Date: Tue, 1 Apr 2003 22:28:09 -0900 From: "Mark-Nathaniel Weisman" <mark@outlander.us> To: "Brian McCann" <bjm1287@ritvax.isc.rit.edu>, <freebsd-questions@freebsd.org> Subject: RE: NATD & IPFW Message-ID: <B030C8F9120CCD43A1FC642851FB9FB46E2B@mavrick.outland>
next in thread | raw e-mail | index | archive | help
The entry I added to my ruleset was: # Allow outbound pings ipfw add pass icmp from any to any in recv $external icmptypes 0 ipfw add pass icmp from any to any out xmit $external icmptypes 8 # Allow outbound traceroutes ipfw add pass icmp from any to any in recv $internal icmptypes 3=20 ipfw add pass icmp from any to any in recv $internal icmptypes 11 I don't use fetch, so I'm not sure which port it uses, nor am I familiar = with which protocol it needs to use. Sorry. These two are = self-explanatory. Hope this helps. A Faithful Servant, Mark-Nathaniel Weisman President / CEO Infinite Visions Educational Systems Inc. Anchorage, AK weismanm@ivedsys.org -----Original Message----- From: Brian McCann [mailto:bjm1287@ritvax.isc.rit.edu]=20 Sent: Tuesday, April 01, 2003 6:54 PM To: freebsd-questions@freebsd.org Subject: NATD & IPFW Hi all. I'm having an issue with security while trying to get natd to = work with ipfw. I got my ipfw rules working great, so I added the natd = line in: ipfw add divert 8668 all from any to any via $EXTERNAL_INTERFACE But I can't do anything (ping, fetch, etc) until I add: ipfw add pass all from any to any Now, I may be wrong, but doesn't this pretty much open the box up? I = tried changing the first "any" to my internal network, but that didn't = work, and I know I've got to be missing something. If anyone would like to help me off-list, I could send you a copy of my = rule set if you'd like. Thanks in advance, --Brian _______________________________________________ freebsd-questions@freebsd.org mailing list = http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B030C8F9120CCD43A1FC642851FB9FB46E2B>