Site Navigation

Date:      Wed, 28 Jul 2004 15:48:17 +0000
From:      Daniela <dgw@liwest.at>
To:        "Steve Bertrand" <iaccounts@ibctech.ca>
Cc:        questions@freebsd.org
Subject:   Re: Problems after IP change
Message-ID:  <200407281548.17563.dgw@liwest.at>
In-Reply-To: <3589.209.167.16.15.1091026142.squirrel@209.167.16.15>
References:  <200407281452.00859.dgw@liwest.at> <200407281537.57983.dgw@liwest.at> <3589.209.167.16.15.1091026142.squirrel@209.167.16.15>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

On Wednesday 28 July 2004 14:49, Steve Bertrand wrote:
> >> Also, post the relevant ``natd'' line entries in your /etc/natd.conf
> >> file.
> >
> > natd.conf doesn't exist. Do you mean rc.conf? Here it is:
> > natd_interface="rl0"
> > natd_enable="YES"
> >
> > But I didn't change anything here, and it always worked.
>
> Indeed, I did mean rc.conf...sorry ;o)
>
> Now would be a good time to post your fw ruleset.

add 00300 divert 8668 ip from any to any
add 01300 unreach port tcp from any to any 6699 
add 01400 allow log all from any to any via lo0
add 01600 check-state

add 01700 allow log logamount 1000 tcp from any to me 22 in setup keep-state
add 01701 allow log logamount 1000 tcp from me 22 to any out
add 01702 allow log logamount 1000 tcp from any to me 21 in setup keep-state
add 01703 allow log logamount 1000 tcp from me 21 to any out

add 01900 deny log tcp from any to any in established

add 11700 allow tcp from any to any out setup keep-state
add 11701 allow udp from 212.33.32.160 53 to any in recv rl0
add 11702 allow udp from any to 212.33.32.160 53
add 11703 allow udp from 212.33.55.5 53 to any in recv rl0
add 11704 allow udp from any to 212.33.55.5 53
add 11705 allow udp from 212.0.0.0/8 67 to 255.255.255.255 68 in recv rl0

add 11801 allow icmp from any to any icmptypes 3
add 11802 allow icmp from any to any icmptypes 4
add 11803 allow icmp from any to any icmptypes 8 out
add 11804 allow icmp from any to any icmptypes 0 in
add 11805 allow icmp from any to any icmptypes 9 out
add 11806 allow log icmp from any to any icmptypes 11 in
add 11807 allow log icmp from any to any icmptypes 11 out

add 11900 allow icmp from me to 224.0.0.1 icmptypes 9 in via rl0
add 11901 allow icmp from 10.0.0.1 to 224.0.0.1 icmptypes 9 in via rl1
add 11902 allow all from me to 224.0.0.2/24 out via rl0
add 11903 allow all from 10.0.0.1 to 224.0.0.2/24 out via rl1
add 11904 allow udp from me 520 to 81.10.248.255 520 out via rl0
add 11905 allow udp from me 520 to 81.10.248.255 520 in via rl0
add 11906 allow udp from 10.0.0.1 520 to 10.255.255.255 520 in via rl1
add 11907 allow udp from 10.0.0.1 520 to 10.255.255.255 520 out via rl1
add 11908 allow udp from me 520 to 10.255.255.255 520 out via rl1
add 11909 allow udp from me 520 to 10.255.255.255 520 in via rl1
add 11910 allow ip from any to 224.0.0.9/24 in via rl0


add 20000 allow all from 10.0.0.0/24 to any in recv rl1
add 20001 allow all from any to 10.0.0.0/24 out xmit rl1 keep-state
add 20002 count log all from 10.0.0.0/24 to any
add 20003 count log all from any to 10.0.0.0/24


add 65534 deny log ip from any to any

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407281548.17563.dgw>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact