### RULES FOR INTERNAL NETWORK ###### > > # Setup localhost > $fwcmd add allow ip from any to any via lo0 > > $fwcmd add allow any from any to any via fxp0 > > # Divert all packets through the tunnel interface. > $fwcmd add divert natd all from any to any via tun0 You should have a look at /etc/rc.firewall and use it as the template for your rules. In your case, the "divert natd" rule should be the first; looking at /etc/rc.firewall and using the "open" rule: ${fwcmd} add 50 divert natd all from any to any via tun0 ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any ${fwcmd} add 65000 pass all from any to any Alternatively you could change your /etc/rc.conf: firewall_type="open" -- Jonathan Chen <jonc@chen.org.nz> ---------------------------------------------------------------------- "Opportunity does not knock, it presents itself when you beat down the door" - W.E. Channing To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030304191717.GA2522>