From owner-freebsd-questions Tue Mar 4 11:17:22 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E353437B406 for ; Tue, 4 Mar 2003 11:17:20 -0800 (PST) Received: from chen.org.nz (chen.org.nz [210.54.19.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id B775543FA3 for ; Tue, 4 Mar 2003 11:17:19 -0800 (PST) (envelope-from jonc@chen.org.nz) Received: from grimoire.chen.org.nz (localhost [127.0.0.1]) by chen.org.nz (8.12.8/8.12.8) with ESMTP id h24JHHbD002660; Wed, 5 Mar 2003 08:17:18 +1300 (NZDT) (envelope-from jonc@grimoire.chen.org.nz) Received: (from jonc@localhost) by grimoire.chen.org.nz (8.12.8/8.12.8/Submit) id h24JHHv7002659; Wed, 5 Mar 2003 08:17:17 +1300 (NZDT) Date: Wed, 5 Mar 2003 08:17:17 +1300 From: Jonathan Chen To: Khairil Yusof Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd not working :( Message-ID: <20030304191717.GA2522@grimoire.chen.org.nz> References: <1046801837.578.289.camel@daemon.home.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1046801837.578.289.camel@daemon.home.net> User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Mar 05, 2003 at 02:17:18AM +0800, Khairil Yusof wrote: [...] > and my simple firewall rules (I've deleted stuff which is not important > and working like dns, ntp etc.): > > #firewall command > > fwcmd="/sbin/ipfw" > > # Force a flushing of the current rules before we reload. > $fwcmd -f flush > > ##### RULES FOR INTERNAL NETWORK ###### > > # Setup localhost > $fwcmd add allow ip from any to any via lo0 > > $fwcmd add allow any from any to any via fxp0 > > # Divert all packets through the tunnel interface. > $fwcmd add divert natd all from any to any via tun0 You should have a look at /etc/rc.firewall and use it as the template for your rules. In your case, the "divert natd" rule should be the first; looking at /etc/rc.firewall and using the "open" rule: ${fwcmd} add 50 divert natd all from any to any via tun0 ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any ${fwcmd} add 65000 pass all from any to any Alternatively you could change your /etc/rc.conf: firewall_type="open" -- Jonathan Chen ---------------------------------------------------------------------- "Opportunity does not knock, it presents itself when you beat down the door" - W.E. Channing To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message