Date: Tue, 22 May 2001 21:54:30 -0400 (EDT) From: "H. Wade Minter" <minter@lunenburg.org> To: <freebsd-questions@FreeBSD.ORG> Subject: Trouble getting NAT/IPFilter working Message-ID: <20010522215026.Q67599-100000@ashburn.skiltech.com>
next in thread | raw e-mail | index | archive | help
I'm trying to migrate my FreeBSD 4.3-RELEASE firewall from ipfw/natd to ipf/ipnat, but I'm having some trouble. I'd like to set it up so that everything from my local LAN is allowed out, with stateful replies back in, SSH is allowed from the outside world into the firewall box, and nothing else is allowed in. However, setting up the ipf and ipnat rules as detailed below leaves me dead in the water. Any assistance would be appreciated - I've got the ipf HOWTO here, but can't find what I'm missing. On the firewall box, dc0 is the internal NIC (192.168.0.1), and rl0 is the external NIC (DHCP-assigned). My internal LAN is 192.168.0.0/24. Here is my ipf.conf file: ----- # Localhost gets a free ride pass in quick on lo0 all pass out quick on lo0 all # As does the internal interface. pass in quick on dc0 all pass out quick on dc0 all # We want to allow most traffic out through the external interface, # but not much in. block in log on rl0 all pass in quick on rl0 proto tcp from any to 192.168.0.0/24 port = 22 pass out quick on rl0 proto tcp from 192.168.0.0/24 to any keep state pass out quick on rl0 proto udp from 192.168.0.0/24 to any keep state pass out quick on rl0 proto icmp from 192.168.0.0/24 to any keep state ------- And here is my ipnat.conf file: ------- map rl0 192.168.0.0/24 -> 0/32 ------- Any help will be apprecaited. --Wade To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010522215026.Q67599-100000>