Date: Wed, 5 Mar 2003 08:17:17 +1300 From: Jonathan Chen <jonc@chen.org.nz> To: Khairil Yusof <kaeru@pd.jaring.my> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd not working :( Message-ID: <20030304191717.GA2522@grimoire.chen.org.nz> In-Reply-To: <1046801837.578.289.camel@daemon.home.net> References: <1046801837.578.289.camel@daemon.home.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 05, 2003 at 02:17:18AM +0800, Khairil Yusof wrote:
[...]
> and my simple firewall rules (I've deleted stuff which is not important
> and working like dns, ntp etc.):
>
> #firewall command
>
> fwcmd="/sbin/ipfw"
>
> # Force a flushing of the current rules before we reload.
> $fwcmd -f flush
>
> ##### RULES FOR INTERNAL NETWORK ######
>
> # Setup localhost
> $fwcmd add allow ip from any to any via lo0
>
> $fwcmd add allow any from any to any via fxp0
>
> # Divert all packets through the tunnel interface.
> $fwcmd add divert natd all from any to any via tun0
You should have a look at /etc/rc.firewall and use it as the template for
your rules. In your case, the "divert natd" rule should be the first;
looking at /etc/rc.firewall and using the "open" rule:
${fwcmd} add 50 divert natd all from any to any via tun0
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
${fwcmd} add 65000 pass all from any to any
Alternatively you could change your /etc/rc.conf:
firewall_type="open"
--
Jonathan Chen <jonc@chen.org.nz>
----------------------------------------------------------------------
"Opportunity does not knock,
it presents itself when you beat down the door" - W.E. Channing
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030304191717.GA2522>